fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
480 B
480 B
Opt-in required
By default, Ubuntu doesn't require that inactive accounts are locked after a period of time. The STIG requires that accounts with 35 days of activity are locked.
Deployers must opt-in for this change by setting the
security_inactive_account_lock_days Ansible variable. The
STIG requires this to be set to 35 days at a maximum. The Ansible tasks
will not make any changes to /etc/default/useradd unless
security_inactive_account_lock_days is set.