ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Feb24 updates (#179)

Browse source 
* change logic thanks to @rjacobs1990 see #175

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* thanks to @ipruteani-sie #134

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Thanks to @stwongst #125

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* thanks to @sgomez86 #146

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Added updates from #115

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* removed rp_filter in post added in error

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated yamllint precommit

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated fqcn fo json_query

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fix typo for virt type query

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

---------

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
uk-bolly 2024-02-20 15:43:43 +00:00 committed by GitHub
parent 06ec3de5c4
commit 40bc7aa082
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 21 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tasks/section_4/cis_4.1.4.x.yml
View file

@ -64,12 +64,11 @@
- name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive"
ansible.builtin.file:
path: "{{ item.path }}"
mode: '0640'
loop: "{{ auditd_conf_files.files }}"
mode: "{{ '0600' if item.mode == '0600' else '0640' }}"
loop: "{{ auditd_conf_files.files | default([]) }}"
loop_control:
label: "{{ item.path }}"
when:
- item.mode != '06(0|4)0'
- rhel9cis_rule_4_1_4_5
tags:
- level2-server
@ -82,7 +81,7 @@
ansible.builtin.file:
path: "{{ item.path }}"
owner: root
loop: "{{ auditd_conf_files.files }}"
loop: "{{ auditd_conf_files.files | default([]) }}"
loop_control:
label: "{{ item.path }}"
when:
@ -98,7 +97,7 @@
ansible.builtin.file:
path: "{{ item.path }}"
group: root
loop: "{{ auditd_conf_files.files }}"
loop: "{{ auditd_conf_files.files | default([]) }}"
loop_control:
label: "{{ item.path }}"
when: