ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-26 14:37:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #28 from ansible-lockdown/may25_issues

Browse source 
May25 issues
This commit is contained in:
uk-bolly 2025-05-23 16:33:53 +01:00 committed by GitHub
commit 73c84de639
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 50 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_6/cis_6.1.x.yml
View file

@ -58,6 +58,10 @@
dest: /var/lib/aide/aide.db.gz
remote_src: true
mode: 'ug-wx,o-rwx'
register: aide_db_cp
failed_when:
- not ansible_check_mode
- aide_db_cp.failed
- name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked"
when:
@ -120,3 +124,7 @@
/usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
validate: aide -D --config %s
register: aide_file_integrity_check
failed_when:
- not ansible_check_mode
- aide_file_integrity_check.failed

4
tasks/section_6/main.yml
View file

@ -20,7 +20,9 @@
file: cis_6.2.2.x.yml
- name: "SECTION | 6.2.3 | Configure rsyslog"
when: rhel9cis_syslog == 'rsyslog'
when:
- rhel9cis_syslog == 'rsyslog'
- rhel9cis_rsyslog_ansiblemanaged
ansible.builtin.import_tasks:
file: cis_6.2.3.x.yml