zac90
commented
9 months ago Setting the ubtu22cis_disruption_high: to no is not a solution as then the playbook skips a bunch of other useful tasks.
Closed zac90 closed 8 months ago
zac90
commented
9 months ago Setting the ubtu22cis_disruption_high: to no is not a solution as then the playbook skips a bunch of other useful tasks.
uk-bolly
commented
9 months ago hi @zac90
Thank you for raising this issue. This is a great catch, we are going to have to find an alternate solution for this requirement.
Many thanks
uk-bolly
Describe the Issue Since the latest update (1.2.0) for applying password limits on the root user, it causes the root user to request a password change. However, ubuntu by default disables root user. This causes future tasks that run as sudo when root user, to request setting a password. For example,
6.2.9Expected Behavior root user is disabled shouldn't have its password age changed otherwise when sudo it will ask to be set.
Actual Behavior Root account is aged out causing issues.
Control(s) Affected 5.5.1.1, 5.5.1.2, 5.5.1.3, 5.5.1.4 and 6.2.9
Additional Notes See info about Ubuntu locking root account: https://help.ubuntu.com/community/RootSudo
Possible Solution Implement a check to see if root is disabled and if it is then skip root user for controls 5.5.1.x