openstack/ansible-hardening
Code Issues Proposed changes
Files
dccce1d5cc06985a58f0ecba4fd0d977388592b2
ansible-hardening/doc/metadata/rhel7/V-71937.rst
Major Hayden dccce1d5cc Handle RHEL 7 STIG renumbering 
This patch gets the docs adjusted to work with the new RHEL 7 STIG
version 1 release. The new STIG release has changed all of the
numbering, but it maintains a link to (most) of the old STIG IDs in
the XML.

Closes-bug: 1676865
Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
2017-04-04 07:22:12 -05:00

535 B
Raw Blame History

---id: V-71937 status: implemented tag: auth ---

The Ansible tasks will ensure that PAM is configured to disallow logins from accounts with null or blank passwords. This involves removing a single option from one of the PAM configuration files:

  • CentOS or RHEL: removes nullok from /etc/pam.d/system-auth
  • Ubuntu: removes nullok_secure from /etc/pam.d/common-auth

Deployers can opt-out of this change by setting the following Ansible variable:

security_disallow_blank_password_login: no