ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Improve logic

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-02-27 13:02:54 +00:00
parent 4d8cc6eb60
commit 1bfde74ad6
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tasks/section_1/cis_1.4.x.yml
View file

@ -57,10 +57,11 @@
- name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Build Options" - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Build Options"
when: item not in discovered_efi_fstab.stdout when: item not in discovered_efi_fstab.stdout
ansible.builtin.set_fact: ansible.builtin.set_fact:
efi_mount_opts_addition: "{{ efi_mount_opts_addition + item + ',' }}" efi_mount_opts_addition: "{{ efi_mount_opts_addition + ',' + item }}"
loop: "{{ efi_mount_options }}" loop: "{{ efi_mount_options }}"
- name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Add mount options" - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Add mount options"
when: efi_mount_opts_addition | length > 0
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/fstab path: /etc/fstab
regexp: (.*/boot/efi\s*\w*\s*){{ discovered_efi_fstab.stdout }}(.*) regexp: (.*/boot/efi\s*\w*\s*){{ discovered_efi_fstab.stdout }}(.*)