16 lines
392 B
YAML
16 lines
392 B
YAML
---
|
|
- name: Ensure the Default UMASK is Set Correctly
|
|
ansible.builtin.lineinfile:
|
|
path: "/mnt/etc/profile"
|
|
regexp: "^(\\s*)umask\\s+\\d+"
|
|
line: "umask 027"
|
|
|
|
- name: Prevent Login to Accounts With Empty Password
|
|
ansible.builtin.replace:
|
|
dest: "{{ item }}"
|
|
regexp: "\\s*nullok"
|
|
replace: ""
|
|
loop:
|
|
- /mnt/etc/pam.d/system-auth
|
|
- /mnt/etc/pam.d/password-auth
|