From 0d155c418258e09c9256b409b1b7577886c149c1 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Fri, 16 Sep 2022 14:08:16 +0100
Subject: [PATCH] lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_3/cis_3.3.x.yml                | 2 ++
 tasks/section_3/cis_3.4.2.x.yml              | 2 +-
 tasks/section_4/cis_4.2.1.x.yml              | 1 -
 templates/audit/98_auditd_exception.rules.j2 | 2 +-
 templates/etc/modprobe.d/modprobe.conf.j2    | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/tasks/section_3/cis_3.3.x.yml b/tasks/section_3/cis_3.3.x.yml
index 5a1454e..b78593e 100644
--- a/tasks/section_3/cis_3.3.x.yml
+++ b/tasks/section_3/cis_3.3.x.yml
@@ -65,6 +65,7 @@
         set_fact:
             sysctl_update: true
             flush_ipv4_route: true
+
       - name: "3.3.3 | PATCH | Ensure secure ICMP redirects are not accepted"
         debug:
             msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
@@ -140,6 +141,7 @@
         set_fact:
             sysctl_update: true
             flush_ipv4_route: true
+
       - name: "3.3.7 | PATCH | Ensure Reverse Path Filtering is enabled"
         debug:
             msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
diff --git a/tasks/section_3/cis_3.4.2.x.yml b/tasks/section_3/cis_3.4.2.x.yml
index 81fe733..ebb3631 100644
--- a/tasks/section_3/cis_3.4.2.x.yml
+++ b/tasks/section_3/cis_3.4.2.x.yml
@@ -172,7 +172,7 @@
   tags:
       - level1-server
       - level1-workstation
-      - automate
+      - automated
       - patch
       - nftables
       - rule_3.4.2.6
diff --git a/tasks/section_4/cis_4.2.1.x.yml b/tasks/section_4/cis_4.2.1.x.yml
index 99e253a..12afac1 100644
--- a/tasks/section_4/cis_4.2.1.x.yml
+++ b/tasks/section_4/cis_4.2.1.x.yml
@@ -65,7 +65,6 @@
   block:
       - name: "4.2.1.5 | AUDIT | Ensure logging is configured | rsyslog current config message out"
         command: cat /etc/rsyslog.conf
-        become: true
         changed_when: false
         failed_when: false
         check_mode: false
diff --git a/templates/audit/98_auditd_exception.rules.j2 b/templates/audit/98_auditd_exception.rules.j2
index 3dcc355..d8a0b8d 100644
--- a/templates/audit/98_auditd_exception.rules.j2
+++ b/templates/audit/98_auditd_exception.rules.j2
@@ -5,4 +5,4 @@
 {% for user in rhel9cis_auditd_uid_exclude %}
 -a never,user -F uid!={{ user }} -F auid!={{ user }}
 {% endfor %}
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/templates/etc/modprobe.d/modprobe.conf.j2 b/templates/etc/modprobe.d/modprobe.conf.j2
index 081bbae..77b8cd5 100644
--- a/templates/etc/modprobe.d/modprobe.conf.j2
+++ b/templates/etc/modprobe.d/modprobe.conf.j2
@@ -3,4 +3,4 @@
 # https://github.com/ansible-lockdown
 ## This file is managed by Ansible, YOUR CHANGES WILL BE LOST!
 
-install {{ item }} /bin/true
\ No newline at end of file
+install {{ item }} /bin/true