From 69e01b84f3fed923138b512654ceed7251a68250 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 11 Dec 2024 11:20:00 +0000
Subject: [PATCH] Updated files to std

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/LE_audit_setup.yml         |  6 ++--
 tasks/audit_only.yml             | 10 +++---
 tasks/post_remediation_audit.yml | 18 +++++-----
 tasks/pre_remediation_audit.yml  | 58 +++++++++++++-------------------
 4 files changed, 38 insertions(+), 54 deletions(-)

diff --git a/tasks/LE_audit_setup.yml b/tasks/LE_audit_setup.yml
index 4b407eb..52fc8bd 100644
--- a/tasks/LE_audit_setup.yml
+++ b/tasks/LE_audit_setup.yml
@@ -8,7 +8,7 @@
         audit_pkg_arch_name: AMD64
 
     - name: Pre Audit Setup | Set audit package name | ARM64
-      when: ansible_facts.machine == "aarch64"
+      when: ansible_facts.machine == "arm64"
       ansible.builtin.set_fact:
         audit_pkg_arch_name: ARM64
 
@@ -20,13 +20,13 @@
     owner: root
     group: root
     checksum: "{{ audit_bin_version[audit_pkg_arch_name + '_checksum'] }}"
-    mode: '0555'
+    mode: 'u+x,go-w'
 
 - name: Pre Audit Setup | Copy audit binary
   when: get_audit_binary_method == 'copy'
   ansible.builtin.copy:
     src: "{{ audit_bin_copy_location }}"
     dest: "{{ audit_bin }}"
-    mode: '0555'
     owner: root
     group: root
+    mode: 'u+x,go-w'
diff --git a/tasks/audit_only.yml b/tasks/audit_only.yml
index b7dad08..008d358 100644
--- a/tasks/audit_only.yml
+++ b/tasks/audit_only.yml
@@ -3,7 +3,7 @@
 - name: Audit_Only | Create local Directories for hosts
   when: fetch_audit_files
   ansible.builtin.file:
-    mode: '0755'
+    mode: 'u+x,go-w'
     path: "{{ audit_capture_files_dir }}/{{ inventory_hostname }}"
     recurse: true
     state: directory
@@ -15,16 +15,14 @@
   ansible.builtin.fetch:
     dest: "{{ audit_capture_files_dir }}/{{ inventory_hostname }}/"
     flat: true
-    mode: '0644'
+    mode: 'go-wx'
     src: "{{ pre_audit_outfile }}"
 
 - name: Audit_only | Show Audit Summary
-  when:
-    - audit_only
+  when: audit_only
   ansible.builtin.debug:
     msg: "{{ audit_results.split('\n') }}"
 
 - name: Audit_only | Stop Playbook Audit Only selected
-  when:
-    - audit_only
+  when: audit_only
   ansible.builtin.meta: end_play
diff --git a/tasks/post_remediation_audit.yml b/tasks/post_remediation_audit.yml
index 8004ed3..54d5785 100644
--- a/tasks/post_remediation_audit.yml
+++ b/tasks/post_remediation_audit.yml
@@ -1,14 +1,14 @@
 ---
 
-- name: Post Audit | Run post_remediation {{ benchmark }} audit
-  ansible.builtin.shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\""
+- name: Post Audit | Run post_remediation {{ benchmark }} audit  # noqa name[template]
+  ansible.builtin.command: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ post_audit_outfile }} -g \"{{ group_names }}\""
   changed_when: true
   environment:
     AUDIT_BIN: "{{ audit_bin }}"
     AUDIT_CONTENT_LOCATION: "{{ audit_conf_dest | default('/opt') }}"
     AUDIT_FILE: goss.yml
 
-- name: Post Audit | Ensure audit files readable by users
+- name: Post Audit | ensure audit files readable by users
   ansible.builtin.file:
     path: "{{ item }}"
     mode: '0644'
@@ -18,26 +18,24 @@
     - "{{ pre_audit_outfile }}"
 
 - name: Post Audit | Capture audit data if json format
-  when:
-    - audit_format == "json"
+  when: audit_format == "json"
   block:
     - name: Post Audit | Capture audit data if json format
       ansible.builtin.shell: grep -E '"summary-line.*Count:.*Failed' "{{ post_audit_outfile }}" | cut -d'"' -f4
-      register: post_audit_summary
       changed_when: false
+      register: post_audit_summary
 
     - name: Post Audit | Set Fact for audit summary
       ansible.builtin.set_fact:
         post_audit_results: "{{ post_audit_summary.stdout }}"
 
 - name: Post Audit | Capture audit data if documentation format
-  when:
-    - audit_format == "documentation"
+  when: audit_format == "documentation"
   block:
     - name: Post Audit | Capture audit data if documentation format
-      ansible.builtin.shell: tail -2 "{{ post_audit_outfile }}" | tac | tr '\n' ' '
-      register: post_audit_summary
+      ansible.builtin.shell: tail -2 "{{ pre_audit_outfile }}"  | tac | tr '\n' ' '
       changed_when: false
+      register: post_audit_summary
 
     - name: Post Audit | Set Fact for audit summary
       ansible.builtin.set_fact:
diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml
index 3a3304c..91cc9b7 100644
--- a/tasks/pre_remediation_audit.yml
+++ b/tasks/pre_remediation_audit.yml
@@ -1,22 +1,19 @@
 ---
 
 - name: Pre Audit Setup | Setup the LE audit
-  when:
-    - setup_audit
-  tags:
-    - setup_audit
+  when: setup_audit
+  tags: setup_audit
   ansible.builtin.include_tasks:
     file: LE_audit_setup.yml
 
-- name: Pre Audit Setup | Ensure {{ audit_conf_dir }} exists
+- name: Pre Audit Setup | Ensure existence of {{ audit_conf_dir }}  # noqa name[template]
   ansible.builtin.file:
     path: "{{ audit_conf_dir }}"
+    mode: 'go-w'
     state: directory
-    mode: '0755'
 
 - name: Pre Audit Setup | If using git for content set up
-  when:
-    - audit_content == 'git'
+  when: audit_content == 'git'
   block:
     - name: Pre Audit Setup | Install git
       ansible.builtin.package:
@@ -30,57 +27,51 @@
         version: "{{ audit_git_version }}"
 
 - name: Pre Audit Setup | Copy to audit content files to server
-  when:
-    - audit_content == 'copy'
+  when: audit_content == 'copy'
   ansible.builtin.copy:
     src: "{{ audit_conf_source }}"
     dest: "{{ audit_conf_dest }}"
     mode: preserve
 
 - name: Pre Audit Setup | Unarchive audit content files on server
-  when:
-    - audit_content == 'archive'
+  when: audit_content == 'archive'
   ansible.builtin.unarchive:
     src: "{{ audit_conf_source }}"
     dest: "{{ audit_conf_dest }}"
 
 - name: Pre Audit Setup | Get audit content from url
-  when:
-    - audit_content == 'get_url'
+  when: audit_content == 'get_url'
   ansible.builtin.unarchive:
     src: "{{ audit_conf_source }}"
     dest: "{{ audit_conf_dest }}/{{ benchmark }}-Audit"
-    remote_src: "{{ ( audit_conf_source is contains ('http'))| ternary(true, false ) }}"
-    extra_opts: "{{ (audit_conf_source is contains ('github')) | ternary('--strip-components=1', [] ) }}"
+    remote_src: "{{ (audit_conf_source is contains('http')) | ternary(true, false) }}"
+    extra_opts: "{{ (audit_conf_source is contains('github')) | ternary('--strip-components=1', []) }}"
 
 - name: Pre Audit Setup | Check Goss is available
-  when:
-    - run_audit
+  when: run_audit
   block:
     - name: Pre Audit Setup | Check for goss file
       ansible.builtin.stat:
         path: "{{ audit_bin }}"
-      register: discovered_goss_available
+      register: prelim_goss_available
 
     - name: Pre Audit Setup | If audit ensure goss is available
-      when:
-        - not discovered_goss_available.stat.exists
+      when: not prelim_goss_available.stat.exists
       ansible.builtin.assert:
         msg: "Audit has been selected: unable to find goss binary at {{ audit_bin }}"
 
 - name: Pre Audit Setup | Copy ansible default vars values to test audit
-  when:
-    - run_audit
+  when: run_audit
   tags:
     - goss_template
     - run_audit
   ansible.builtin.template:
     src: ansible_vars_goss.yml.j2
     dest: "{{ audit_vars_path }}"
-    mode: '0600'
+    mode: 'go-rwx'
 
-- name: Pre Audit | Run pre_remediation {{ benchmark }} audit
-  ansible.builtin.shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ pre_audit_outfile }} -g \"{{ group_names }}\""
+- name: Pre Audit | Run pre_remediation audit {{ benchmark }}  # noqa name[template]
+  ansible.builtin.command: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -f {{ audit_format }} -o {{ pre_audit_outfile }} -g \"{{ group_names }}\""  # noqa yaml[line-length]
   changed_when: true
   environment:
     AUDIT_BIN: "{{ audit_bin }}"
@@ -88,33 +79,30 @@
     AUDIT_FILE: goss.yml
 
 - name: Pre Audit | Capture audit data if json format
-  when:
-    - audit_format == "json"
+  when: audit_format == "json"
   block:
     - name: Pre Audit | Capture audit data if json format
       ansible.builtin.shell: grep -E '\"summary-line.*Count:.*Failed' "{{ pre_audit_outfile }}" | cut -d'"' -f4
-      register: pre_audit_summary
       changed_when: false
+      register: pre_audit_summary
 
     - name: Pre Audit | Set Fact for audit summary
       ansible.builtin.set_fact:
         pre_audit_results: "{{ pre_audit_summary.stdout }}"
 
 - name: Pre Audit | Capture audit data if documentation format
-  when:
-    - audit_format == "documentation"
+  when: audit_format == "documentation"
   block:
     - name: Pre Audit | Capture audit data if documentation format
-      ansible.builtin.shell: tail -2 "{{ pre_audit_outfile }}" | tac | tr '\n' ' '
-      register: pre_audit_summary
+      ansible.builtin.shell: tail -2 "{{ pre_audit_outfile }}"  | tac | tr '\n' ' '
       changed_when: false
+      register: pre_audit_summary
 
     - name: Pre Audit | Set Fact for audit summary
       ansible.builtin.set_fact:
         pre_audit_results: "{{ pre_audit_summary.stdout }}"
 
 - name: Audit_Only | Run Audit Only
-  when:
-    - audit_only
+  when: audit_only
   ansible.builtin.import_tasks:
     file: audit_only.yml