ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated yamllint, company naming, linting and spacing

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-04 11:45:13 +00:00
parent 1b694832bb
commit 2de8a39cdc
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
66 changed files with 461 additions and 675 deletions
Download patch file Download diff file Expand all files Collapse all files

16
tasks/section_1/cis_1.2.1.x.yml
View file

@ -14,18 +14,18 @@
- rule_1.2.1.1
- NIST800-53R5_SI-2
block:
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | list installed pubkey keys"
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | list installed pubkey keys" # noqa command-instead-of-module
ansible.builtin.shell: "rpm -qa | grep {{ os_gpg_key_pubkey_name }}"
changed_when: false
failed_when: false
register: discovered_os_installed_pub_keys
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Query found keys"
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Query found keys" # noqa command-instead-of-module
when: discovered_os_installed_pub_keys.rc == 0
ansible.builtin.shell: 'rpm -q --queryformat "%{PACKAGER} %{VERSION}\\n" {{ os_gpg_key_pubkey_name }} | grep "{{ os_gpg_key_pubkey_content }}"'
changed_when: false
failed_when: false
register: discovered_os_gpg_key_check
when: discovered_os_installed_pub_keys.rc == 0
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | expected keys fail"
when:
@ -35,8 +35,7 @@
msg: Installed GPG Keys do not meet expected values or expected keys are not installed
- name: "1.2.1.2 | PATCH | Ensure gpgcheck is globally activated"
when:
- rhel9cis_rule_1_2_1_2
when: rhel9cis_rule_1_2_1_2
tags:
- level1-server
- level1-workstation
@ -94,8 +93,7 @@
label: "{{ item.path }}"
- name: "1.2.1.4 | AUDIT | Ensure package manager repositories are configured"
when:
- rhel9cis_rule_1_2_1_4
when: rhel9cis_rule_1_2_1_4
tags:
- level1-server
- level1-workstation
@ -107,11 +105,11 @@
warn_control_id: '1.2.1.4'
block:
- name: "1.2.1.4 | AUDIT | Ensure package manager repositories are configured | Get repo list"
ansible.builtin.shell: dnf repolist
ansible.builtin.command: dnf repolist
changed_when: false
failed_when: false
register: discovered_dnf_configured
check_mode: false
register: discovered_dnf_configured
- name: "1.2.1.4 | AUDIT | Ensure package manager repositories are configured | Display repo list"
ansible.builtin.debug: