ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-26 15:13:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

updated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-03-30 11:22:30 +01:00
parent dc5f71d461
commit 8c79bfe7fb
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
25 changed files with 253 additions and 266 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tasks/section_1/cis_1.4.x.yml
View file

@ -3,16 +3,16 @@
- name: "1.4.1 | PATCH | Ensure bootloader password is set"
copy:
dest: /boot/grub2/user.cfg
content: "GRUB2_PASSWORD={{ rhel8cis_bootloader_password_hash }}"
content: "GRUB2_PASSWORD={{ rhel9cis_bootloader_password_hash }}"
owner: root
group: root
mode: 0600
notify: grub2cfg
when:
- rhel8cis_set_boot_pass
- rhel9cis_set_boot_pass
- grub_pass is defined and grub_pass.passhash is defined
- grub_pass.passhash | length > 0
- rhel8cis_rule_1_4_1
- rhel9cis_rule_1_4_1
tags:
- level1-server
- level1-workstation
@ -43,10 +43,10 @@
loop_control:
label: "{{ item.mount }}"
when:
- not rhel8cis_legacy_boot
- not rhel9cis_legacy_boot
- item.mount == "/boot/efi"
when:
- rhel8cis_rule_1_4_2
- rhel9cis_rule_1_4_2
- grub_cfg.stat.exists
- grub_cfg.stat.islnk
tags:
@ -67,7 +67,7 @@
group: root
mode: 0644
when:
- rhel8cis_rule_1_4_3
- rhel9cis_rule_1_4_3
tags:
- level1-server
- level1-workstation