Improve test 1.5.3

[jvleminc]

Actually test 1.5.3 is DIY. We could implement this test by something similar to the following:

- name: 1.5.3 Ensure authentication required for single user mode
  block:
    - name: 1.5.3 Ensure authentication required for single user mode - step 1
      shell: /bin/grep -e "^root:[\*]:" /etc/shadow | /usr/bin/awk 'END {if (NR == 0) print "pass" ; else print "fail"}'
      register: result
      ignore_errors: true

    - name: 1.5.3 Ensure authentication required for single user mode - step 2
      # bash must be used or mysterious errors are thrown
      shell: "/bin/bash -c 'echo -e {{ root_password }} | passwd root'"
      when: result.stdout == "fail"

with root_password defined by the user (or a default password in main.yml).

What do you think?

[alivx]

Requiring authentication in single-user mode prevents an unauthorized user from rebooting the system into the single user to gain root privileges without credentials, and since most of the users are using cloud service, I'm not sure if making this step automatically or not,

I will try to test this step in AWS EC2 server during this week and test if everything is working as expected.
@jvleminc What do you think?

[jvleminc]

Hmm, this task only sets a root password, it won't impact the boot process in se.

I think we can make this task dependent on a root password being set by the user: if the variable is not set, the task isn't executed.

BTW, the above code works already; I've tried in it my environment with Ubuntu VMs.

[jvleminc]

I have implemented this now on top of the existing code; once you approve the first PR, I can create a new one for this matter.

I have also implemented task 1.5.1. Will send PR also for that one.

[alivx]

Root password changes merged :)