From 85e2eb12646432c654724cc5543d93412c028fe7 Mon Sep 17 00:00:00 2001 From: Ionut Pruteanu Date: Wed, 17 Jan 2024 19:06:21 +0200 Subject: [PATCH 1/2] RH9 does not require extra authselect options(just `with-faillock`). Therefore var-attr is not needed anymore. Signed-off-by: Ionut Pruteanu --- defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0bc0137..fa92229 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -613,7 +613,6 @@ rhel9cis_use_authconfig: false rhel9cis_authselect: custom_profile_name: custom-profile default_file_to_copy: "sssd --symlink-meta" - options: with-sudo with-faillock without-nullok # 5.3.1 Enable automation to create custom profile settings, using the settings above rhel9cis_authselect_custom_profile_create: false From 884377c529a5260dbee258e718f68429851d1224 Mon Sep 17 00:00:00 2001 From: Ionut Pruteanu Date: Wed, 17 Jan 2024 19:19:22 +0200 Subject: [PATCH 2/2] Use the proper sub-task name when authselect custom profile is selected. Signed-off-by: Ionut Pruteanu --- tasks/section_5/cis_5.4.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section_5/cis_5.4.x.yml b/tasks/section_5/cis_5.4.x.yml index 52c1f70..08973ae 100644 --- a/tasks/section_5/cis_5.4.x.yml +++ b/tasks/section_5/cis_5.4.x.yml @@ -43,7 +43,7 @@ - "Below are the current custom profiles" - "{{ rhel9cis_5_4_2_profiles_faillock.stdout_lines }}" - - name: "5.4.2 | PATCH | Ensure authselect includes with-faillock | Create custom profiles" + - name: "5.4.2 | PATCH | Ensure authselect includes with-faillock | Select custom profile" ansible.builtin.shell: "authselect select custom/{{ rhel9cis_authselect['custom_profile_name'] }} with-faillock" when: rhel9cis_authselect_custom_profile_select