|
33 | 33 | - name: "5.4.1.1 | AUDIT | Ensure password expiration is configured | Add warning if ansible user found as break connection" |
34 | 34 | when: |
35 | 35 | - ubtu24cis_disruption_high |
36 | | - - ansible_user in discovered_passwd_max_days.stdout |
| 36 | + - (ansible_user | default(ansible_env.USER)) in discovered_passwd_max_days.stdout |
37 | 37 | ansible.builtin.debug: |
38 | 38 | msg: "Warning!! Your ansible user found to be not compliant with maxdays - Manual intervention required" |
39 | 39 |
|
40 | 40 | - name: 5.4.1.1 | AUDIT | Ensure password expiration is configured | Warn count" |
41 | 41 | when: |
42 | 42 | - ubtu24cis_disruption_high |
43 | | - - ansible_user in discovered_passwd_max_days.stdout |
| 43 | + - (ansible_user | default(ansible_env.USER)) in discovered_passwd_max_days.stdout |
44 | 44 | ansible.builtin.import_tasks: |
45 | 45 | file: warning_facts.yml |
46 | 46 |
|
47 | 47 | - name: "5.4.1.1 | PATCH | Ensure password expiration is configured | Set existing users PASS_MAX_DAYS" |
48 | 48 | when: |
49 | 49 | - ubtu24cis_disruption_high |
50 | | - - item != (ansible_user) |
| 50 | + - item != (ansible_user | default(ansible_env.USER)) |
51 | 51 | ansible.builtin.command: "chage --maxdays {{ ubtu24cis_pass_max_days }} {{ item }}" |
52 | 52 | failed_when: false |
53 | 53 | changed_when: discovered_passwd_max_days.stdout | length > 0 |
|
81 | 81 | - name: "5.4.1.2 | AUDIT | Ensure minimum password age is configured | Add warning if ansible user found as break connection" |
82 | 82 | when: |
83 | 83 | - ubtu24cis_disruption_high |
84 | | - - ansible_user in discovered_passwd_min_days.stdout |
| 84 | + - (ansible_user | default(ansible_env.USER)) in discovered_passwd_min_days.stdout |
85 | 85 | ansible.builtin.debug: |
86 | 86 | msg: "Warning!! Your ansible user found to be not compliant with mindays - Manual intervention required" |
87 | 87 |
|
88 | 88 | - name: "5.4.1.2 | AUDIT | Ensure minimum password age is configured | Warn count" |
89 | 89 | when: |
90 | 90 | - ubtu24cis_disruption_high |
91 | | - - ansible_user in discovered_passwd_min_days.stdout |
| 91 | + - (ansible_user | default(ansible_env.USER)) in discovered_passwd_min_days.stdout |
92 | 92 | ansible.builtin.import_tasks: |
93 | 93 | file: warning_facts.yml |
94 | 94 |
|
95 | 95 | - name: "5.4.1.2 | PATCH | Ensure minimum password age is configured | Set existing users PASS_MIN_DAYS" |
96 | 96 | when: |
97 | 97 | - ubtu24cis_disruption_high |
98 | | - - item != (ansible_user) |
| 98 | + - item != (ansible_user | default(ansible_env.USER)) |
99 | 99 | ansible.builtin.command: chage --mindays {{ ubtu24cis_pass_min_days }} {{ item }} |
100 | 100 | failed_when: false |
101 | 101 | changed_when: discovered_passwd_min_days.stdout | length > 0 |
|
128 | 128 | - name: "5.4.1.3 | PATCH | Ensure password expiration warning days is configured | Set existing users PASS_WARN_AGE" |
129 | 129 | when: |
130 | 130 | - ubtu24cis_disruption_high |
131 | | - - item != (ansible_user) |
| 131 | + - item != (ansible_user | default(ansible_env.USER)) |
132 | 132 | ansible.builtin.command: chage --warndays {{ ubtu24cis_pass_warn_age }} {{ item }} |
133 | 133 | failed_when: false |
134 | 134 | changed_when: discovered_passwd_warn_days.stdout | length > 0 |
|
0 commit comments