QA, lint, standards, var naming, title aming aligned

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/auditd.yml

@@ -3,59 +3,47 @@
 # Since auditd rules are dependent on syscalls and syscall tables are architecture specific,
 # we need to update the auditd rules depending on the architecture of the system.
 # This task passed the syscalls table to the auditd template and updates the auditd rules
-
 - name: "POST | AUDITD | Set supported_syscalls variable"
   ansible.builtin.shell: ausyscall --dump |  awk  '{print $2}'
   changed_when: false
-  check_mode: false
   failed_when: discovered_auditd_syscalls.rc not in [ 0, 1 ]
   register: discovered_auditd_syscalls
 
-- name: POST | AUDITD | Apply auditd template will for section 6.3.3 - only required rules will be added | stat file
-  ansible.builtin.stat:
-    path: /etc/audit/rules.d/99_auditd.rules
-  register: discovered_auditd_rules_file
+- name: "POST | AUDITD | Ensure use of privileged commands is collected"
+  ansible.builtin.shell: |
+    {%- set egrep_exclude = "(asdfmnop|{{ rhel9cis_priv_command_excluded_mounts | join('|') }})" -%}
+    for i in $(df | grep '^/dev' | grep -Ev '{{ egrep_exclude }}' | awk '{ print $NF }'); do
+      find $i -xdev -type f -perm /6000 2>/dev/null;
+    done
+  changed_when: false
+  failed_when: false
+  check_mode: false
+  register: discovered_privileged_commands
 
-- name: POST | Apply auditd template for section 6.3.3.x
+- name: "POST | AUDITD | Apply auditd template for section 6.2.4.x"
   when: update_audit_template
   vars:
     supported_syscalls: "{{ discovered_auditd_syscalls.stdout_lines }}"
   ansible.builtin.template:
-    src: audit/99_auditd.rules.j2
+    src: etc/audit/rules.d/99_auditd.rules.j2
     dest: /etc/audit/rules.d/99_auditd.rules
     owner: root
     group: root
-    mode: 'u-x,g-wx,o-rwx'
-  diff: "{{ discovered_auditd_rules_file.stat.exists }}"  # Only run diff if not a new file
-  register: discovered_auditd_rules_template_updated
+    mode: 'u-x,go-wx'
+  register: discovered_audit_rules_updated
   notify:
-    - Auditd immutable check
-    - Audit immutable fact
+    - Auditd rules reload
     - Restart auditd
 
-- name: POST | AUDITD | Add Warning count for changes to template file | Warn Count  # noqa no-handler
-  when:
-    - discovered_auditd_rules_template_updated.changed
-    - discovered_auditd_rules_file.stat.exists
-  ansible.builtin.import_tasks:
-    file: warning_facts.yml
-  vars:
-    warn_control_id: 'Auditd template updated, validate as expected'
-
-- name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | stat file
-  ansible.builtin.stat:
-    path: /etc/audit/rules.d/98_auditd_exceptions.rules
-  register: discovered_auditd_exception_file
-
-- name: POST | Set up auditd user logging exceptions | setup file
-  when:
-    - rhel9cis_allow_auditd_uid_user_exclusions
-    - rhel9cis_auditd_uid_exclude | length > 0
+- name: POST | AUDITD | Set up auditd user logging exceptions
+  when: rhel9cis_allow_auditd_uid_user_exclusions
   ansible.builtin.template:
-    src: audit/98_auditd_exception.rules.j2
+    src: etc/audit/rules.d/98_auditd_exception.rules.j2
     dest: /etc/audit/rules.d/98_auditd_exceptions.rules
     owner: root
     group: root
-    mode: '0640'
-  diff: "{{ discovered_auditd_exception_file.stat.exists }}"
+    mode: 'u-x,go-rwx'
   notify: Restart auditd
+
+- name: POST | AUDITD | Flush handlers
+  ansible.builtin.meta: flush_handlers