lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2022-09-16 11:10:31 +01:00 · 2022-09-16 11:10:31 +01:00 · 33340c7487
commit 33340c7487
parent 1e22c13794
13 changed files with 27 additions and 24 deletions
--- a/tasks/section_1/cis_1.1.1.x.yml
+++ b/tasks/section_1/cis_1.1.1.x.yml
@ -7,7 +7,7 @@
            path: /etc/modprobe.d/CIS.conf
            regexp: "^(#)?install cramfs(\\s|$)"
            line: "install cramfs /bin/true"
-            create: yes
+            create: true
            mode: 0600

      - name: "1.1.1.1 | PATCH | Ensure mounting of cramfs filesystems is disabled | Disable cramfs"
@ -32,7 +32,7 @@
            path: /etc/modprobe.d/CIS.conf
            regexp: "^(#)?install squashfs(\\s|$)"
            line: "install squashfs /bin/true"
-            create: yes
+            create: true
            mode: 0600

      - name: "1.1.1.2 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs"
@ -57,7 +57,7 @@
            path: /etc/modprobe.d/CIS.conf
            regexp: "^(#)?install udf(\\s|$)"
            line: "install udf /bin/true"
-            create: yes
+            create: true
            mode: 0600

      - name: "1.1.1.3 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf"
--- a/tasks/section_1/cis_1.1.2.x.yml
+++ b/tasks/section_1/cis_1.1.2.x.yml
@ -11,7 +11,7 @@
      - name: "1.1.2.1 | PATCH | Ensure /tmp is a separate partition | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.1.2.1' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when:
            - required_mount not in mount_names

--- a/tasks/section_1/cis_1.1.3.x.yml
+++ b/tasks/section_1/cis_1.1.3.x.yml
@ -13,7 +13,7 @@
      - name: "1.1.3.1 | AUDIT | Ensure separate partition exists for /var | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.1.3.1' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when:
            - required_mount not in mount_names

--- a/tasks/section_1/cis_1.1.4.x.yml
+++ b/tasks/section_1/cis_1.1.4.x.yml
@ -14,7 +14,7 @@
      - name: "1.1.4.1 | AUDIT | Ensure separate partition exists for /var/tmp | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.1.4.1' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when:
            - required_mount not in mount_names

@ -68,4 +68,4 @@
      - skip_ansible_lint
      - rule_1.1.4.2
      - rule_1.1.4.3
-      - rule_1.1.4.4
+      - rule_1.1.4.4
--- a/tasks/section_1/cis_1.1.5.x.yml
+++ b/tasks/section_1/cis_1.1.5.x.yml
@ -13,7 +13,7 @@
      - name: "1.1.5.1 | AUDIT | Ensure separate partition exists for /var/log | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.1.5.1' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when:
            - required_mount not in mount_names

--- a/tasks/section_1/cis_1.1.6.x.yml
+++ b/tasks/section_1/cis_1.1.6.x.yml
@ -13,7 +13,7 @@
      - name: "1.1.6.1 | AUDIT | Ensure separate partition exists for /var/log/audit | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.1.6.1' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when:
            - required_mount not in mount_names

@ -66,4 +66,4 @@
      - skip_ansible_lint
      - rule_1.1.6.2
      - rule_1.1.6.3
-      - rule_1.1.6.4
+      - rule_1.1.6.4
--- a/tasks/section_1/cis_1.1.7.x.yml
+++ b/tasks/section_1/cis_1.1.7.x.yml
@ -13,7 +13,7 @@
      - name: "1.1.7.1 | AUDIT | Ensure separate partition exists for /home | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.1.7.1' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when:
            - required_mount not in mount_names

--- a/tasks/section_1/cis_1.1.8.x.yml
+++ b/tasks/section_1/cis_1.1.8.x.yml
@ -13,7 +13,7 @@
        shell: mount -l | grep -E '\s/dev/shm\s'
        changed_when: false
        failed_when: false
-        check_mode: no
+        check_mode: false
        register: rhel9cis_1_1_8_x_dev_shm_status

      - name: |
--- a/tasks/section_1/cis_1.1.x.yml
+++ b/tasks/section_1/cis_1.1.x.yml
@ -3,7 +3,7 @@
 - name: "1.1.9 | PATCH | Disable Automounting"
  service:
      name: autofs
-      enabled: no
+      enabled: false
  when:
      - not rhel9cis_allow_autofs
      - "'autofs' in ansible_facts.packages"
@ -24,7 +24,7 @@
            path: /etc/modprobe.d/CIS.conf
            regexp: "^(#)?install usb-storage(\\s|$)"
            line: "install usb-storage /bin/true"
-            create: yes
+            create: true
            owner: root
            group: root
            mode: 0600
--- a/tasks/section_1/cis_1.2.x.yml
+++ b/tasks/section_1/cis_1.2.x.yml
@ -27,7 +27,7 @@
        failed_when: false
        register: os_installed_pub_keys

-      #- debug:
+      # - debug:
      #    msg: "{{ os_installed_pub_keys }}"

      - name: "1.2.2 | AUDIT | Ensure GPG keys are configured | Query found keys"
@ -40,7 +40,7 @@
      - name: "1.2.2 | AUDIT | Ensure GPG keys are configured | expected keys pass"
        debug:
            msg: "Congratulations !! - The installed gpg keys match expected values"
-        when: 
+        when:
            - os_installed_pub_keys.rc == 0
            - os_gpg_key_check.rc == 0

@ -96,7 +96,7 @@
        changed_when: false
        failed_when: false
        register: dnf_configured
-        check_mode: no
+        check_mode: false
        args:
            warn: false

@ -109,7 +109,7 @@
      - name: "1.2.4 | AUDIT | Ensure package manager repositories are configured | Warn Count"
        set_fact:
            control_number: "{{ control_number }} + ['rule_1.2.4']"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
  when:
      - rhel9cis_rule_1_2_4
  tags:
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@ -58,7 +58,7 @@
      path: /etc/systemd/system/rescue.service.d/00-require-auth.conf
      regexp: '^ExecStart='
      line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue"
-      create: yes
+      create: true
      owner: root
      group: root
      mode: 0644
--- a/tasks/section_1/cis_1.6.1.x.yml
+++ b/tasks/section_1/cis_1.6.1.x.yml
@ -84,7 +84,7 @@
      - name: "1.6.1.5 | AUDIT | Ensure no unconfined services exist | warning count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_1.6.1.5' ]"
-            warn_count: "{{ warn_count|int + 1 }}"
+            warn_count: "{{ warn_count | int + 1 }}"
        when: rhelcis_1_6_1_5_unconf_services.stdout | length > 0
  when:
      - rhel9cis_rule_1_6_1_5
@ -121,4 +121,4 @@
      - level1-workstation
      - automated
      - patch
-      - rule_1.6.1.7
+      - rule_1.6.1.7
--- a/tasks/section_1/cis_1.8.x.yml
+++ b/tasks/section_1/cis_1.8.x.yml
@ -21,7 +21,7 @@
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
      state: present
-      create: yes
+      create: true
      owner: root
      group: root
      mode: 0644
@ -50,7 +50,7 @@
      path: "{{ item.file }}"
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
-      create: yes
+      create: true
      owner: root
      group: root
      mode: 0644
@ -93,7 +93,10 @@
      path: /etc/dconf/db/local.d/00-media-automount
      regexp: "{{ item.regex }}"
      line: "{{ item.line }}"
-      create: yes
+      create: true
+      owner: root
+      group: root
+      mode: 0644
  notify: reload dconf
  with_items:
      - { regex: '\[org\/gnome\/desktop\/media-handling\]', line: '[org/gnome/desktop/media-handling]' }