0eef112699
This patch refactors the login.defs adjustments into a single task that loops over a variable. It also adds tasks for RHEL-07-010200, RHEL-07-010420, and RHEL-07-020230. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I7c1f869d87338547da8943d5aa506ceb871cee68
450 B
450 B
---id: RHEL-07-010200 status: opt-in tag: auth ---
Although the STIG requires that all passwords have a minimum lifetime set, this can cause issue in some production environments. Therefore, deployers must opt in for this change.
Set the following Ansible variable to an integer (in days) to enable this setting:
security_password_min_lifetime_days: 1The STIG requires the minimum lifetime for password to be one day.