ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Updated post steps inline with pre steps for file permissions

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-08-04 09:56:30 +01:00
parent 876e261d1f
commit 4b62f0fc35
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 1 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tasks/post_remediation_audit.yml
View file

@ -1,22 +1,13 @@
--- ---
- name: Post Audit | Run post_remediation {{ benchmark }} audit # noqa name[template] - name: Post Audit | Run post_remediation {{ benchmark }} audit # noqa name[template]
ansible.builtin.command: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\"" ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length]
changed_when: true changed_when: true
environment: environment:
AUDIT_BIN: "{{ audit_bin }}" AUDIT_BIN: "{{ audit_bin }}"
AUDIT_CONTENT_LOCATION: "{{ audit_conf_dest | default('/opt') }}" AUDIT_CONTENT_LOCATION: "{{ audit_conf_dest | default('/opt') }}"
AUDIT_FILE: goss.yml AUDIT_FILE: goss.yml
- name: Post Audit | ensure audit files readable by users
ansible.builtin.file:
path: "{{ item }}"
mode: '0644'
state: file
loop:
- "{{ post_audit_outfile }}"
- "{{ pre_audit_outfile }}"
- name: Post Audit | Capture audit data if json format - name: Post Audit | Capture audit data if json format
when: audit_format == "json" when: audit_format == "json"
block: block: