Skip to content

Instantly share code, notes, and snippets.

@metabsd

metabsd/test.sls

Created September 11, 2018 00:43
Show Gist options
  • Save metabsd/6e618008bc96856155f516371c55ed90 to your computer and use it in GitHub Desktop.
Save metabsd/6e618008bc96856155f516371c55ed90 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
test.sls
{% for files in [
{'cis': '5.3.3 Ensure password reuse is limited (Scored)', 'name': 'pwquality'},
{'cis': '5.3.4 Ensure password hashing algorithm is SHA-512 (Scored)', 'name': 'unix'}
]
%}
{{ files.cis }}:
file.managed:
- source: salt://files/pam/{{files.name}}
- name: /usr/share/pam-configs/{{files.name}}
- mode: 644
pam-auth-update {{ file.cis }}:
cmd.run:
- name: DEBIAN_FRONTEND=noninteractive pam-auth-update --force
- onchanges_in:
- file: /usr/share/pam-configs/{{files.name}}
{% endfor %}
@hemebond
Copy link 

{% for files in [
  {'cis': '5.3.3 Ensure password reuse is limited (Scored)', 'name': 'pwquality'},
  {'cis': '5.3.4 Ensure password hashing algorithm is SHA-512 (Scored)', 'name': 'unix'}
]
%}

{{ files.cis }}:
  file.managed:
    - source: salt://files/pam/{{files.name}}
    - name: /usr/share/pam-configs/{{files.name}}
    - mode: 644
    - onchanges_in:
      - cmd: pam-auth-update
{% endfor %}

pam-auth-update:
  cmd.run:
    - name: DEBIAN_FRONTEND=noninteractive pam-auth-update --force

@metabsd
Copy link
Author

metabsd commented Sep 11, 2018
edited
Loading 

{% for files in [
  {'cis': '5.3.3 Ensure password reuse is limited (Scored)', 'name': 'pwquality'},
  {'cis': '5.3.4 Ensure password hashing algorithm is SHA-512 (Scored)', 'name': 'unix'}
  ]
%}

{{ files.cis }}:
  file.managed:
    - source: salt://files/pam/{{files.name}}
    - name: /usr/share/pam-configs/{{files.name}}
    - mode: 644
pam-auth-update {{ file.cis }}:
  cmd.run:
    - name: DEBIAN_FRONTEND=noninteractive pam-auth-update --force
    - onchanges:
      - file: /usr/share/pam-configs/{{files.name}}
{% endfor %}

@metabsd
Copy link
Author

metabsd commented Sep 11, 2018

the result

----------
          ID: 5.3.3 Ensure password reuse is limited (Scored)
    Function: file.managed
        Name: /usr/share/pam-configs/pwquality
      Result: True
     Comment: File /usr/share/pam-configs/pwquality is in the correct state
     Started: 01:18:25.766196
    Duration: 24.368 ms
     Changes:
----------
          ID: pam-auth-update 5.3.3 Ensure password reuse is limited (Scored)
    Function: cmd.run
        Name: DEBIAN_FRONTEND=noninteractive pam-auth-update --force
      Result: True
     Comment: State was not run because none of the onchanges reqs changed
     Started: 01:18:25.792289
    Duration: 0.01 ms
     Changes:
----------
          ID: 5.3.4 Ensure password hashing algorithm is SHA-512 (Scored)
    Function: file.managed
        Name: /usr/share/pam-configs/unix
      Result: True
     Comment: File /usr/share/pam-configs/unix is in the correct state
     Started: 01:18:25.792352
    Duration: 22.829 ms
     Changes:
----------
          ID: pam-auth-update 5.3.4 Ensure password hashing algorithm is SHA-512 (Scored)
    Function: cmd.run
        Name: DEBIAN_FRONTEND=noninteractive pam-auth-update --force
      Result: True
     Comment: State was not run because none of the onchanges reqs changed
     Started: 01:18:25.815842
    Duration: 0.009 ms
     Changes:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment