change hardcoded value to variable in ansible of accounts_password_set_min_life_existing

[vojtapolasek]

Description:

• the value for the chage command was hardcoded to 1, change it to use the variable

Rationale:

• Fixes accounts_password_set_min_life_existing rule fails after Ansible remediation #10853

Review Hints:

1. setup a RHEL 8 VM
2. ./build_product rhel8
3. scan the VM with the datastream - the rule accounts_password_set_min_life_existing should fail
4. ansible-playbook -u root -i , --tags accounts_password_set_min_life_existing build/ansible/rhel8-playbook-cis_workstation_l2.yml
5. Scan the VM again - the rule should pass

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing' differs.
--- xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing
+++ xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing
@@ -23,7 +23,7 @@
 
 - name: Change the minimum time period between password changes
   command: |
-    chage -m 1 {{ item }}
+    chage -m {{ var_accounts_minimum_age_login_defs }} {{ item }}
   with_items: '{{ user_names.stdout_lines }}'
   when: user_names.stdout_lines | length > 0
   tags:

[codeclimate]

Code Climate has analyzed commit 78a9818 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.2% (0.0% change).

View more on Code Climate.