-
Notifications
You must be signed in to change notification settings - Fork 704
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
System UID range increased from 500 to 1000 in RHEL/CentOS 7 #194
Labels
Comments
Hey @martinbydefault,
Yes, we should use that variable. If you would open a PR that would be great! |
How about reading it from |
Merged
rndmh3ro
added a commit
that referenced
this issue
Jul 24, 2020
set 'GSSAPIAuthentication yes' if variable 'ssh_gssapi_support' is set to 'true'
divialth
pushed a commit
to divialth/ansible-collection-hardening
that referenced
this issue
Aug 3, 2022
set 'GSSAPIAuthentication yes' if variable 'ssh_gssapi_support' is set to 'true'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
System user UID range was extended from 0-499 to 0-999 (https://access.redhat.com/articles/1190233).
In the template
rhel_system_auth.j2
there is a 500 harcoded.I think there should be a variable with the max system UID number (500 or 1000, depending the OS version) and use that variable instead of the
500
hardcoded here:https://github.com/dev-sec/ansible-os-hardening/blob/44b32922ffd4372fabdef56c958448ea555ed9c3/templates/etc/pam.d/rhel_system_auth.j2#L9 and here: https://github.com/dev-sec/ansible-os-hardening/blob/44b32922ffd4372fabdef56c958448ea555ed9c3/templates/etc/pam.d/rhel_system_auth.j2#L17
Or maybe don't define a new variable and just use
os_auth_uid_min
?In both cases the variable must be defined in the OS specific version var file (
Redhat-6
andRedhat-7
) instead of the general (Redhat
).I can submit a PR with the changes once I get feedback from this.
CC @rndmh3ro
The text was updated successfully, but these errors were encountered: