mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-14 02:47:06 +00:00
bf372f8493
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
---
|
|
- name: download pam-tester
|
|
get_url:
|
|
url: https://github.com/schurzi/pam-tester/releases/download/latest/pam-tester
|
|
dest: /bin/pam-tester
|
|
mode: 0555
|
|
|
|
- name: set password for test
|
|
set_fact:
|
|
test_pw: "myTest!pw"
|
|
|
|
- name: set locale for test
|
|
set_fact:
|
|
locale: "en_US.UTF-8"
|
|
when:
|
|
- ansible_facts.os_family == 'RedHat'
|
|
- ansible_facts.distribution_major_version < '8'
|
|
|
|
- name: create testuser
|
|
user:
|
|
name: testuser
|
|
password: "{{ test_pw | password_hash('sha512') }}"
|
|
|
|
- name: check successfull login with correct password
|
|
shell:
|
|
cmd: "pam-tester --user testuser --password {{ test_pw }}"
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|
|
|
|
- name: check unsuccessfull login with incorrect password
|
|
shell:
|
|
cmd: "pam-tester --user testuser --password {{ test_pw }}fail --expectfail"
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|
|
with_sequence: count=6
|
|
|
|
- name: check unsuccessfull login, with correct password (lockout)
|
|
shell:
|
|
cmd: "pam-tester --user testuser --password {{ test_pw }} --expectfail"
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|
|
|
|
- name: wait for account to unlock
|
|
pause:
|
|
seconds: 20
|
|
|
|
- name: check successfull login
|
|
shell:
|
|
cmd: "pam-tester --user testuser --password {{ test_pw }}"
|
|
environment:
|
|
TMPDIR: /var/tmp
|
|
LC_ALL: "{{ locale | default('C.UTF-8') }}"
|
|
LANG: "{{ locale | default('C.UTF-8') }}"
|