V-38683: Check for non-unique usernames
Implements: blueprint security-hardening Change-Id: I6f76bbcf44c8d464ea814572eef6c1608372ff89
This commit is contained in:
Major Hayden
parent
d0f4a70d9c
commit
711537051b
12
doc/source/developer-notes/V-38683.rst
Normal file
12
doc/source/developer-notes/V-38683.rst
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
The Ansible task will use the ``pwck`` command to search for non-unique
|
||||||
|
usernames on the system. If any matching usernames are found, an error
|
||||||
|
will be printed and the playbook will fail.
|
||||||
|
|
||||||
|
**NOTE:** The ``pwck`` command will find other abnormalities on the system,
|
||||||
|
including users that exist in ``/etc/passwd`` but not in ``/etc/shadow``, and
|
||||||
|
vice versa. If the playbook fails on this task, try to run this command
|
||||||
|
on the system as root to find out what caused the failure:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
pwck -rq
|
||||||
@ -311,3 +311,21 @@
|
|||||||
- auth
|
- auth
|
||||||
- cat3
|
- cat3
|
||||||
- V-38692
|
- V-38692
|
||||||
|
|
||||||
|
- name: Checking for accounts with non-unique usernames (for V-38683)
|
||||||
|
shell: pwck -rq | wc -l
|
||||||
|
register: v38683_result
|
||||||
|
changed_when: False
|
||||||
|
tags:
|
||||||
|
- auth
|
||||||
|
- cat3
|
||||||
|
- V-38683
|
||||||
|
|
||||||
|
- name: V-38683 - All accounts on the system must have unique user/account names
|
||||||
|
fail:
|
||||||
|
msg: "FAILED: Found accounts without unique usernames"
|
||||||
|
when: v38683_result.stdout != '0'
|
||||||
|
tags:
|
||||||
|
- auth
|
||||||
|
- cat3
|
||||||
|
- V-38683
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user