1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
|
# platform = multi_platform_all
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low
- (xccdf-var var_password_pam_{{{ VARIABLE }}})
{{% if product == "ol8" or 'rhel' in product %}}
- name: {{{ rule_title }}} - Find pwquality.conf.d files
ansible.builtin.find:
paths: /etc/security/pwquality.conf.d/
patterns: "*.conf"
register: pwquality_conf_d_files
- name: {{{ rule_title }}} - Ensure {{{ VARIABLE }}} is not set in pwquality.conf.d
ansible.builtin.lineinfile:
path: "{{ item.path }}"
regexp: '^\s*\b{{{ VARIABLE }}}\b.*'
state: absent
with_items: "{{ pwquality_conf_d_files.files }}"
{{% endif %}}
{{% if "ol" in product %}}
{{{ ansible_remove_pam_module_option_configuration('/etc/pam.d/system-auth',
'password',
'',
'pam_pwquality.so',
VARIABLE)
}}}
{{% endif %}}
{{% if "ubuntu" in product %}}
{{{ ansible_pam_pwquality_enable('/usr/share/pam-configs/cac_pwquality') }}}
{{% endif %}}
- name: {{{ rule_title }}} - Ensure PAM variable {{{ VARIABLE }}} is set accordingly
ansible.builtin.lineinfile:
create: yes
dest: "/etc/security/pwquality.conf"
regexp: '^#?\s*{{{ VARIABLE }}}'
line: "{{{ VARIABLE }}} = {{ var_password_pam_{{{ VARIABLE }}} }}"
|