ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 07:23:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

container standards

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-01-18 10:11:44 +00:00
parent 876ac290d5
commit 8fa067f61c
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
5 changed files with 8 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -2,7 +2,7 @@
# defaults file for rhel9-cis # defaults file for rhel9-cis
rhel9cis_skip_for_travis: false rhel9cis_skip_for_travis: false
rhel9cis_system_is_container: false system_is_container: false
# rhel9cis is left off the front of this var for consistency in testing pipeline # rhel9cis is left off the front of this var for consistency in testing pipeline
# system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks # system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
system_is_ec2: false system_is_ec2: false

5
local.yml
View file

@ -3,10 +3,7 @@
- hosts: localhost - hosts: localhost
connection: local connection: local
become: true become: true
vars:
is_container: false
roles: roles:
- role: "{{ playbook_dir }}" - role: "{{ playbook_dir }}"
rhel9cis_system_is_container: "{{ is_container | default(false) }}"
rhel9cis_skip_for_travis: false

4
site.yml
View file

@ -1,11 +1,7 @@
--- ---
- hosts: all - hosts: all
become: true become: true
vars:
is_container: false
roles: roles:
- role: "{{ playbook_dir }}" - role: "{{ playbook_dir }}"
rhel9cis_system_is_container: "{{ is_container | default(false) }}"
rhel9cis_skip_for_travis: false

4
tasks/section_2/cis_2.2.1.x.yml
View file

@ -6,7 +6,7 @@
state: present state: present
when: when:
- rhel9cis_rule_2_2_1_1 - rhel9cis_rule_2_2_1_1
- not rhel9cis_system_is_container - not system_is_container
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
@ -34,7 +34,7 @@
when: when:
- rhel9cis_time_synchronization == "chrony" - rhel9cis_time_synchronization == "chrony"
- rhel9cis_rule_2_2_1_2 - rhel9cis_rule_2_2_1_2
- not rhel9cis_system_is_container - not system_is_container
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation

6
tasks/section_6/cis_6.2.x.yml
View file

@ -177,7 +177,8 @@
recursive: true recursive: true
etype: "{{ item.1.etype }}" etype: "{{ item.1.etype }}"
permissions: "{{ item.1.mode }}" permissions: "{{ item.1.mode }}"
when: not rhel9cis_system_is_container when:
- not system_is_container
with_nested: with_nested:
- "{{ (ansible_check_mode | ternary(rhel_09_6_2_7_patch_audit, rhel_09_6_2_7_patch)).results | - "{{ (ansible_check_mode | ternary(rhel_09_6_2_7_patch_audit, rhel_09_6_2_7_patch)).results |
rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}" rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}"
@ -541,7 +542,8 @@
recursive: true recursive: true
etype: "{{ item.1.etype }}" etype: "{{ item.1.etype }}"
permissions: "{{ item.1.mode }}" permissions: "{{ item.1.mode }}"
when: not rhel9cis_system_is_container when:
- not system_is_container
with_nested: with_nested:
- "{{ (ansible_check_mode | ternary(rhel_09_6_2_20_patch_audit, rhel_09_6_2_20_patch)).results | - "{{ (ansible_check_mode | ternary(rhel_09_6_2_20_patch_audit, rhel_09_6_2_20_patch)).results |
rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}" rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}"