From 82119205b1d111326ba5ee65c13e7b9d24131fba Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 9 Aug 2024 17:21:36 +0100 Subject: [PATCH] issue #224 addressed thanks to @globalpayments-shoebsyed Signed-off-by: Mark Bolwell --- tasks/section_4/cis_4.1.4.x.yml | 6 ++++++ tasks/section_4/cis_4.2.3.yml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/tasks/section_4/cis_4.1.4.x.yml b/tasks/section_4/cis_4.1.4.x.yml index dcf8413..2312b03 100644 --- a/tasks/section_4/cis_4.1.4.x.yml +++ b/tasks/section_4/cis_4.1.4.x.yml @@ -65,6 +65,8 @@ ansible.builtin.file: path: "{{ item.path }}" mode: 'u-x,g-wx,u-rwx' + failed_when: rhel9cis_4_1_4_5_file_list.state not in '[ file, absent ]' + register: rhel9cis_4_1_4_5_file_list loop: "{{ auditd_conf_files.files }}" loop_control: label: "{{ item.path }}" @@ -81,6 +83,8 @@ ansible.builtin.file: path: "{{ item.path }}" owner: root + failed_when: rhel9cis_4_1_4_6_file_list.state not in '[ file, absent ]' + register: rhel9cis_4_1_4_6_file_list loop: "{{ auditd_conf_files.files | default([]) }}" loop_control: label: "{{ item.path }}" @@ -97,6 +101,8 @@ ansible.builtin.file: path: "{{ item.path }}" group: root + failed_when: rhel9cis_4_1_4_7_file_list.state not in '[ file, absent ]' + register: rhel9cis_4_1_4_7_file_list loop: "{{ auditd_conf_files.files | default([]) }}" loop_control: label: "{{ item.path }}" diff --git a/tasks/section_4/cis_4.2.3.yml b/tasks/section_4/cis_4.2.3.yml index 823975a..42bb419 100644 --- a/tasks/section_4/cis_4.2.3.yml +++ b/tasks/section_4/cis_4.2.3.yml @@ -14,6 +14,8 @@ ansible.builtin.file: path: "{{ item.path }}" mode: "{{ '0600' if item.mode == '0600' else '0640' }}" + failed_when: rhel9cis_4_2_3_file_list.state not in '[ file, absent ]' + register: rhel9cis_4_2_3_file_list loop: "{{ logfiles.files }}" loop_control: label: "{{ item.path }}"