Describe the Issue
5.6.1.1 - Ensure password expiration is 365 days or less
5.6.1.2 - Ensure minimum days between password changes is configured
5.6.1.3 - Ensure password expiration warning days is 7 or more
CIS rules are advising users not only to add the proper values in /etc/login.defs(which is currently implemented via this role), but also to modify user params via chage tool.
Expected Behavior
Complete implementation of rules.
Actual Behavior
Partial implementation of rules.
Control(s) Affected
5.6.1.1, 5.6.1.2, 5.6.1.3
Environment (please complete the following information):
branch being used: [e.g. devel]
Ansible Version: [e.g. 2.13]
Additional Details:
Additional Notes
PR will take advantage of current ansible.builtin.user options:
Describe the Issue 5.6.1.1 - Ensure password expiration is 365 days or less 5.6.1.2 - Ensure minimum days between password changes is configured 5.6.1.3 - Ensure password expiration warning days is 7 or more CIS rules are advising users not only to add the proper values in
/etc/login.defs(which is currently implemented via this role), but also to modify user params viachagetool.Expected Behavior Complete implementation of rules.
Actual Behavior Partial implementation of rules.
Control(s) Affected 5.6.1.1, 5.6.1.2, 5.6.1.3
Environment (please complete the following information):
Additional Notes PR will take advantage of current
ansible.builtin.useroptions:password_expire_maxpassword_expire_minpassword_expire_warn), I used the:since the
password_expire_warnwas added in ansible-core 2.16Possible Solution PR