ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

added pragma allowed

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-09-21 15:36:05 +01:00
parent 580ee762ee
commit 11071a66ab
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/main.yml
View file

@ -35,7 +35,7 @@
fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} has no password set - It can break access"
success_msg: "You have a password set for the {{ ansible_env.SUDO_USER }} user"
vars:
sudo_password_rule: rhel9cis_rule_5_3_4
sudo_password_rule: rhel9cis_rule_5_3_4 # pragma: allowlist secret
when:
- rhel9cis_rule_5_3_4
- ansible_env.SUDO_USER is defined
@ -107,7 +107,7 @@
- name: Check rhel9cis_bootloader_password_hash variable has been changed
ansible.builtin.assert:
that: rhel9cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword'
that: rhel9cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword' # pragma: allowlist secret
msg: "This role will not be able to run single user password commands as rhel9cis_bootloader_password_hash variable has not been set correctly"
when:
- rhel9cis_set_boot_pass