System UID range increased from 500 to 1000 in RHEL/CentOS 7

[martinbydefault]

System user UID range was extended from 0-499 to 0-999 (https://access.redhat.com/articles/1190233).

In the template rhel_system_auth.j2 there is a 500 harcoded. I think there should be a variable with the max system UID number (500 or 1000, depending the OS version) and use that variable instead of the 500 hardcoded here: https://github.com/dev-sec/ansible-os-hardening/blob/44b32922ffd4372fabdef56c958448ea555ed9c3/templates/etc/pam.d/rhel_system_auth.j2#L9 and here: https://github.com/dev-sec/ansible-os-hardening/blob/44b32922ffd4372fabdef56c958448ea555ed9c3/templates/etc/pam.d/rhel_system_auth.j2#L17

Or maybe don't define a new variable and just use os_auth_uid_min?

In both cases the variable must be defined in the OS specific version var file (Redhat-6 and Redhat-7) instead of the general (Redhat).

I can submit a PR with the changes once I get feedback from this.

CC @rndmh3ro

[rndmh3ro]

Hey @martinbydefault, thanks for noticing that, you're completely right!

Or maybe don't define a new variable and just use os_auth_uid_min?

Yes, we should use that variable.

If you would open a PR that would be great!

[pyllyukko]

How about reading it from /etc/login.defs (SYS_UID_MAX)?