ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

added args warn for shell

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-01-13 11:46:13 +00:00
parent e9a390c693
commit 66814a6f01
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
4 changed files with 16 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/main.yml
View file

@ -37,6 +37,8 @@
block: block:
- name: "Check su group exists if defined" - name: "Check su group exists if defined"
shell: grep -w "{{ rhel9cis_sugroup }}" /etc/group shell: grep -w "{{ rhel9cis_sugroup }}" /etc/group
args:
warn: false
register: sugroup_exists register: sugroup_exists
changed_when: false changed_when: false
failed_when: sugroup_exists.rc >= 2 failed_when: sugroup_exists.rc >= 2

4
tasks/post.yml
View file

@ -8,6 +8,8 @@
- name: trigger update sysctl - name: trigger update sysctl
shell: /bin/true shell: /bin/true
args:
warn: false
changed_when: false changed_when: false
check_mode: false check_mode: false
notify: update sysctl notify: update sysctl
@ -30,6 +32,8 @@
- name: trigger update auditd - name: trigger update auditd
shell: /bin/true shell: /bin/true
args:
warn: false
notify: update auditd notify: update auditd
changed_when: false changed_when: false
check_mode: false check_mode: false

6
tasks/post_remediation_audit.yml
View file

@ -2,7 +2,7 @@
- name: "Post Audit | Run post_remediation {{ benchmark }} audit" - name: "Post Audit | Run post_remediation {{ benchmark }} audit"
shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ post_audit_outfile }} -g {{ group_names }}" shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ post_audit_outfile }} -g {{ group_names }}"
vars: args:
warn: false warn: false
- name: Post Audit | ensure audit files readable by users - name: Post Audit | ensure audit files readable by users
@ -18,6 +18,8 @@
block: block:
- name: "capture data {{ post_audit_outfile }}" - name: "capture data {{ post_audit_outfile }}"
shell: "cat {{ post_audit_outfile }}" shell: "cat {{ post_audit_outfile }}"
args:
warn: false
register: post_audit register: post_audit
changed_when: false changed_when: false
@ -33,6 +35,8 @@
block: block:
- name: "Post Audit | capture data {{ post_audit_outfile }}" - name: "Post Audit | capture data {{ post_audit_outfile }}"
shell: "tail -2 {{ post_audit_outfile }}" shell: "tail -2 {{ post_audit_outfile }}"
args:
warn: false
register: post_audit register: post_audit
changed_when: false changed_when: false

6
tasks/pre_remediation_audit.yml
View file

@ -86,13 +86,15 @@
- name: "Pre Audit | Run pre_remediation {{ benchmark }} audit" - name: "Pre Audit | Run pre_remediation {{ benchmark }} audit"
shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ pre_audit_outfile }} -g {{ group_names }}" shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ pre_audit_outfile }} -g {{ group_names }}"
vars: args:
warn: false warn: false
- name: Pre Audit | Capture audit data if json format - name: Pre Audit | Capture audit data if json format
block: block:
- name: "Pre Audit | capture data {{ pre_audit_outfile }}" - name: "Pre Audit | capture data {{ pre_audit_outfile }}"
shell: "cat {{ pre_audit_outfile }}" shell: "cat {{ pre_audit_outfile }}"
args:
warn: false
register: pre_audit register: pre_audit
changed_when: false changed_when: false
@ -108,6 +110,8 @@
block: block:
- name: "Pre Audit | capture data {{ pre_audit_outfile }}" - name: "Pre Audit | capture data {{ pre_audit_outfile }}"
shell: "tail -2 {{ pre_audit_outfile }}" shell: "tail -2 {{ pre_audit_outfile }}"
args:
warn: false
register: pre_audit register: pre_audit
changed_when: false changed_when: false