search

ansible-lockdown / UBUNTU22-CIS

Ansible role for Ubuntu22 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
155 stars 68 forks source link

5.4.1 | PATCH | Ensure password creation requirements are configured #182

Closed ma3s7ro closed 3 months ago

ma3s7ro commented 7 months ago

Feature Request or Enhancement

Summary of Request Change pwquality settings using variables. In our organization more securely requirements.

Describe Alternatives You've Considered Add variable in default and change play. This will allow you to flexibly configure pwquality

Suggested Code Add variable in default.

ubtu22cis_pwquality:
  - key: 'minlen'
    value: '14'
   - key: 'minclass'
    value: '5'
  - key: 'dcredit'
    value: '-1'
  - key: 'ucredit'
    value: '-1'
  - key: 'ocredit'
    value: '-1'
  - key: 'lcredit'
    value: '-1'

Change play:

     - name: "5.4.1 | PATCH | Ensure password creation requirements are configured"
        lineinfile:
            state: present
            create: yes
            dest: /etc/security/pwquality.conf
            regexp: '^{{ item.key }}'
            line: '{{ item.key }} = {{ item.value }}'
        with_items:
            - "{{ ubtu22cis_pwquality }}"
uk-bolly commented 6 months ago

hi @ma3s7ro

Thank you for taking the time to raise this issue, This is a good improvement suggestion, i have incorporated this into a new branch i am currently working on. I am hoping to get this merged to devel by the end of the week.

many thanks

uk-bolly

uk-bolly commented 3 months ago

I believe that this issue has been addressed and the fix merged? I will close this issue, please feel free to reopen or raise a new one if this particular problem still exists.

Many thanks

uk-bolly

ma3s7ro commented 3 months ago

Yes. Thanks a lot.