openstack/openstack-ansible-security
Code Issues Proposed changes

Use fail module instead of debug module with failed_when

Browse Source 
Change-Id: I6936ac260e98432cdd540163c15d4e1617e92f26
This commit is contained in:
Christian Berendt
2016-05-19 07:37:38 +02:00
parent 8a3a83acaa
commit b562271aad
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tasks/auth.yml
View File

@@ -321,10 +321,9 @@
# If SHA512 isn't in use for some reason, we should fail and display an error.
- name: V-38576 - System must use FIPS 140-2 approved hashing algorithm for passwords (login.defs)
debug:
fail:
msg: "FAILED: Must use SHA512 for password hashing (in /etc/login.defs)"
when: v38576_result.rc != 0
failed_when: v38576_result.rc != 0
tags:
- auth
- cat2
@@ -358,10 +357,9 @@
# If libuser is installed *AND* it's using unacceptable password hashing
# algorithms, throw an error and a failure.
- name: V-38577 - System must use FIPS 140-2 approved hashing algorithm for passwords (libuser)
debug:
fail:
msg: "FAILED: libuser isn't configured to use SHA512 hashing for passwords"
when: v38577_libuser_check.rc == 0 and v38577_result.rc != 0
failed_when: v38577_libuser_check.rc == 0 and v38577_result.rc != 0
tags:
- auth
- cat2