Skip to content

Updated Jinja template to fix compliance issues for control 5.3.3.2.7#437

Open
defnotyujine wants to merge 1 commit intoansible-lockdown:develfrom
defnotyujine:fix-5.3.3.2.7
Open

Updated Jinja template to fix compliance issues for control 5.3.3.2.7#437
defnotyujine wants to merge 1 commit intoansible-lockdown:develfrom
defnotyujine:fix-5.3.3.2.7

Conversation

@defnotyujine
Copy link

@defnotyujine defnotyujine commented Mar 9, 2026

Please ensure that you have understood contributing guide
Ensure all commits are signed-by and gpg signed

Overall Review of Changes:
Updated the Ansible Configuration to correctly implement CIS Control 5.3.3.2.7 for RHEL9. As Nessus flags it as non compliant.

Issue Fixes:
Fixes non-compliance for CIS Control 5.3.3.2.7 (Password quality enforcement for root).

How has this been tested?:
Tested on a live RHEL9 instance. Verified using the CIS-recommended audit command:
sudo grep -Psi -- '^\henforce_for_root\b' /etc/security/pwquality.conf /etc/security/pwquality.conf.d/.conf
Output confirmed the setting is correctly applied in /etc/security/pwquality.conf.d/50-pwroot.conf

[frqadmin@localhost ~]$ sudo grep -Psi -- '^\h*enforce_for_root\b' /etc/security/pwquality.conf /etc/security/pwquality.conf.d/*.conf
/etc/security/pwquality.conf.d/50-pwroot.conf:enforce_for_root
[frqadmin@localhost ~]$

Please double check it, thanks!

@github-actions
Copy link

github-actions bot commented Mar 9, 2026

Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
Please join in the conversation happening on the Discord Server as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@defnotyujine