mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-08 21:26:02 +02:00
hardening: reject authentication with empty passwd
SSH defaults to disallowing empty passwords but Dovecot has no similar safeguard (at least not one enabled by default). Remove "nullok" from /etc/pam.d/system-auth to implement the desired behavior system-wide.
This commit is contained in:
parent
d480317909
commit
6b5a5eeaba
|
@ -1,3 +1,9 @@
|
|||
- name: Prevent users with empty passwords from authenticating
|
||||
replace:
|
||||
path: /etc/pam.d/system-auth
|
||||
regexp: " nullok"
|
||||
replace: ""
|
||||
|
||||
- name: Set restricted access to kernel logs
|
||||
copy: src=50-dmesg-restrict.conf dest=/etc/sysctl.d/50-dmesg-restrict.conf owner=root group=root mode=0644
|
||||
notify:
|
||||
|
|
Loading…
Reference in New Issue