Scribd Logo
Upload

Welcome to Scribd!

  • Scrip

    Uploaded by

    muhammadosama0121
    11 views2 pages

    Original Title

    scrip

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views2 pages

    Scrip

    Uploaded by

    muhammadosama0121

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    ---

    # STIG Items RHEL8 V1R9 STIG


    ##
    - name: RHEL8 initial
    hosts: all
    become: yes
    tasks:
    - name: List root and regular users with /bin/bash shell
    shell: "getent passwd | awk -F: '($3 >= 0 && $3 <= 6000 && $7 ==
    \"/bin/bash\") { print $1 }'"
    register: users

    - name: Debug the list of users


    debug:
    var: users.stdout_lines

    - name: Find initialization files in user home directories


    find:
    paths: "/home/{{ item }}"
    patterns: ".*"
    file_type: file
    hidden: yes
    register: init_files
    loop: "{{ users.stdout_lines }}"

    - name: Debug the find results


    debug:
    var: init_files.results

    - name: Set permissions for initialization files in user home directories


    file:
    path: "{{ item.path }}"
    mode: '0740'
    loop: "{{ init_files.results | map(attribute='files') | flatten }}"

    - name: Ensure Tmux is installed


    yum:
    name: tmux
    state: present
    ignore_errors: yes

    - name: Transfer and execute tmux script


    copy:
    src: /etc/profile.d/tmuxstig.sh
    dest: '/etc/profile.d/'
    mode: '0755'
    ignore_errors: yes

    - name: Insert/update NTP settings in chrony.conf


    lineinfile:
    path: /etc/chrony.conf
    state: present
    insertafter: 'server 0.rhel.pool.ntp.org iburst maxpoll 10'
    line: port 0

    - name: Insert/update NTP settings in chrony.conf cmdport


    lineinfile:
    path: /etc/chrony.conf
    state: present
    insertafter: 'port 0'
    line: 'cmdport 0'

    - name: Check if PAM password history line exists in system-auth


    command: grep -q 'password\s\+requisite\s\+pam_pwhistory\.so\s\+use_authtok\
    s\+remember=5\s\+retry=3' /etc/pam.d/system-auth
    register: grep_system_auth
    changed_when: false

    - name: Add pam_pwhistory line after the last pam_unix.so in system-auth if it


    does not exist
    blockinfile:
    path: /etc/pam.d/system-auth
    marker: "# {mark} ANSIBLE MANAGED BLOCK AFTER PAM_UNIX"
    block: |
    password requisite
    pam_pwhistory.so use_authtok remember=5 retry=3
    backup: yes
    when: grep_system_auth.rc != 0

    - name: Check if PAM password history line exists in password-auth


    command: grep -q 'password\s\+requisite\s\+pam_pwhistory\.so\s\+use_authtok\
    s\+remember=5\s\+retry=3' /etc/pam.d/password-auth
    register: grep_password_auth
    changed_when: false

    - name: Add pam_pwhistory line after the last pam_unix.so in password-auth if


    it does not exist
    blockinfile:
    path: /etc/pam.d/password-auth
    marker: "# {mark} ANSIBLE MANAGED BLOCK AFTER PAM_UNIX"
    block: |
    password requisite
    pam_pwhistory.so use_authtok remember=5 retry=3
    backup: yes
    when: grep_password_auth.rc != 0

    You might also like