ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

added check_mode logic

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-05-23 14:30:17 +01:00
parent 8d5a32bc39
commit 2b37d0d732
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tasks/section_6/cis_6.1.x.yml
View file

@ -58,6 +58,10 @@
dest: /var/lib/aide/aide.db.gz
remote_src: true
mode: 'ug-wx,o-rwx'
register: aide_db_cp
failed_when:
- not ansible_check_mode
- aide_db_cp.failed
- name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked"
when:
@ -119,4 +123,7 @@
/usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
validate: aide -D --config %s
register: aide_file_integrity_check
failed_when:
- not ansible_check_mode
- aide_file_integrity_check.failed