sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13cb67be198db59eb2bdb5f6f6882df0cd584a7c
dsk-iac/ansible/roles/security-settings/tasks/login_defs.yml
havelight-ee 13cb67be19 add security setting
2022-10-18 13:40:35 +09:00

49 lines
1.1 KiB
YAML
Executable File
Raw Blame History

---
- name: Set pass max days
lineinfile:
dest: /etc/login.defs
state: present
regexp: '^PASS_MAX_DAYS.*$'
line: "PASS_MAX_DAYS\t{{os_auth_pw_max_age}}"
backrefs: yes
- name: Set pass min days
lineinfile:
dest: /etc/login.defs
state: present
regexp: '^PASS_MIN_DAYS.*$'
line: "PASS_MIN_DAYS\t{{os_auth_pw_min_age}}"
backrefs: yes
- name: Set pass min length
lineinfile:
dest: /etc/login.defs
state: present
regexp: '^PASS_MIN_LEN.*$'
line: "PASS_MIN_LEN\t{{pwquality_minlen}}"
backrefs: yes
- name: Set pass warn days
lineinfile:
dest: /etc/login.defs
state: present
regexp: '^PASS_WARN_AGE.*$'
line: "PASS_WARN_AGE\t{{os_auth_pw_warn_age}}"
backrefs: yes
- name: Set password encryption to SHA512
lineinfile:
dest: /etc/login.defs
state: present
regexp: '^ENCRYPT_METHOD\s.*$'
line: "ENCRYPT_METHOD\tSHA512"
backrefs: yes
- name: Disable MD5 crypt explicitly
lineinfile:
dest: /etc/login.defs
state: present
regexp: '^MD5_CRYPT_ENAB.*$'
line: "MD5_CRYPT_ENAB NO"
backrefs: yes
Reference in New Issue View Git Blame Copy Permalink