ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

incorporated PR 345 thanks to @thulium-drake

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2026-02-03 09:01:55 +00:00
parent c7567a98ac
commit 943b570484
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
4 changed files with 85 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tasks/main.yml
View file

@ -41,14 +41,14 @@
fail_msg: "Crypto policy is not a permitted version"
success_msg: "Crypto policy is a permitted version"
- name: "Check rhel9cis_bootloader_password_hash variable has been changed"
- name: "Check rhel9cis_bootloader_password variable has been changed"
when:
- rhel9cis_set_boot_pass
- rhel9cis_rule_1_4_1
tags: always
ansible.builtin.assert:
that: rhel9cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword' # pragma: allowlist secret
msg: "This role will not be able to run single user password commands as rhel9cis_bootloader_password_hash variable has not been set correctly"
that: rhel9cis_bootloader_password != 'password' # pragma: allowlist secret
msg: "This role will not be able to run single user password commands as rhel9cis_bootloader_password variable has not been set correctly"
- name: "Check crypto-policy module input"
when:
@ -154,9 +154,7 @@
file: "{{ ansible_facts.distribution }}.yml"
- name: "Include preliminary steps"
tags:
- prelim_tasks
- always
tags: prelim_tasks
ansible.builtin.import_tasks:
file: prelim.yml