Skip to content
Snippets Groups Projects
Verified Commit 6b5a5eea authored by Evangelos Foutras's avatar Evangelos Foutras :smiley_cat:
Browse files

hardening: reject authentication with empty passwd 

SSH defaults to disallowing empty passwords but Dovecot has no similar
safeguard (at least not one enabled by default). Remove "nullok" from
/etc/pam.d/system-auth to implement the desired behavior system-wide.
parent d4803179
No related branches found
No related tags found
1 merge request!759hardening: reject authentication with empty passwd
Pipeline #78900 passed
Stage: test
Hide whitespace changes
Inline Side-by-side
roles/hardening/tasks/main.yml
+ 6
0
View file @ 6b5a5eea
- name: Prevent users with empty passwords from authenticating
replace:
path: /etc/pam.d/system-auth
regexp: " nullok"
replace: ""
- name: Set restricted access to kernel logs
copy: src=50-dmesg-restrict.conf dest=/etc/sysctl.d/50-dmesg-restrict.conf owner=root group=root mode=0644
notify:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment