Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 13:21:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

make compatible to authconfig

Browse source 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
This commit is contained in:
Martin Schurz 2021-02-13 18:06:34 +01:00
parent 7282187a90
commit fc7fb4fc8a
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
roles/os_hardening/tasks/pam.yml
View file

@ -155,15 +155,25 @@
- ansible_facts.os_family == 'RedHat' - ansible_facts.os_family == 'RedHat'
- not os_auth_pam_passwdqc_enable - not os_auth_pam_passwdqc_enable
- name: configure passwdqc and faillock via central system-auth confic - name: configure passwdqc and faillock via central system-auth config
template: template:
src: 'etc/pam.d/rhel_system_auth.j2' src: 'etc/pam.d/rhel_system_auth.j2'
dest: '/etc/pam.d/system-auth-ac' dest: '/etc/pam.d/system-auth-local'
mode: '0640' mode: '0640'
owner: 'root' owner: 'root'
group: 'root' group: 'root'
when: ansible_facts.os_family == 'RedHat' when: ansible_facts.os_family == 'RedHat'
- name: enable our config for system-auth
file:
src: /etc/pam.d/system-auth-local
dest: /etc/pam.d/system-auth
mode: '0640'
owner: 'root'
group: 'root'
state: link
when: ansible_facts.os_family == 'RedHat'
- name: NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512 - name: NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512
template: template:
src: 'etc/libuser.conf.j2' src: 'etc/libuser.conf.j2'