From 08e48fbe8376c5d1269459f9837d6ab3d330e9c0 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 11 Apr 2022 17:38:01 +0100
Subject: [PATCH] updated grub controls

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 handlers/main.yml             |  2 +-
 tasks/prelim.yml              | 34 ----------------------------------
 tasks/section_1/cis_1.4.x.yml |  4 +---
 3 files changed, 2 insertions(+), 38 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index b0f3e7d..08c8026 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -115,7 +115,7 @@
       - skip_ansible_lint
 
 - name: grub2cfg
-  shell: "grub2-mkconfig -o {{ grub_cfg.stat.lnk_source }}"
+  shell: "grub2-mkconfig -o /boot/grub2/grub.cfg"
   args:
       warn: false
   ignore_errors: True
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index eb02040..eb17d00 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -156,40 +156,6 @@
       - rule_5.3.4
       - rule_5.3.5
 
-- name: "PRELIM | Set facts based on boot type"
-  block:
-      - name: "PRELIM | Check whether machine is UEFI-based"
-        stat:
-            path: /sys/firmware/efi
-        register: rhel_09_efi_boot
-
-      - name: "PRELIM | AUDIT | set legacy boot and grub path | Bios"
-        set_fact:
-            rhel9cis_legacy_boot: true
-            grub2_path: /etc/grub2.cfg
-        when: not rhel_09_efi_boot.stat.exists
-
-      - name: "PRELIM | set grub fact | UEFI"
-        set_fact:
-            grub2_path: /etc/grub2-efi.cfg
-        when: rhel_09_efi_boot.stat.exists
-  when:
-      - not system_is_container
-  tags:
-      - bootloader
-      - grub
-
-- name: "PRELIM | AUDIT | Ensure permissions on bootloader config are configured | Get grub config file stats"
-  stat:
-      path: "{{ grub2_path }}"
-  changed_when: false
-  register: grub_cfg
-  when:
-      - not system_is_container
-  tags:
-      - bootloader
-      - grub
-
 - name: "PRELIM | Check for rhnsd service"
   shell: "systemctl show rhnsd | grep LoadState | cut -d = -f 2"
   changed_when: false
diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index 9eac4eb..45414cd 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -25,7 +25,7 @@
   block:
       - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured"
         file:
-            path: "{{ grub_cfg.stat.lnk_source }}"
+            path: /boot/grub2/grub.cfg
             owner: root
             group: root
             mode: 0600
@@ -47,8 +47,6 @@
             - item.mount == "/boot/efi"
   when:
       - rhel9cis_rule_1_4_2
-      - grub_cfg.stat.exists
-      - grub_cfg.stat.islnk
   tags:
       - level1-server
       - level1-workstation