From f1ec9f2c785e369422cc82f1e22ddfb6250ff05d Mon Sep 17 00:00:00 2001
From: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Date: Tue, 8 Aug 2023 09:05:02 +0200
Subject: [PATCH] install python3, pip so we can then install pam-tester

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
---
 molecule/os_hardening/prepare.yml          | 19 +++++++++----------
 molecule/os_hardening/verify.yml           | 13 ++++++-------
 molecule/os_hardening/verify_tasks/pam.yml |  6 +++---
 3 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/molecule/os_hardening/prepare.yml b/molecule/os_hardening/prepare.yml
index 947aa85d..866960d6 100644
--- a/molecule/os_hardening/prepare.yml
+++ b/molecule/os_hardening/prepare.yml
@@ -7,19 +7,18 @@
     https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
     no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   tasks:
-    - name: set ansible_python_interpreter to "/usr/bin/python3" on fedora
-      set_fact:
-        ansible_python_interpreter: "/usr/bin/python3"
-      when: ansible_facts.distribution == 'Fedora'
-
-    - name: Run the equivalent of "apt-get update && apt-get upgrade"
-      apt:
-        name: "*"
-        state: latest
+    - name: Install Python3 on Debian 10
+      ansible.builtin.apt:
+        name: python3
+        state: present
         update_cache: true
       when: ansible_os_family == 'Debian'
 
-    - name: install required tools on SuSE
+    - name: Set ansible_python_interpreter to "/usr/bin/python3"
+      ansible.builtin.set_fact:
+        ansible_python_interpreter: /usr/bin/python3
+
+    - name: Install required tools on SuSE
       # cannot use zypper module, since it depends on python-xml
       ansible.builtin.shell: zypper -n install python-xml
       when: ansible_facts.os_family == 'Suse'
diff --git a/molecule/os_hardening/verify.yml b/molecule/os_hardening/verify.yml
index 80744909..7986ebfd 100644
--- a/molecule/os_hardening/verify.yml
+++ b/molecule/os_hardening/verify.yml
@@ -20,15 +20,14 @@
         - verify_tasks/netrc.yml
         - verify_tasks/ignore_home_folders.yml
 
-# temp. disabled - https://github.com/dev-sec/ansible-collection-hardening/issues/690
-#    - name: include PAM tests
-#      include_tasks: verify_tasks/pam.yml
-#      when: ansible_facts.distribution in ['Debian', 'Ubuntu'] or ansible_facts.os_family == 'RedHat'
-
-    - name: include YUM tests
-      include_tasks: verify_tasks/yum.yml
+    - name: Include YUM tests
+      ansible.builtin.include_tasks: verify_tasks/yum.yml
       when: ansible_facts.os_family == 'RedHat'
 
+    - name: Include PAM tests
+      ansible.builtin.include_tasks: verify_tasks/pam.yml
+      when: ansible_facts.distribution in ['Debian', 'Ubuntu'] or ansible_facts.os_family == 'RedHat'
+
 - name: Verify
   hosts: localhost
   environment:
diff --git a/molecule/os_hardening/verify_tasks/pam.yml b/molecule/os_hardening/verify_tasks/pam.yml
index 4f958449..fee7ade0 100644
--- a/molecule/os_hardening/verify_tasks/pam.yml
+++ b/molecule/os_hardening/verify_tasks/pam.yml
@@ -12,9 +12,9 @@
     state: present
     executable: /usr/bin/pip3
 
-- name: set password for test
-  set_fact:
-    test_pw: "myTest!pw"
+- name: Set password for test
+  ansible.builtin.set_fact:
+    test_pw: myTestpwSage
 
 - name: Set locale for test
   ansible.builtin.set_fact: