ansible-hardening/V-71937.rst at 53bcfcf743bccfeb6472d768ace012ccf0c706ec

Markos Chandras f422da8599 Add support for the openSUSE Leap distributions

Add support for the openSUSE Leap distributions. The security rules
are similar to the RedHat and Ubuntu ones. We also replace
ansible_os_family with ansible_pkg_mgr since the former does not
return consistent results across different SUSE distributions especially
on older Ansible versions.

Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba

2017-06-27 15:43:53 +01:00

644 B

Raw Blame History

---id: V-71937 status: implemented tag: auth ---

The Ansible tasks will ensure that PAM is configured to disallow logins from accounts with null or blank passwords. This involves removing a single option from one of the PAM configuration files:

CentOS or RHEL: removes nullok from /etc/pam.d/system-auth
Ubuntu: removes nullok_secure from /etc/pam.d/common-auth
openSUSE Leap or SLE: remove nullok from /etc/pam.d/common-auth and /etc/pam.d/common-password

Deployers can opt-out of this change by setting the following Ansible variable:

security_disallow_blank_password_login: no

644 B Raw Blame History

644 B

Raw Blame History