openstack/ansible-hardening
Code Issues Proposed changes

Added pam_auth_password to nullok check

Browse Source 
Change-Id: I692241ce21e8bd8912b8d1ff5a261ae10d7da1f2
This commit is contained in:
codejubilee 2021-04-12 21:40:57 +00:00
parent e4b55822cf
commit 9b3ea39df4
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tasks/rhel7stig/auth.yml
View File

@ -48,15 +48,13 @@
- name: Prevent users with blank or null passwords from authenticating (Red Hat) - name: Prevent users with blank or null passwords from authenticating (Red Hat)
lineinfile: lineinfile:
dest: "{{ pam_auth_file }}" dest: "{{ item[1] }}"
state: present state: present
regexp: "^({{ item }}.*sufficient.*)nullok(.*)$" regexp: "^({{ item[0] }}.*sufficient.*)nullok(.*)$"
line: '\1\2' line: '\1\2'
backup: yes backup: yes
backrefs: yes backrefs: yes
with_items: loop: "{{ ['auth', 'password'] |product(['{{ pam_auth_file }}', '{{ pam_password_file }}'])|list }}"
- auth
- password
when: when:
- ansible_facts['os_family'] == 'RedHat' - ansible_facts['os_family'] == 'RedHat'
- security_disallow_blank_password_login | bool - security_disallow_blank_password_login | bool