sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity
RHEL9-CIS/tasks/section_5/cis_5.3.1.x.yml
Mark Bolwell 0fc418a222
v2 improvements 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-08-07 10:29:03 +01:00

55 lines
1.6 KiB
YAML
Raw Blame History

---
- name: "5.3.1.1 | PATCH | Ensure latest version of pam is installed"
when:
- rhel9cis_rule_5_3_1_1
- ansible_facts.packages['pam'][0]['version'] is version('1.5.1-19', '<') or
"'pam' not in ansible_facts.packages"
tags:
- level1-server
- level1-workstation
- patch
- pam
- rule_5.3.1.1
ansible.builtin.package:
name: pam
state: latest
- name: "5.3.1.2 | PATCH | Ensure latest version of authselect is installed"
when:
- rhel9cis_rule_5_3_1_2
- rhel9cis_authselect_pkg_update
- ansible_facts.packages['authselect'][0]['version'] is version('1.2.6-2', '<') or
"'authselect' not in ansible_facts.packages"
tags:
- level1-server
- level1-workstation
- patch
- pam
- rule_5.3.1.2
block:
- name: "5.3.1.2 | PATCH | Ensure latest version of authselect is installed | Patch"
ansible.builtin.package:
name: authselect
state: latest
register: rhel9cis_authselect_update
- name: "5.3.1.2 | AUDIT | Ensure latest version of authselect is installed | Patch"
when: rhel9cis_authselect_update.changed # noqa no-handler
ansible.builtin.set_fact:
authselect_update: OK
- name: "5.3.1.3 | PATCH | Ensure libpwquality is installed"
when:
- rhel9cis_rule_5_3_1_3
- ansible_facts.packages['libpwquality'][0]['version'] is version('1.4.4-8', '<') or
"'libpwquality' not in ansible_facts.packages"
tags:
- level1-server
- level1-workstation
- patch
- pam
- rule_5.3.1.3
ansible.builtin.package:
name: libpwquality
state: latest
View git blame Copy permalink