ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

boolean variable true/false

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-01-13 16:51:17 +00:00
parent 727095ca35
commit 54f4e0b4b8
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
26 changed files with 92 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tasks/section_4/cis_4.1.1.x.yml
View file

@ -25,7 +25,7 @@
service:
name: auditd
state: started
enabled: yes
enabled: true
when:
- not rhel9cis_skip_for_travis
- rhel9cis_rule_4_1_1_2
@ -45,7 +45,7 @@
warn: false
changed_when: false
failed_when: false
check_mode: no
check_mode: false
register: rhel9cis_4_1_1_3_grub_cmdline_linux
- name: "4.1.1.3 | L2 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Replace existing setting"
@ -80,7 +80,7 @@
warn: false
changed_when: false
failed_when: false
check_mode: no
check_mode: false
register: rhel9cis_4_1_1_4_grub_cmdline_linux
- name: "4.1.1.4 | L2 | PATCH | Ensure audit_backlog_limit is sufficient | Replace existing setting"

2
tasks/section_4/cis_4.1.x.yml
View file

@ -125,7 +125,7 @@
warn: false
changed_when: false
failed_when: false
check_mode: no
check_mode: false
register: priv_procs
- name: "4.1.12 | L2 | PATCH | Ensure successful file system mounts are collected"

2
tasks/section_4/cis_4.2.1.x.yml
View file

@ -157,7 +157,7 @@
with_items:
- '^(\$ModLoad imtcp)'
- '^(\$InputTCPServerRun)'
when: falset rhel9cis_system_is_log_server
when: not rhel9cis_system_is_log_server
- name: "4.2.1.6 | L1 | PATCH | Ensure remote rsyslog messages are only accepted on designated log hosts. | When log host"
replace: