From: Alexandru Antone <Alexandru.Antone@enea.com>
Date: Tue, 17 Dec 2019 09:55:52 +0000 (+0200)
Subject: Ensure authconfig is properly configured
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=e5776805848728d0aac93078223585f725b84c5e

Ensure authconfig is properly configured

Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Change-Id: I65d1bb54e7e7c96365da98cf5ebf4ca993bb6116
---

diff --git a/infra-ansible.spec b/infra-ansible.spec
index 57905a0..39e7f74 100644
--- a/infra-ansible.spec
+++ b/infra-ansible.spec
@@ -15,7 +15,7 @@
 
 Name:           infra-ansible
 Version:        %{_version}
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Contains ansible playbook and roles for Akraino rec blueprint
 License:        %{_platform_licence}
 Source0:        %{name}-%{version}.tar.gz
diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 5558cd0..3b75d16 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -69,6 +69,14 @@
 #
 # Linux Failed password attempts
 #
+- name: "Ensure authconfig is properly configured"
+  command: authconfig --updateall
+  with_items:
+    - /etc/pam.d/system-auth-ac
+    - /etc/pam.d/password-auth-ac
+  when: not (item|exists and item|is_file)
+  tags:
+    - REC-443
 
 - name: "Set Deny for failed password attempts 1"
   lineinfile: