ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed issues with 4.1.1.2 and 4.1.1.3

Browse source 
Now handle multiple kernels and are idempotent

Removed debug messages

Signed-off-by: John Foster <robopickle@proton.me>
This commit is contained in:
John Foster 2024-03-08 08:44:04 +00:00
parent 2db001e7cb
commit 28ca5d18b3
No known key found for this signature in database
GPG key ID: F907E4A9B3537F1B
1 changed files with 0 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_4/cis_4.1.1.x.yml
View file

@ -31,10 +31,6 @@
check_mode: false
register: rhel9cis_4_1_1_2_grubby_curr_value_audit_linux
- name: Show list
ansible.builtin.debug:
msg: "var: \n{{ rhel9cis_4_1_1_2_grubby_curr_value_audit_linux }}"
- name: "4.1.1.2 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Grubby update, if needed"
ansible.builtin.shell: grubby --update-kernel=ALL --args="audit=1"
when:
@ -75,10 +71,6 @@
- (item | int < rhel9cis_audit_back_log_limit)
loop: "{{ rhel9cis_4_1_1_3_grubby_curr_value_backlog_linux.stdout_lines }}"
- name: Show list
ansible.builtin.debug:
msg: "var: \n{{ rhel9cis_4_1_1_3_grubby_curr_value_backlog_linux }}\ntrigger reset: {{ rhel9cis_4_1_1_3_reset_backlog_limits | default(false)}}"
- name: "4.1.1.3 | AUDIT | Ensure audit_backlog_limit is sufficient | Grubby update applied"
ansible.builtin.shell:
cmd: 'grubby --update-kernel=ALL --args="audit_backlog_limit={{ rhel9cis_audit_back_log_limit }}"'