added warning count

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2022-07-20 17:13:33 +01:00 · 2022-07-20 17:13:33 +01:00 · 6b6a4a32c8
commit 6b6a4a32c8
parent c494559882
17 changed files with 219 additions and 71 deletions
--- a/tasks/section_4/cis_4.2.2.x.yml
+++ b/tasks/section_4/cis_4.2.2.x.yml
@ -41,6 +41,7 @@
      state: started
      enabled: yes
  when:
+      - rhel9cis_system_is_log_server
      - rhel9cis_rule_4_2_2_1_3
  tags:
      - level1-server
@ -52,11 +53,12 @@

 - name: "4.2.2.1.4 | PATCH | Ensure journald is not configured to recieve logs from a remote client"
  systemd:
-      name: systemd-journal-remote
+      name: systemd-journal-remote.socket
      state: stopped
      enabled: no
      masked: yes
  when:
+      - not rhel9cis_system_is_log_server
      - rhel9cis_rule_4_2_2_1_4
  tags:
      - level1-server
@ -83,7 +85,13 @@
      - name: "4.2.2.2 | AUDIT | Ensure journald service is enabled | Alert on bad status"
        debug:
            msg:
-                - "Warning! The status of systemd-journald should be static and it is not. Please investigate"
+                - "Warning!! The status of systemd-journald should be static and it is not. Please investigate"
+        when: "'static' not in rhel9cis_4_2_2_2_status.stdout"
+
+      - name: "4.2.2.2 | AUDIT | Ensure journald service is enabled | Warn Count"
+        set_fact:
+            control_number: "{{ control_number }} + [ 'rule_4.2.2.2' ]"
+            warn_count: "{{ warn_count|int + 1 }}"
        when: "'static' not in rhel9cis_4_2_2_2_status.stdout"
  when:
      - rhel9cis_rule_4_2_2_2
@ -134,7 +142,6 @@
  notify: restart systemd_journal_upload
  when:
      - rhel9cis_rule_4_2_2_5
-      - rhel9cis_preferred_log_capture == "journald"
  tags:
      - level1-server
      - level2-workstation
@ -190,9 +197,13 @@
      - name: "4.2.2.7 | AUDIT | Ensure journald default file permissions configured | Display file settings"
        debug:
            msg:
-                - "Warning! Below are the current default settings for journald, please confirm they align with your site policies"
-                # - "{{ rhel9cis_4_2_2_7_override_settings.stdout_lines }}"
+                - "Warning!! Below are the current default settings for journald, please confirm they align with your site policies"
                - "{{ (rhel9cis_4_2_2_7_override_status.matched >= 1) | ternary(rhel9cis_4_2_2_7_override_settings.stdout_lines, rhel9cis_4_2_2_7_notoverride_settings.stdout_lines) }}"
+
+      - name: "4.2.2.7 | AUDIT | Ensure journald default file permissions configured | Warn Count"
+        set_fact:
+            control_number: "{{ control_number }} + [ 'rule_4.2.2.7' ]"
+            warn_count: "{{ warn_count|int + 1 }}"
  when:
      - rhel9cis_rule_4_2_2_7
  tags: