51 lines
1.3 KiB
YAML
Executable File
51 lines
1.3 KiB
YAML
Executable File
---
|
|
- name: Add pam_tally2.so
|
|
template:
|
|
src: common-auth.j2
|
|
dest: /etc/pam.d/common-auth
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Create pwquality.conf password complexity configuration
|
|
block:
|
|
- apt:
|
|
name: libpam-pwquality
|
|
state: present
|
|
install_recommends: false
|
|
- template:
|
|
src: pwquality.conf.j2
|
|
dest: /etc/security/pwquality.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Add pam_tally2.so
|
|
block:
|
|
- lineinfile:
|
|
dest: /etc/pam.d/common-account
|
|
regexp: '^account\srequisite'
|
|
line: "account requisite pam_deny.so"
|
|
|
|
- lineinfile:
|
|
dest: /etc/pam.d/common-account
|
|
regexp: '^account\srequired'
|
|
line: "account required pam_tally2.so"
|
|
|
|
- name: password reuse is limited
|
|
lineinfile:
|
|
dest: /etc/pam.d/common-password
|
|
line: "password required pam_pwhistory.so remember=5"
|
|
|
|
- name: password hashing algorithm is SHA-512
|
|
lineinfile:
|
|
dest: /etc/pam.d/common-password
|
|
regexp: '^password\s+\[success'
|
|
line: "password [success=1 default=ignore] pam_unix.so sha512"
|
|
|
|
- name: Shadow Password Suite Parameters
|
|
lineinfile:
|
|
dest: /etc/pam.d/common-password
|
|
regexp: '^password\s+\[success'
|
|
line: "password [success=1 default=ignore] pam_unix.so sha512"
|