mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 22:23:06 +00:00
boolean variable true/false
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
727095ca35
commit
54f4e0b4b8
26 changed files with 92 additions and 90 deletions
|
|
@ -37,7 +37,7 @@
|
|||
shell: 'echo $PATH | grep ::'
|
||||
args:
|
||||
warn: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: path_colon
|
||||
changed_when: False
|
||||
failed_when: path_colon.rc == 0
|
||||
|
|
@ -46,7 +46,7 @@
|
|||
shell: 'echo $PATH | grep :$'
|
||||
args:
|
||||
warn: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: path_colon_end
|
||||
changed_when: False
|
||||
failed_when: path_colon_end.rc == 0
|
||||
|
|
@ -55,7 +55,7 @@
|
|||
shell: "/bin/bash --login -c 'env | grep ^PATH=' | sed -e 's/PATH=//' -e 's/::/:/' -e 's/:$//' -e 's/:/\\n/g'"
|
||||
args:
|
||||
warn: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: dot_in_path
|
||||
changed_when: False
|
||||
failed_when: '"." in dot_in_path.stdout_lines'
|
||||
|
|
@ -156,7 +156,7 @@
|
|||
- name: "6.2.7 | L1 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
|
||||
file:
|
||||
path: "{{ item.0 }}"
|
||||
recurse: yes
|
||||
recurse: true
|
||||
mode: a-st,g-w,o-rwx
|
||||
register: rhel_09_6_2_7_patch
|
||||
when:
|
||||
|
|
@ -172,9 +172,9 @@
|
|||
- name: "6.2.7 | L1 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
|
||||
acl:
|
||||
path: "{{ item.0 }}"
|
||||
default: yes
|
||||
default: true
|
||||
state: present
|
||||
recursive: yes
|
||||
recursive: true
|
||||
etype: "{{ item.1.etype }}"
|
||||
permissions: "{{ item.1.mode }}"
|
||||
when: not rhel9cis_system_is_container
|
||||
|
|
@ -414,7 +414,7 @@
|
|||
warn: false
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: group_group_check
|
||||
|
||||
- name: "6.2.18 | L1 | AUDIT | Ensure no duplicate group names exist | Print message that no duplicate groups exist"
|
||||
|
|
@ -442,7 +442,7 @@
|
|||
warn: false
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: rhel9cis_shadow_gid
|
||||
|
||||
- name: "6.2.19 | L1 | AUDIT | Ensure shadow group is empty | Check /etc/group for empty shadow group"
|
||||
|
|
@ -451,7 +451,7 @@
|
|||
warn: false
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: rhel9cis_empty_shadow
|
||||
|
||||
- name: "6.2.19 | L1 | AUDIT | Ensure shadow group is empty | Check for users assigned to shadow"
|
||||
|
|
@ -460,7 +460,7 @@
|
|||
warn: false
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: no
|
||||
check_mode: false
|
||||
register: rhel9cis_shadow_passwd
|
||||
|
||||
- name: "6.2.19 | L1 | AUDIT | Ensure shadow group is empty | Alert shadow group is empty and no users assigned"
|
||||
|
|
@ -520,7 +520,7 @@
|
|||
- name: "6.2.20 | L1 | PATCH | Ensure all users' home directories exist"
|
||||
file:
|
||||
path: "{{ item.0 }}"
|
||||
recurse: yes
|
||||
recurse: true
|
||||
mode: a-st,g-w,o-rwx
|
||||
register: rhel_09_6_2_20_patch
|
||||
when:
|
||||
|
|
@ -536,9 +536,9 @@
|
|||
- name: "6.2.20 | L1 | PATCH | Ensure all users' home directories exist"
|
||||
acl:
|
||||
path: "{{ item.0 }}"
|
||||
default: yes
|
||||
default: true
|
||||
state: present
|
||||
recursive: yes
|
||||
recursive: true
|
||||
etype: "{{ item.1.etype }}"
|
||||
permissions: "{{ item.1.mode }}"
|
||||
when: not rhel9cis_system_is_container
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue