colin
/
UBUNTU24-CIS
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update rule 5.4.1.5 to use shell task which supports pipes instead of command task; previously this would silently fail 

Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
This commit is contained in:
Shawn Hardwick 2025-02-05 12:03:30 -05:00
parent 1cf3c4d58b
commit 4af134cd74
No known key found for this signature in database
GPG Key ID: 2F156DF1396D01DF
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tasks/section_5/cis_5.4.1.x.yml
View File

@ -130,13 +130,13 @@
- login - login
block: block:
- name: "5.4.1.5 | AUDIT | Ensure inactive password lock is configured | General setting" - name: "5.4.1.5 | AUDIT | Ensure inactive password lock is configured | General setting"
ansible.builtin.command: useradd -D | grep INACTIVE | cut -d= -f2 ansible.builtin.shell: useradd -D | grep INACTIVE | cut -d= -f2
changed_when: false changed_when: false
failed_when: false failed_when: false
register: discovered_passwd_inactive_setting register: discovered_passwd_inactive_setting
- name: "5.4.1.5 | PATCH | Ensure inactive password lock is configured| Set inactive period for new users" - name: "5.4.1.5 | PATCH | Ensure inactive password lock is configured| Set inactive period for new users"
when: discovered_passwd_inactive_setting.stdout != ubtu24cis_pass_inactive | string when: discovered_passwd_inactive_setting.stdout != (ubtu24cis_pass_inactive | string)
ansible.builtin.command: useradd -D -f {{ ubtu24cis_pass_inactive }} ansible.builtin.command: useradd -D -f {{ ubtu24cis_pass_inactive }}
failed_when: false failed_when: false
changed_when: true changed_when: true