install python3, pip so we can then install pam-tester

Signed-off-by: Sebastian Gumprich <[email protected]>
dev-sec · Aug 8, 2023 · f1ec9f2 · f1ec9f2
1 parent 8220ae9
commit f1ec9f2
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 20 deletions.
diff --git a/molecule/os_hardening/prepare.yml b/molecule/os_hardening/prepare.yml
@@ -7,19 +7,18 @@
  https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
  no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
  tasks:
- - name: set ansible_python_interpreter to "/usr/bin/python3" on fedora
- set_fact:
- ansible_python_interpreter: "/usr/bin/python3"
- when: ansible_facts.distribution == 'Fedora'
-
- - name: Run the equivalent of "apt-get update && apt-get upgrade"
- apt:
- name: "*"
- state: latest
+ - name: Install Python3 on Debian 10
+ ansible.builtin.apt:
+ name: python3
+ state: present
  update_cache: true
  when: ansible_os_family == 'Debian'
 
- - name: install required tools on SuSE
+ - name: Set ansible_python_interpreter to "/usr/bin/python3"
+ ansible.builtin.set_fact:
+ ansible_python_interpreter: /usr/bin/python3
+
+ - name: Install required tools on SuSE
  # cannot use zypper module, since it depends on python-xml
  ansible.builtin.shell: zypper -n install python-xml
  when: ansible_facts.os_family == 'Suse'

diff --git a/molecule/os_hardening/verify.yml b/molecule/os_hardening/verify.yml
@@ -20,15 +20,14 @@
  - verify_tasks/netrc.yml
  - verify_tasks/ignore_home_folders.yml
 
-# temp. disabled - https://github.com/dev-sec/ansible-collection-hardening/issues/690
-# - name: include PAM tests
-# include_tasks: verify_tasks/pam.yml
-# when: ansible_facts.distribution in ['Debian', 'Ubuntu'] or ansible_facts.os_family == 'RedHat'
-
- - name: include YUM tests
- include_tasks: verify_tasks/yum.yml
+ - name: Include YUM tests
+ ansible.builtin.include_tasks: verify_tasks/yum.yml
  when: ansible_facts.os_family == 'RedHat'
 
+ - name: Include PAM tests
+ ansible.builtin.include_tasks: verify_tasks/pam.yml
+ when: ansible_facts.distribution in ['Debian', 'Ubuntu'] or ansible_facts.os_family == 'RedHat'
+
 - name: Verify
  hosts: localhost
  environment:

diff --git a/molecule/os_hardening/verify_tasks/pam.yml b/molecule/os_hardening/verify_tasks/pam.yml
@@ -12,9 +12,9 @@
  state: present
  executable: /usr/bin/pip3
 
-- name: set password for test
- set_fact:
- test_pw: "myTest!pw"
+- name: Set password for test
+ ansible.builtin.set_fact:
+ test_pw: myTestpwSage
 
 - name: Set locale for test
  ansible.builtin.set_fact: