Ensure authconfig is properly configured

Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Change-Id: I65d1bb54e7e7c96365da98cf5ebf4ca993bb6116

diff --git a/infra-ansible.spec b/infra-ansible.spec
index 57905a0..39e7f74 100644 (file)
--- a/infra-ansible.spec
+++ b/infra-ansible.spec
@@ -15,7 +15,7 @@
 
 Name:           infra-ansible
 Version:        %{_version}
 
 Name:           infra-ansible
 Version:        %{_version}

-Release:        6%{?dist}
+Release:        7%{?dist}

 Summary:        Contains ansible playbook and roles for Akraino rec blueprint
 License:        %{_platform_licence}
 Source0:        %{name}-%{version}.tar.gz
 Summary:        Contains ansible playbook and roles for Akraino rec blueprint
 License:        %{_platform_licence}
 Source0:        %{name}-%{version}.tar.gz

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 5558cd0..3b75d16 100644 (file)
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -69,6 +69,14 @@
 #
 # Linux Failed password attempts
 #
 #
 # Linux Failed password attempts
 #

+- name: "Ensure authconfig is properly configured"
+  command: authconfig --updateall
+  with_items:
+    - /etc/pam.d/system-auth-ac
+    - /etc/pam.d/password-auth-ac
+  when: not (item|exists and item|is_file)
+  tags:
+    - REC-443

 
 - name: "Set Deny for failed password attempts 1"
   lineinfile:
 
 - name: "Set Deny for failed password attempts 1"
   lineinfile: