mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-09-20 05:11:53 +00:00
65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
---
|
|
- name: install pip
|
|
package:
|
|
name:
|
|
- python3-pip
|
|
- python3-setuptools
|
|
state: present
|
|
|
|
- name: install pam-tester
|
|
ansible.builtin.pip:
|
|
name: pam-tester
|
|
state: present
|
|
|
|
- name: set password for test
|
|
ansible.builtin.set_fact:
|
|
test_pw: myTest!pw
|
|
|
|
- name: set locale for test
|
|
ansible.builtin.set_fact:
|
|
locale: en_US.UTF-8
|
|
when:
|
|
- ansible_facts.os_family == 'RedHat'
|
|
- ansible_facts.distribution_major_version < '8'
|
|
|
|
- name: create testuser
|
|
user:
|
|
name: testuser
|
|
password: "{{ test_pw | password_hash('sha512') }}"
|
|
|
|
- name: check successful login with correct password
|
|
ansible.builtin.shell:
|
|
cmd: pam-tester --user testuser --password {{ test_pw }}
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|
|
|
|
- name: check unsuccessful login with incorrect password
|
|
ansible.builtin.shell:
|
|
cmd: pam-tester --user testuser --password {{ test_pw }}fail --expectfail
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|
|
with_sequence: count=6
|
|
|
|
- name: check unsuccessful login, with correct password (lockout)
|
|
ansible.builtin.shell:
|
|
cmd: pam-tester --user testuser --password {{ test_pw }} --expectfail
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|
|
|
|
- name: wait for account to unlock
|
|
pause:
|
|
seconds: 20
|
|
|
|
- name: check successful login
|
|
ansible.builtin.shell:
|
|
cmd: pam-tester --user testuser --password {{ test_pw }}
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|