Skip to content

Commit

Permalink
Fix CIS rule 5.3.2
Browse files Browse the repository at this point in the history
Added a create: true in case these files did not already exist.
  • Loading branch information
EnguerrandDeclercq authored Oct 13, 2023
1 parent bbe4e14 commit 8f80a66
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions tasks/section_5_Access_Authentication_and_Authorization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -666,16 +666,22 @@
lineinfile:
dest: /etc/pam.d/common-auth
line: "auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900"
create: true

- name: 5.3.2 Ensure lockout for failed password attempts is configured - pam_deny.so
lineinfile:
dest: /etc/pam.d/common-account
regexp: '^account\srequisite'
line: "account requisite pam_deny.so"
create: true

- name: 5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.so
lineinfile:
dest: /etc/pam.d/common-account
regexp: '^account\srequired'
line: "account required pam_tally2.so"
create: true

tags:
- section5
- level_1_server
Expand Down

0 comments on commit 8f80a66

Please sign in to comment.