ansible-hardening/RHEL-07-010260.rst at 1a0724d9da762251c48613ae346486326cc56acc

Major Hayden 1a0724d9da Security: Add tasks for RHEL-07-010260

This patch adds tasks to disallow logins from accounts with null
or blank passwords.

Implements: blueprint security-rhel7-stig
Change-Id: Icc5fd167be93bff9946810a17d8ef5521653d648

2016-10-20 15:44:37 +00:00

546 B

Raw Blame History

---id: RHEL-07-010260 status: implemented tag: auth ---

The Ansible tasks will ensure that PAM is configured to disallow logins from accounts with null or blank passwords. This involves removing a single option from one of the PAM configuration files:

CentOS or RHEL: removes nullok from /etc/pam.d/system-auth

Ubuntu: removes nullok_secure from /etc/pam.d/common-auth

Deployers can opt-out of this change by setting the following Ansible variable:

security_disallow_blank_password_login: no

546 B Raw Blame History

546 B

Raw Blame History