RHEL9-CIS icon indicating copy to clipboard operation
RHEL9-CIS copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

Root account locked

Open stwongst opened this issue 8 months ago • 0 comments

Describe the Issue Task to ensure root password is set can't handle root account disabled:

Root password is set:

passwd -S root | grep "Password set, SHA512 crypt"

root PS 1969-12-31 0 99999 7 -1 (Password set, SHA512 crypt.)

Root account is locked: passwd -S root root LK 1969-12-31 0 99999 7 -1 (Password locked.)

Expected Behavior Root locked should be passed.

Actual Behavior Check failed as the expected string "Password set, SHA512 crypt" doesn't exist.

Control(s) Affected What controls are being affected by the issue

Environment (please complete the following information):

  • branch being used: devel
  • Ansible Version: 2.14.2
  • Host Python Version: Python 3.9.18
  • Ansible Server Python Version: Python 3.9.16
  • Additional Details: Nil

Additional Notes Nil

Possible Solution

tasks/main.yml:

50c50 < ansible.builtin.shell: passwd -S root | egrep -e "(Password set, SHA512 crypt|Password locked)"

    ansible.builtin.shell: passwd -S root | grep "Password set, SHA512 crypt"

stwongst avatar Nov 27 '23 09:11 stwongst