---

- name: "5.3.2.1 | PATCH | Ensure pam_unix module is enabled"
  when:
    - ubtu24cis_rule_5_3_2_1
    - ubtu24cis_disruption_high
    - ubtu24cis_pam_auth_unix
    - ubtu24cis_pam_create_pamunix_file
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_5.3.2.1
    - NIST800-53R5_IA-5
    - pam_auth_update
    - pam_unix
  ansible.builtin.template:
    src: "{{ ubtu24cis_pam_confd_dir }}{{ ubtu24cis_pam_pwunix_file }}.j2"
    dest: "/{{ ubtu24cis_pam_confd_dir }}{{ ubtu24cis_pam_pwunix_file }}"
    owner: root
    group: root
    mode: 'go-rwx'
  notify: Pam_auth_update_pwunix

- name: "5.3.2.2 | PATCH | Ensure pam_faillock module is enabled"
  when:
    - ubtu24cis_rule_5_3_2_2
    - ubtu24cis_disruption_high
    - ubtu24cis_pam_auth_faillock
    - ubtu24cis_pam_create_faillock_files
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_5.3.2.2
    - NIST800-53R5_NA
    - pam_auth_update
    - pam_faillock
  ansible.builtin.template:
    src: "{{ ubtu24cis_pam_confd_dir }}{{ item }}.j2"
    dest: "/{{ ubtu24cis_pam_confd_dir }}{{ item }}"
    owner: root
    group: root
    mode: 'go-rwx'
  loop:
    - "{{ ubtu24cis_pam_faillock_file }}"
    - "{{ ubtu24cis_pam_faillock_notify_file }}"
  notify:
    - Pam_auth_update_pwfaillock
    - Pam_auth_update_pwfaillock_notify

- name: "5.3.2.3 | PATCH | Ensure pam_pwquality module is enabled"
  when:
    - ubtu24cis_rule_5_3_2_3
    - ubtu24cis_disruption_high
    - ubtu24cis_pam_create_pwquality_files
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_5.3.2.3
    - NIST800-53R5_NA
    - pam_auth_update
    - pam_quality
  ansible.builtin.template:
    src: "{{ ubtu24cis_pam_confd_dir }}{{ ubtu24cis_pam_pwquality_file }}.j2"
    dest: "/{{ ubtu24cis_pam_confd_dir }}{{ ubtu24cis_pam_pwquality_file }}"
    owner: root
    group: root
    mode: 'go-rwx'
  notify: Pam_auth_update_pwquality

- name: "5.3.2.4 | PATCH | Ensure pam_pwhistory module is enabled"
  when:
    - ubtu24cis_rule_5_3_2_4
    - ubtu24cis_disruption_high
    - ubtu24cis_pam_create_pwhistory_files
  tags:
    - level1-server
    - level1-workstation
    - patch
    - rule_5.3.2.4
    - NIST800-53R5_NA
    - pam_auth_update
    - pam_history
  ansible.builtin.template:
    src: "{{ ubtu24cis_pam_confd_dir }}{{ ubtu24cis_pam_pwhistory_file }}.j2"
    dest: "/{{ ubtu24cis_pam_confd_dir }}{{ ubtu24cis_pam_pwhistory_file }}"
    owner: root
    group: root
    mode: 'go-rwx'
  notify: Pam_auth_update_pwhistory