Update cryto policy var to standard

Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>

defaults/main.yml

@@ -586,7 +586,9 @@ rhel9cis_bootloader_password_hash: 'grub.pbkdf2.sha512.changethispassword'  # pr
 # This variable governs whether a bootloader password should be set in '/boot/grub2/user.cfg' file.
 rhel9cis_set_boot_pass: true
 
-## Controls 1.6.x
+## Controls 1.6.x and Controls 5.1.x
+# This variable governs if current Ansible role should manage system-wide crypto policy.
+rhel9cis_crypto_policy_ansiblemanaged: true
 # This variable contains the value to be set as the system-wide crypto policy. Current rule enforces NOT USING
 # 'LEGACY' value(as it is less secure, it just ensures compatibility with legacy systems), therefore
 # possible values for this variable are, as explained by RedHat docs:
@@ -594,8 +596,6 @@ rhel9cis_set_boot_pass: true
 #  -'FUTURE': conservative security level that is believed to withstand any near-term future attacks
 #  -'FIPS': A level that conforms to the FIPS140-2 requirements
 rhel9cis_crypto_policy: 'DEFAULT'
-## Controls 1.6.x and Controls 5.1.x
-rhel9cis_crypto_policy_ansible_managed: true
 # This variable contains the value of the crypto policy module(combinations of policies and
 # sub-policies) to be allowed as default setting. Allowed options are defined in 'vars/main.yml' file,
 # using 'rhel9cis_allowed_crypto_policies_modules' variable, which currently are:

tasks/prelim.yml

@@ -136,7 +136,7 @@
   register: prelim_systemd_coredump
 
 - name: "PRELIM | PATCH | Setup crypto-policy"
-  when: rhel9cis_crypto_policy_ansible_managed
+  when: rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation

tasks/section_1/cis_1.6.x.yml

@@ -3,7 +3,7 @@
 - name: "1.6.1 | AUDIT | Ensure system-wide crypto policy is not legacy"
   when:
     - rhel9cis_rule_1_6_1
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -41,7 +41,7 @@
   when:
     - rhel9cis_rule_1_6_3
     - "'NO-SHA1' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -72,7 +72,7 @@
   when:
     - rhel9cis_rule_1_6_4
     - "'NO-WEAKMAC' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -103,7 +103,7 @@
   when:
     - rhel9cis_rule_1_6_5
     - "'NO-SSHCBC' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -134,7 +134,7 @@
   when:
     - rhel9cis_rule_1_6_6
     - "'NO-SSHWEAKCIPHERS' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -165,7 +165,7 @@
   when:
     - rhel9cis_rule_1_6_7
     - "'NO-SSHETM' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation

tasks/section_5/cis_5.1.x.yml

@@ -80,7 +80,7 @@
   when:
     - rhel9cis_rule_5_1_4
     - "'NO-SSHWEAKCIPHERS' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -109,7 +109,7 @@
   when:
     - rhel9cis_rule_5_1_5
     - "'NO-SHA1' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -138,7 +138,7 @@
   when:
     - rhel9cis_rule_5_1_6
     - "'NO-SSHWEAKMACS' not in rhel9cis_crypto_policy_module"
-    - rhel9cis_crypto_policy_ansible_managed
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation