Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-14 02:47:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
ansible-collection-hardening/molecule/os_hardening/verify_tasks/pw_ageing.yml
Norman Ziegner c594a1fe6a
os_hardening: Add test for setting password warning days via variable os_auth_pw_warn_age 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
2023-02-03 14:47:27 +01:00

32 lines
1.3 KiB
YAML
Raw Blame History

---
- name: Get Password Expiry date for use pw_no_ageing
ansible.builtin.shell: chage -l pw_no_ageing | grep "Password expires" | cut -d ":" -f 2
changed_when: false
register: expiry_date
- name: Check that the expiry date of pw_no_ageing is "never"
ansible.builtin.assert:
that:
- "expiry_date.stdout | trim == 'never'"
- name: Get Password Expiry date for pw_ageing
ansible.builtin.shell: chage -l pw_ageing | grep "Password expires" | cut -d ":" -f 2
changed_when: false
register: expiry_date
- name: Check that the expiry date of pw_ageing is 60 days
ansible.builtin.assert:
# this uses the date from the expire_date variable and subtracts the current date.
# it should be bigger that the password_expire_min of the user "pw_no_ageing"
that:
- "{{ ( expiry_date.stdout | trim | to_datetime('%b %d, %Y') - ansible_date_time.date | to_datetime('%Y-%m-%d')).days }} == 60"
- name: Get Password Expiry warning days for pw_ageing
ansible.builtin.shell: chage -l pw_ageing | grep "warning before password expires" | cut -d ":" -f 2
changed_when: false
register: expiry_warndays
- name: Check that number of days of warning before password expires is 7 days
ansible.builtin.assert:
that:
- "expiry_warndays.stdout | trim == '7'"
Reference in a new issue View git blame Copy permalink