Get a list of all users + interactive users

This patch adjusts main.yml to retrieve a list of all users and a list of just interactive users using the get_users module. Change-Id: I4ff3ceeb068e339c62456f2e5c62ec97b72751f4
2017-05-25 10:20:34 -05:00 · 2017-05-25 10:20:34 -05:00 · 6c9c7fad66
parent 38270e7870
commit 6c9c7fad66
3 changed files with 17 additions and 2 deletions
--- a/tasks/rhel7stig/main.yml
+++ b/tasks/rhel7stig/main.yml
@ -49,13 +49,22 @@
    - always
    - skip_ansible_lint

- name: Get a list of users on the system to use throughout the auth tasks
-  action: get_users
+- name: Get user data for all users on the system
+  get_users:
+    min_uid: 0
  register: user_list
  check_mode: no
  tags:
    - always

+- name: Get user data for all interactive users on the system
+  get_users:
+    min_uid: "{{ security_interactive_user_minimum_uid }}"
+  register: interactive_user_list
+  check_mode: no
+  tags:
+    - always
+
 # Package installations and removals must come first so that configuration
 # changes can be made later.
 - include: packages.yml
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -46,6 +46,9 @@ clamav_service: clamav-daemon
 grub_update_cmd: "/usr/sbin/update-grub"
 ssh_keysign_path: /usr/lib/openssh

+# Other configuration
+security_interactive_user_minimum_uid: 500
+
 # RHEL 6 STIG: Packages to add/remove
 stig_packages:
  - packages:
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -43,6 +43,9 @@ clamav_service: 'clamd@scan'
 grub_update_cmd: "/usr/sbin/grub2-mkconfig -o {{ grub_config_file_boot }}"
 ssh_keysign_path: /usr/libexec/openssh

+# Other configuration
+security_interactive_user_minimum_uid: 1000
+
 # RHEL 6 STIG: Packages to add/remove
 stig_packages:
  - packages: