mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-09-20 13:21:52 +00:00
make compatible to authconfig
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
This commit is contained in:
parent
7282187a90
commit
fc7fb4fc8a
1 changed files with 12 additions and 2 deletions
|
@ -155,15 +155,25 @@
|
||||||
- ansible_facts.os_family == 'RedHat'
|
- ansible_facts.os_family == 'RedHat'
|
||||||
- not os_auth_pam_passwdqc_enable
|
- not os_auth_pam_passwdqc_enable
|
||||||
|
|
||||||
- name: configure passwdqc and faillock via central system-auth confic
|
- name: configure passwdqc and faillock via central system-auth config
|
||||||
template:
|
template:
|
||||||
src: 'etc/pam.d/rhel_system_auth.j2'
|
src: 'etc/pam.d/rhel_system_auth.j2'
|
||||||
dest: '/etc/pam.d/system-auth-ac'
|
dest: '/etc/pam.d/system-auth-local'
|
||||||
mode: '0640'
|
mode: '0640'
|
||||||
owner: 'root'
|
owner: 'root'
|
||||||
group: 'root'
|
group: 'root'
|
||||||
when: ansible_facts.os_family == 'RedHat'
|
when: ansible_facts.os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: enable our config for system-auth
|
||||||
|
file:
|
||||||
|
src: /etc/pam.d/system-auth-local
|
||||||
|
dest: /etc/pam.d/system-auth
|
||||||
|
mode: '0640'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
state: link
|
||||||
|
when: ansible_facts.os_family == 'RedHat'
|
||||||
|
|
||||||
- name: NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512
|
- name: NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512
|
||||||
template:
|
template:
|
||||||
src: 'etc/libuser.conf.j2'
|
src: 'etc/libuser.conf.j2'
|
||||||
|
|
Loading…
Reference in a new issue