Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

expose pam_unix.so options to an attribute #268

Merged
merged 1 commit into from
Mar 22, 2021
Merged

expose pam_unix.so options to an attribute #268

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions attributes/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@
pam['passwdqc']['options'] = 'min=disabled,disabled,16,12,8'
pam['cracklib']['options'] = 'try_first_pass retry=3 type='
pam['pwquality']['options'] = 'try_first_pass retry=3 type='
pam['unix']['options'] = 'shadow nullok try_first_pass use_authtok remember=5'
pam['tally2']['template_cookbook'] = 'os-hardening'
pam['passwdqc']['template_cookbook'] = 'os-hardening'
pam['system-auth']['template_cookbook'] = 'os-hardening'
Expand Down
2 changes: 1 addition & 1 deletion templates/default/rhel_system_auth.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ password requisite pam_cracklib.so <%= node['os-hardening']['auth']['pam'

# NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512
# NSA 2.3.3.6 Limit Password Reuse
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
password sufficient pam_unix.so sha512 <%= node['os-hardening']['auth']['pam']['unix']['options'] %>
password required pam_deny.so

session optional pam_keyinit.so revoke
Expand Down