Lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2024-12-11 11:49:02 +00:00 · 2024-12-11 11:49:02 +00:00 · 88ac5c3d65
commit 88ac5c3d65
parent fcf9eb674f
19 changed files with 127 additions and 84 deletions
--- a/tasks/section_1/cis_1.1.1.x.yml
+++ b/tasks/section_1/cis_1.1.1.x.yml
@ -284,15 +284,15 @@
    warn_control_id: '1.1.1.9'
  block:
    - name: "1.1.1.9 | PATCH | Ensure unused filesystems kernel modules are not available | Add discovery script"
-      ansible.builtin.template:
+      ansible.builtin.copy:
        src: fs_with_cves.sh
        dest: /var/fs_with_cves.sh
        owner: root
        group: root
-        mode: '0744'
+        mode: 'u+x,go-wx'

    - name: "1.1.1.9 | AUDIT | Ensure unused filesystems kernel modules are not available | Run discovery script"
-      ansible.builtin.shell: /var/fs_with_cves.sh
+      ansible.builtin.command: /var/fs_with_cves.sh
      changed_when: false
      failed_when: discovered_fs_modules_loaded.rc not in [ 0, 99 ]
      register: discovered_fs_modules_loaded
--- a/tasks/section_1/cis_1.2.1.x.yml
+++ b/tasks/section_1/cis_1.2.1.x.yml
@ -15,13 +15,15 @@
    - NIST800-53R5_SI-2
  block:
    - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | list installed pubkey keys"
-      ansible.builtin.shell: "rpm -qa | grep {{ os_gpg_key_pubkey_name }}"
+      ansible.builtin.shell: |
+        "rpm -qa | grep {{ os_gpg_key_pubkey_name }}"
      changed_when: false
      failed_when: false
      register: discovered_os_installed_pub_keys

    - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Query found keys"
-      ansible.builtin.shell: 'rpm -q --queryformat "%{PACKAGER} %{VERSION}\\n" {{ os_gpg_key_pubkey_name }} | grep "{{ os_gpg_key_pubkey_content }}"'
+      ansible.builtin.shell: |
+        'rpm -q --queryformat "%{PACKAGER} %{VERSION}\\n" {{ os_gpg_key_pubkey_name }} | grep "{{ os_gpg_key_pubkey_content }}"'
      changed_when: false
      failed_when: false
      register: discovered_os_gpg_key_check
@ -107,7 +109,7 @@
    warn_control_id: '1.2.1.4'
  block:
    - name: "1.2.1.4 | AUDIT | Ensure package manager repositories are configured | Get repo list"
-      ansible.builtin.shell: dnf repolist
+      ansible.builtin.command: dnf repolist
      changed_when: false
      failed_when: false
      register: discovered_dnf_configured