fix logic in warning

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 14:23:05 +00:00 · 2022-07-25 14:52:26 +01:00 · 2022-07-25 14:52:26 +01:00 · 6777a88719
commit 6777a88719
parent e6191de7ed
1 changed files with 12 additions and 12 deletions
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@ -29,18 +29,18 @@
      - name: "6.2.2 | AUDIT | Ensure all groups in /etc/passwd exist in /etc/group | Print message that all groups match between passwd and group files"
        debug:
            msg: "Good News! There are no users that have non-existent GUIDs (Groups)"
-        when: rhel9cis_6_2_2_passwd_gid_check.stdout is not defined
+        when: rhel9cis_6_2_2_passwd_gid_check.stdout | length == 0

      - name: "6.2.2 | AUDIT | Ensure all groups in /etc/passwd exist in /etc/group | Print warning about users with invalid GIDs missing GID entries in /etc/group"
        debug:
            msg: "Warning!! The following users have non-existent GIDs (Groups): {{ rhel9cis_6_2_2_passwd_gid_check.stdout_lines | join (', ') }}"
-        when: rhel9cis_6_2_2_passwd_gid_check.stdout is defined
+        when: rhel9cis_6_2_2_passwd_gid_check.stdout | length >= 1

      - name: "6.2.2 | AUDIT | Ensure all groups in /etc/passwd exist in /etc/group | warning count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_6.2.2' ]"
            warn_count: "{{ warn_count|int + 1 }}"
-        when: rhel9cis_6_2_2_passwd_gid_check.stdout is defined
+        when: rhel9cis_6_2_2_passwd_gid_check.stdout | length >= 1
  when:
      - rhel9cis_rule_6_2_2
  tags:
@ -63,18 +63,18 @@
      - name: "6.2.3 | AUDIT | Ensure no duplicate UIDs exist | Print message that no duplicate UIDs exist"
        debug:
            msg: "Good News! There are no duplicate UID's in the system"
-        when: rhel9cis_6_2_3_user_uid_check.stdout is not defined
+        when: rhel9cis_6_2_3_user_uid_check.stdout | length == 0

      - name: "6.2.3 | AUDIT| Ensure no duplicate UIDs exist | Print warning about users with duplicate UIDs"
        debug:
            msg: "Warning!! The following users have UIDs that are duplicates: {{ rhel9cis_6_2_3_user_uid_check.stdout_lines }}"
-        when: rhel9cis_6_2_3_user_uid_check.stdout is defined
+        when: rhel9cis_6_2_3_user_uid_check.stdout | length >= 1

      - name: "6.2.3 | AUDIT| Ensure no duplicate UIDs exist | warning count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_6.2.3' ]"
            warn_count: "{{ warn_count|int + 1 }}"
-        when: rhel9cis_6_2_3_user_uid_check.stdout is defined
+        when: rhel9cis_6_2_3_user_uid_check.stdout | length >= 1
  when:
      - rhel9cis_rule_6_2_3
  tags:
@ -97,18 +97,18 @@
      - name: "6.2.4 | AUDIT | Ensure no duplicate GIDs exist | Print message that no duplicate GID's exist"
        debug:
            msg: "Good News! There are no duplicate GIDs in the system"
-        when: rhel9cis_6_2_4_user_user_check.stdout is not defined
+        when: rhel9cis_6_2_4_user_user_check.stdout | length == 0

      - name: "6.2.4 | AUDIT | Ensure no duplicate GIDs exist | Print warning about users with duplicate GIDs"
        debug:
            msg: "Warning!! The following groups have duplicate GIDs: {{ rhel9cis_6_2_4_user_user_check.stdout_lines }}"
-        when: rhel9cis_6_2_4_user_user_check.stdout is defined
+        when: rhel9cis_6_2_4_user_user_check.stdout | length >= 1

      - name: "6.2.4 | AUDIT | Ensure no duplicate GIDs exist | warning count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_6.2.4' ]"
            warn_count: "{{ warn_count|int + 1 }}"
-        when: rhel9cis_6_2_4_user_user_check.stdout is defined
+        when: rhel9cis_6_2_4_user_user_check.stdout | length >= 1

  when:
      - rhel9cis_rule_6_2_4
@ -132,18 +132,18 @@
      - name: "6.2.5 | AUDIT | Ensure no duplicate user names exist | Print message that no duplicate user names exist"
        debug:
            msg: "Good News! There are no duplicate user names in the system"
-        when: rhel9cis_6_2_5_user_username_check.stdout is not defined
+        when: rhel9cis_6_2_5_user_username_check.stdout | length == 0

      - name: "6.2.5 | AUDIT | Ensure no duplicate user names exist | Print warning about users with duplicate User Names"
        debug:
            msg: "Warning!! The following user names are duplicates: {{ rhel9cis_6_2_5_user_username_check.stdout_lines }}"
-        when: rhel9cis_6_2_5_user_username_check.stdout is defined
+        when: rhel9cis_6_2_5_user_username_check.stdout | length >= 1

      - name: "6.2.5 | AUDIT | Ensure no duplicate user names exist | warning count"
        set_fact:
            control_number: "{{ control_number }} + [ 'rule_6.2.5' ]"
            warn_count: "{{ warn_count|int + 1 }}"
-        when: rhel9cis_6_2_5_user_username_check.stdout is defined
+        when: rhel9cis_6_2_5_user_username_check.stdout | length >= 1
  when:
      - rhel9cis_rule_6_2_5
  tags: