search

dev-sec / puppet-os-hardening

This puppet module provides numerous security-related configurations, providing all-round base protection.
http://dev-sec.io/
Apache License 2.0
279 stars 101 forks source link

existing users do not change there "chage" values if they are already existing #296

Open LooOOooM opened 2 years ago

LooOOooM commented 2 years ago

Is your feature request related to a problem? Please describe.

[root@pldckapp00071-m ~]# puppet agent -t --environment ccs_265_ablaufende_systemuseder
...
# Maximum number of days a password may be used.
-PASS_MAX_DAYS 90
+PASS_MAX_DAYS 99999

[root@pldckapp00071-m ~]# chage -l docker_users
Last password change                                    : Jun 13, 2022
Password expires                                        : Sep 11, 2022
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 14

Describe the solution you'd like The solution would be a check through all known nun system user and non ignored users and exeute on notifiy: chage -M VAR_MAX_AGE -m VAR_MIN_AGE -W VAR_WARN_AGE USERNAME