mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-08 21:26:02 +02:00
Code Issues

hardening: reject authentication with empty passwd 

SSH defaults to disallowing empty passwords but Dovecot has no similar
safeguard (at least not one enabled by default). Remove "nullok" from
/etc/pam.d/system-auth to implement the desired behavior system-wide.
This commit is contained in:
Evangelos Foutras 2023-09-16 11:57:33 +03:00
parent d480317909
commit 6b5a5eeaba
No known key found for this signature in database
GPG Key ID: 51E8B148A9999C34
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
roles/hardening/tasks/main.yml
View File

@ -1,3 +1,9 @@
- name: Prevent users with empty passwords from authenticating
replace:
path: /etc/pam.d/system-auth
regexp: " nullok"
replace: ""
- name: Set restricted access to kernel logs
copy: src=50-dmesg-restrict.conf dest=/etc/sysctl.d/50-dmesg-restrict.conf owner=root group=root mode=0644
notify: