Skip to content

Commit

Permalink
Merge pull request #478 from konstruktoid/pass
Browse files Browse the repository at this point in the history 
fix local passwords
  • Loading branch information
@konstruktoid
konstruktoid authored Jan 9, 2024
2 parents 574e675 + 1eb366a commit 9f81688
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 7 deletions.
12 changes: 12 additions & 0 deletions molecule/default/verify.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -771,6 +771,18 @@
changed_when: cracklib_passwords.rc != 0
when: ansible_os_family == "Debian"

- name: Verify username password list
environment:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ansible.builtin.shell: |
set -o pipefail
grep "{{ ansible_user | default(lookup('ansible.builtin.env', 'USER')) }}" /usr/share/dict/passwords.local
args:
executable: /bin/bash
register: username_passwords
failed_when: username_passwords.rc != 0
changed_when: username_passwords.rc != 0

- name: Index blacklisted kernel modules
environment:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Expand Down
34 changes: 27 additions & 7 deletions tasks/password.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,12 +254,6 @@
- cracklib
- pam

- name: Get local accounts
ansible.builtin.command:
cmd: awk -F':' '{print $1}' /etc/passwd
changed_when: false
register: local_accounts

- name: Add local information to password list
become: true
ansible.builtin.lineinfile:
Expand All @@ -276,7 +270,33 @@
loop:
- "{{ ansible_hostname | lower }}"
- "{{ ansible_os_family | lower }}"
- "{{ local_accounts.stdout | unique | trim }}"
tags:
- cracklib
- pam

- name: Get all local user accounts
ansible.builtin.getent:
database: passwd
register: local_users
tags:
- cracklib
- pam

- name: Add local usernames to password list

Check warning on line 285 in tasks/password.yml

View workflow job for this annotation

GitHub Actions / build

jinja[spacing] 

Jinja2 spacing could be improved: {{ local_users.ansible_facts.getent_passwd | list}} -> {{ local_users.ansible_facts.getent_passwd | list }}

Check warning on line 285 in tasks/password.yml

View workflow job for this annotation

GitHub Actions / build

jinja[spacing] 

Jinja2 spacing could be improved: {{ local_users.ansible_facts.getent_passwd | list}} -> {{ local_users.ansible_facts.getent_passwd | list }}

Check warning on line 285 in tasks/password.yml

View workflow job for this annotation

GitHub Actions / build

jinja[spacing] 

Jinja2 spacing could be improved: {{ local_users.ansible_facts.getent_passwd | list}} -> {{ local_users.ansible_facts.getent_passwd | list }}
become: true
ansible.builtin.lineinfile:
dest: /usr/share/dict/passwords.local
mode: "0644"
owner: root
group: root
state: present
line: "{{ item }}"
changed_when: false
notify:
- Update Debian cracklib
- Update RedHat cracklib
with_items:
- "{{ local_users.ansible_facts.getent_passwd | list}}"
tags:
- cracklib
- pam

0 comments on commit 9f81688

Please sign in to comment.