ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

5.6.3 tidy up

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-26 09:47:33 +00:00
parent abd99426b8
commit 89e6372648
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tasks/section_5/cis_5.6.x.yml
View file

@ -46,18 +46,18 @@
- name: "5.6.3 | PATCH | Ensure default user shell timeout is 900 seconds or less"
ansible.builtin.blockinfile:
create: true
mode: 0644
dest: "{{ item.dest }}"
path: "{{ item.dest }}"
state: "{{ item.state }}"
marker: "# {mark} CIS 5.6.3 ANSIBLE MANAGED"
create: true
mode: 0644
block: |
TMOUT={{ rhel9cis_shell_session_timeout.timeout }}
export TMOUT
readonly TMOUT
loop:
- { dest: "{{ rhel9cis_shell_session_timeout.file }}", state: present }
- { dest: /etc/profile, state: "{{ (rhel9cis_shell_session_timeout.file == '/etc/profile') | ternary('present', 'absent') }}" }
- { path: "{{ rhel9cis_shell_session_timeout.file }}", state: present }
- { path: /etc/profile, state: "{{ (rhel9cis_shell_session_timeout.file == '/etc/profile') | ternary('present', 'absent') }}" }
when:
- rhel9cis_rule_5_6_3
tags: