mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-14 02:47:06 +00:00
6cbc26040f
- multiline {{ansible_managed}} strings do not get properly commented without the comment filter (see http://docs.ansible.com/ansible/playbooks_filters.html#comment-filter )
90 lines
2.3 KiB
Django/Jinja
90 lines
2.3 KiB
Django/Jinja
# See libuser.conf(5) for more information.
|
|
|
|
# {{ ansible_managed | comment }}
|
|
|
|
# Do not modify the default module list if you care about unattended calls
|
|
# to programs (i.e., scripts) working!
|
|
|
|
[import]
|
|
# Data from these files is used when libuser.conf does not define a value.
|
|
# The mapping is documented in the man page.
|
|
login_defs = /etc/login.defs
|
|
default_useradd = /etc/default/useradd
|
|
|
|
[defaults]
|
|
# The default (/usr/lib*/libuser) is usually correct
|
|
# moduledir = /your/custom/directory
|
|
|
|
# The following variables are usually imported:
|
|
# skeleton = /etc/skel
|
|
# mailspooldir = /var/mail
|
|
|
|
# NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512
|
|
crypt_style = sha512
|
|
|
|
modules = files shadow
|
|
create_modules = files shadow
|
|
# modules = files shadow ldap
|
|
# create_modules = ldap
|
|
|
|
[userdefaults]
|
|
LU_USERNAME = %n
|
|
# LU_UIDNUMBER = 500
|
|
LU_GIDNUMBER = %u
|
|
# LU_USERPASSWORD = !!
|
|
# LU_GECOS = %n
|
|
# LU_HOMEDIRECTORY = /home/%n
|
|
# LU_LOGINSHELL = /bin/bash
|
|
|
|
# LU_SHADOWNAME = %n
|
|
# LU_SHADOWPASSWORD = !!
|
|
# LU_SHADOWLASTCHANGE = %d
|
|
# LU_SHADOWMIN = 0
|
|
# LU_SHADOWMAX = 99999
|
|
# LU_SHADOWWARNING = 7
|
|
# LU_SHADOWINACTIVE = -1
|
|
# LU_SHADOWEXPIRE = -1
|
|
# LU_SHADOWFLAG = -1
|
|
|
|
[groupdefaults]
|
|
LU_GROUPNAME = %n
|
|
# LU_GIDNUMBER = 500
|
|
# LU_GROUPPASSWORD = !!
|
|
# LU_MEMBERUID =
|
|
# LU_ADMINISTRATORUID =
|
|
|
|
[files]
|
|
# This is useful for the case where some master files are used to
|
|
# populate a different NSS mechanism which this workstation uses.
|
|
# directory = /etc
|
|
|
|
[shadow]
|
|
# This is useful for the case where some master files are used to
|
|
# populate a different NSS mechanism which this workstation uses.
|
|
# directory = /etc
|
|
|
|
[ldap]
|
|
# Setting these is always necessary.
|
|
# server = ldap
|
|
# basedn = dc=example,dc=com
|
|
|
|
# Setting these is rarely necessary, since it's usually correct.
|
|
# userBranch = ou=People
|
|
# groupBranch = ou=Group
|
|
|
|
# Set only if your administrative user uses simple bind operations to
|
|
# connect to the server.
|
|
# binddn = cn=Manager,dc=example,dc=com
|
|
|
|
# Set this only if the default user (as determined by SASL) is incorrect
|
|
# for SASL bind operations. Usually, it's correct, so you'll rarely need
|
|
# to set these.
|
|
# user = Manager
|
|
# authuser = Manager
|
|
|
|
[sasl]
|
|
# Set these only if your sasldb is only used by a particular application, and
|
|
# in a particular domain. The default (all applications, all domains) is
|
|
# probably correct for most installations.
|
|
# appname = imap
|
|
# domain = EXAMPLE.COM
|