File: ansible.template

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (41 lines) | stat: -rw-r--r-- 1,365 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# platform = multi_platform_all
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low
- (xccdf-var var_password_pam_{{{ VARIABLE }}})

{{% if product == "ol8" or 'rhel' in product %}}
- name: {{{ rule_title }}} - Find pwquality.conf.d files
  ansible.builtin.find:
    paths: /etc/security/pwquality.conf.d/
    patterns: "*.conf"
  register: pwquality_conf_d_files

- name: {{{ rule_title }}} - Ensure {{{ VARIABLE }}} is not set in pwquality.conf.d
  ansible.builtin.lineinfile:
    path: "{{ item.path }}"
    regexp: '^\s*\b{{{ VARIABLE }}}\b.*'
    state: absent
  with_items: "{{ pwquality_conf_d_files.files }}"
{{% endif %}}

{{% if "ol" in product %}}
{{{ ansible_remove_pam_module_option_configuration('/etc/pam.d/system-auth',
                                  'password',
                                  '',
                                  'pam_pwquality.so',
                                  VARIABLE)
}}}
{{% endif %}}

{{% if "ubuntu" in product %}}
{{{ ansible_pam_pwquality_enable('/usr/share/pam-configs/cac_pwquality') }}}
{{% endif %}}

- name: {{{ rule_title }}} - Ensure PAM variable {{{ VARIABLE }}} is set accordingly
  ansible.builtin.lineinfile:
    create: yes
    dest: "/etc/security/pwquality.conf"
    regexp: '^#?\s*{{{ VARIABLE }}}'
    line: "{{{ VARIABLE }}} = {{ var_password_pam_{{{ VARIABLE }}} }}"