ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 14:27:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

max concurrent options and default added

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-09-30 14:20:10 +01:00
parent 9a113ea4a8
commit 5dd64ebdb8
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
4 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -75,6 +75,8 @@ setup_audit: false
run_audit: false run_audit: false
# Run heavy tests - some tests can have more impact on a system enabling these can have greater impact on a system # Run heavy tests - some tests can have more impact on a system enabling these can have greater impact on a system
audit_run_heavy_tests: true audit_run_heavy_tests: true
# Ability to limit the number of concurrent processes used by goss (default 50)
audit_max_concurrent: 50
## Only run Audit do not remediate ## Only run Audit do not remediate
audit_only: false audit_only: false

1
tasks/LE_audit_setup.yml
View file

@ -1,5 +1,4 @@
--- ---
- name: Pre Audit Setup | Set audit package name - name: Pre Audit Setup | Set audit package name
block: block:
- name: Pre Audit Setup | Set audit package name | 64bit - name: Pre Audit Setup | Set audit package name | 64bit

2
tasks/post_remediation_audit.yml
View file

@ -1,7 +1,7 @@
--- ---
- name: Post Audit | Run post_remediation {{ benchmark }} audit # noqa name[template] - name: Post Audit | Run post_remediation {{ benchmark }} audit # noqa name[template]
ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length] ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -m {{ audit_max_concurrent }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length]
changed_when: true changed_when: true
environment: environment:
AUDIT_BIN: "{{ audit_bin }}" AUDIT_BIN: "{{ audit_bin }}"

3
tasks/pre_remediation_audit.yml
View file

@ -58,6 +58,7 @@
- name: Pre Audit Setup | If audit ensure goss is available - name: Pre Audit Setup | If audit ensure goss is available
when: not prelim_goss_available.stat.exists when: not prelim_goss_available.stat.exists
ansible.builtin.assert: ansible.builtin.assert:
that: prelim_goss_available['stat']['exists'] == true
msg: "Audit has been selected: unable to find goss binary at {{ audit_bin }}" msg: "Audit has been selected: unable to find goss binary at {{ audit_bin }}"
- name: Pre Audit Setup | Copy ansible default vars values to test audit - name: Pre Audit Setup | Copy ansible default vars values to test audit
@ -71,7 +72,7 @@
mode: 'go-rwx' mode: 'go-rwx'
- name: Pre Audit | Run pre_remediation audit {{ benchmark }} # noqa name[template] - name: Pre Audit | Run pre_remediation audit {{ benchmark }} # noqa name[template]
ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ pre_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length] ansible.builtin.shell: "umask 0022 && {{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -m {{ audit_max_concurrent }} -o {{ pre_audit_outfile }} -g \"{{ group_names }}\"" # noqa yaml[line-length]
changed_when: true changed_when: true
environment: environment:
AUDIT_BIN: "{{ audit_bin }}" AUDIT_BIN: "{{ audit_bin }}"