Merge branch 'devel' into improvements

2025-12-27 07:23:07 +00:00 · 2022-02-02 11:33:38 +00:00 · 2022-02-02 11:33:38 +00:00 · 581bf4657d
commit 581bf4657d
parent 864ab4a969 02a36f7f8d
7 changed files with 11 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -34,7 +34,7 @@ python2_bin: /bin/python2.7
 benchmark: RHEL9-CIS

 # Whether to skip the reboot
-rhel9cis_skip_reboot: true
+skip_reboot: true

 #### Basic external goss audit enablement settings ####
 #### Precise details - per setting can be found at the bottom of this file ####
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -3,8 +3,8 @@

 - name: Check OS version and family
  assert:
-      that: (ansible_os_family == 'RedHat' or ansible_os_family == "Rocky") and ansible_distribution_major_version is version_compare('8', '==')
-      fail_msg: "This role can only be run against RHEL8 family OSs. {{ ansible_distribution }} {{ ansible_distribution_major_version }} is not supported."
+      that: (ansible_distribution != 'CentOS' and ansible_os_family == 'RedHat' or ansible_os_family == "Rocky") and ansible_distribution_major_version is version_compare('8', '==')
+      fail_msg: "This role can only be run against Supported OSs. {{ ansible_distribution }} {{ ansible_distribution_major_version }} is not supported."
      success_msg: "This role is running against a supported OS {{ ansible_distribution }} {{ ansible_distribution_major_version }}"
  when: 
    - os_check
@ -113,6 +113,7 @@
  tags:
  - rule_5.5.2
  - rule_6.2.7
+  - rule_6.2.8
  - rule_6.2.20
  - rhel9cis_section6

--- a/tasks/post.yml
+++ b/tasks/post.yml
@ -69,4 +69,4 @@
 - name: Reboot host
  reboot:
  when:
-  - not rhel9cis_skip_reboot
+  - not skip_reboot
--- a/tasks/section_3/cis_3.4.2.x.yml
+++ b/tasks/section_3/cis_3.4.2.x.yml
@ -17,7 +17,6 @@
 - name: "3.4.2.2 | L1 | PATCH | Ensure iptables is not enabled with firewalld"
  systemd:
      name: iptables
-      enabled: false
      masked: true
  when:
      - rhel9cis_firewall == "firewalld"
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@ -28,7 +28,7 @@
            - item.id != "shutdown"
            - item.id != "sync"
            - item.id != "root"
-            - item.uid < 1000
+            - min_int_uid | int >= item.uid
            - item.shell != "      /bin/false"
            - item.shell != "      /usr/sbin/nologin"
  when:
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@ -207,7 +207,7 @@
  loop_control:
      label: "{{ rhel9cis_passwd_label }}"
  when:
-      - item.uid >= min_int_uid
+      - min_int_uid | int >= item.uid
      - rhel9cis_rule_6_2_8
  tags:
      - skip_ansible_lint  # settings found on 6_2_7
--- a/vars/AlmaLinux.yml
+++ b/vars/AlmaLinux.yml
@ -0,0 +1,4 @@
+---
+# OS Specific Settings
+
+rpm_gpg_key: RPM-GPG-KEY-AlmaLinux