24 lines
643 B
YAML
24 lines
643 B
YAML
---
|
|
- name: Ensure the Default UMASK is Set Correctly
|
|
ansible.builtin.lineinfile:
|
|
path: "/mnt/etc/profile"
|
|
regexp: "^(\\s*)umask\\s+\\d+"
|
|
line: "umask 027"
|
|
|
|
# Non-RHEL/non-Debian distros: loop evaluates to [] (intentional skip)
|
|
- name: Prevent Login to Accounts With Empty Password
|
|
ansible.builtin.replace:
|
|
dest: "{{ item }}"
|
|
regexp: "\\s*nullok"
|
|
replace: ""
|
|
loop: >-
|
|
{{
|
|
['/mnt/etc/pam.d/system-auth', '/mnt/etc/pam.d/password-auth']
|
|
if is_rhel | bool
|
|
else (
|
|
['/mnt/etc/pam.d/common-auth', '/mnt/etc/pam.d/common-password']
|
|
if is_debian | bool
|
|
else []
|
|
)
|
|
}}
|