Fix in logic for Alma (#4)

* container standards Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic on handlers Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * initial container ignore Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tags and containder discovery Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic on auditd task Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tags and crypto logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * distro update for rocky Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * system_is_container updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * ssh pkg check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logrotate pkg check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic in container check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * add pkg fact and audit conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up crypto step Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added missing tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * container vars file now a variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added uid discovery and usage Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Updated OS checks and conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed empty become Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * change audit to include task Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added OS_specific vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated import/include Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * OS Specific vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated changed_when Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed UID logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * changed reboot var Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * changed skip_reboot var name Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * masked only Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * remove debug update logic 6.2.8 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed CentOS Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2022-02-02 11:25:03 +00:00 · 2022-02-02 11:25:03 +00:00 · 02a36f7f8d
commit 02a36f7f8d
parent 876ac290d5
27 changed files with 392 additions and 113 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,11 +2,15 @@
 # defaults file for rhel9-cis

 rhel9cis_skip_for_travis: false
-rhel9cis_system_is_container: false
+system_is_container: false
+container_vars_file: is_container.yml
 # rhel9cis is left off the front of this var for consistency in testing pipeline
 # system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
 system_is_ec2: false

+# Run the OS validation check
+os_check: true
+
 rhel9cis_notauto: false
 rhel9cis_section1: true
 rhel9cis_section2: true
@ -30,7 +34,7 @@ python2_bin: /bin/python2.7
 benchmark: RHEL9-CIS

 # Whether to skip the reboot
-rhel9cis_skip_reboot: true
+skip_reboot: true

 #### Basic external goss audit enablement settings ####
 #### Precise details - per setting can be found at the bottom of this file ####
@ -545,8 +549,12 @@ rhel9cis_pam_password:
    minlen: "14"
    minclass: "4"

-# Starting GID for interactive users
-rhel9cis_int_gid: 1000
+# UID settings for interactive users
+# These are discovered via logins.def is set true
+discover_int_uid: false
+min_int_uid: 1000
+max_int_uid: 65533
+

 # RHEL-09-5.4.5
 # Session timeout setting file (TMOUT setting can be set in multiple files)