Skip to content

Commit

Permalink
Updated tasks/main.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmc5179
ComplianceAsCode development team authored and dmc5179 committed Dec 10, 2021
1 parent bf19f62 commit 4cb6068
Showing 1 changed file with 60 additions and 4 deletions.
64 changes: 60 additions & 4 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1768,6 +1768,62 @@
- medium_severity
- no_reboot_needed

- name: Do not allow users to reuse recent passwords - system-auth (change)
replace:
dest: /etc/pam.d/system-auth
regexp: ^(password\s+(?:(?:requisite)|(?:required))\s+pam_pwhistory\.so\s.*remember\s*=\s*)(\S+)(.*)$
replace: \g<1>{{ var_password_pam_unix_remember }}\g<3>
when:
- accounts_password_pam_unix_remember | bool
- configure_strategy | bool
- low_complexity | bool
- medium_disruption | bool
- medium_severity | bool
- no_reboot_needed | bool
- '"pam" in ansible_facts.packages'
tags:
- CCE-82030-8
- CJIS-5.6.2.1.1
- DISA-STIG-RHEL-07-010270
- NIST-800-171-3.5.8
- NIST-800-53-IA-5(1)(e)
- NIST-800-53-IA-5(f)
- PCI-DSS-Req-8.2.5
- accounts_password_pam_unix_remember
- configure_strategy
- low_complexity
- medium_disruption
- medium_severity
- no_reboot_needed

- name: Do not allow users to reuse recent passwords - system-auth (add)
replace:
dest: /etc/pam.d/system-auth
regexp: ^password\s+(?:(?:requisite)|(?:required))\s+pam_pwhistory\.so\s(?!.*remember\s*=\s*).*$
replace: \g<0> remember={{ var_password_pam_unix_remember }}
when:
- accounts_password_pam_unix_remember | bool
- configure_strategy | bool
- low_complexity | bool
- medium_disruption | bool
- medium_severity | bool
- no_reboot_needed | bool
- '"pam" in ansible_facts.packages'
tags:
- CCE-82030-8
- CJIS-5.6.2.1.1
- DISA-STIG-RHEL-07-010270
- NIST-800-171-3.5.8
- NIST-800-53-IA-5(1)(e)
- NIST-800-53-IA-5(f)
- PCI-DSS-Req-8.2.5
- accounts_password_pam_unix_remember
- configure_strategy
- low_complexity
- medium_disruption
- medium_severity
- no_reboot_needed

- name: Gather the package facts
package_facts:
manager: auto
Expand Down Expand Up @@ -12272,7 +12328,7 @@
- NIST-800-171-3.3.7
- NIST-800-53-AU-8(1)(a)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.4
- PCI-DSS-Req-10.4.1
- enable_strategy
- low_complexity
- low_disruption
Expand Down Expand Up @@ -12303,7 +12359,7 @@
- NIST-800-171-3.3.7
- NIST-800-53-AU-8(1)(a)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.4
- PCI-DSS-Req-10.4.1
- enable_strategy
- low_complexity
- low_disruption
Expand Down Expand Up @@ -12332,7 +12388,7 @@
- NIST-800-171-3.3.7
- NIST-800-53-AU-8(1)(a)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.4
- PCI-DSS-Req-10.4.1
- enable_strategy
- low_complexity
- low_disruption
Expand Down Expand Up @@ -12361,7 +12417,7 @@
- NIST-800-171-3.3.7
- NIST-800-53-AU-8(1)(a)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.4
- PCI-DSS-Req-10.4.1
- enable_strategy
- low_complexity
- low_disruption
Expand Down

0 comments on commit 4cb6068

Please sign in to comment.