From fc7fb4fc8a544598a0bef27931d7c857d5e5f0ed Mon Sep 17 00:00:00 2001 From: Martin Schurz Date: Sat, 13 Feb 2021 18:06:34 +0100 Subject: [PATCH] make compatible to authconfig Signed-off-by: Martin Schurz --- roles/os_hardening/tasks/pam.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/os_hardening/tasks/pam.yml b/roles/os_hardening/tasks/pam.yml index 4255a480..84ec25c5 100644 --- a/roles/os_hardening/tasks/pam.yml +++ b/roles/os_hardening/tasks/pam.yml @@ -155,15 +155,25 @@ - ansible_facts.os_family == 'RedHat' - not os_auth_pam_passwdqc_enable -- name: configure passwdqc and faillock via central system-auth confic +- name: configure passwdqc and faillock via central system-auth config template: src: 'etc/pam.d/rhel_system_auth.j2' - dest: '/etc/pam.d/system-auth-ac' + dest: '/etc/pam.d/system-auth-local' mode: '0640' owner: 'root' group: 'root' when: ansible_facts.os_family == 'RedHat' +- name: enable our config for system-auth + file: + src: /etc/pam.d/system-auth-local + dest: /etc/pam.d/system-auth + mode: '0640' + owner: 'root' + group: 'root' + state: link + when: ansible_facts.os_family == 'RedHat' + - name: NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512 template: src: 'etc/libuser.conf.j2'