Ensure authconfig is properly configured

[ta/infra-ansible.git] / roles / ops-hardening / tasks / main.yaml

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 5558cd0..3b75d16 100644 (file)
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -69,6 +69,14 @@
 #
 # Linux Failed password attempts
 #
+- name: "Ensure authconfig is properly configured"
+  command: authconfig --updateall
+  with_items:
+    - /etc/pam.d/system-auth-ac
+    - /etc/pam.d/password-auth-ac
+  when: not (item|exists and item|is_file)
+  tags:
+    - REC-443
 
 - name: "Set Deny for failed password attempts 1"
   lineinfile: