Skip to content

Commit

Permalink
Merge pull request #62 from hardening-io/sys_uid_gid
Browse files Browse the repository at this point in the history
make sys_uid and sys_gid configurable
  • Loading branch information
chris-rock committed Jan 31, 2016
2 parents eedd504 + 4b4b58c commit 8bc5c23
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
5 changes: 5 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ os_auth_pam_passwdqc_options: 'min=disabled,disabled,16,12,8'
os_auth_root_ttys: [console, tty1, tty2, tty3, tty4, tty5, tty6]
os_auth_uid_min: 1000
os_auth_gid_min: 1000
os_auth_sys_uid_min: 100
os_auth_sys_uid_max: 999
os_auth_sys_gid_min: 100
os_auth_sys_gid_max: 999

os_chfn_restrict: ''
# may contain: change_user
os_security_users_allow: []
Expand Down
8 changes: 4 additions & 4 deletions templates/login.defs.j2
Original file line number Diff line number Diff line change
Expand Up @@ -107,15 +107,15 @@ PASS_WARN_AGE 7
UID_MIN {{os_auth_uid_min}}
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
SYS_UID_MIN {{os_auth_sys_uid_min}}
SYS_UID_MAX {{os_auth_sys_uid_max}}

# Min/max values for automatic gid selection in groupadd
GID_MIN {{os_auth_gid_min}}
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
SYS_GID_MIN {{os_auth_sys_gid_min}}
SYS_GID_MAX {{os_auth_sys_gid_max}}

# Max number of login retries if password is bad. This will most likely be overriden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES.
LOGIN_RETRIES {{os_auth_retries}}
Expand Down

0 comments on commit 8bc5c23

Please sign in to comment.