Update cis_5.3.x.yml

tasks/section_5/cis_5.3.x.yml

@@ -42,21 +42,21 @@
       - sudo
       - rule_5.3.3
 
-- name: "5.3.4 | PATCH | Ensure users must provide password for escalation"
+#- name: "5.3.4 | PATCH | Ensure users must provide password for escalation"
-  ansible.builtin.replace:
+#  ansible.builtin.replace:
-      path: "{{ item }}"
+#      path: "{{ item }}"
-      regexp: '^([^#|{% if system_is_ec2 %}ec2-user{% endif %}].*)NOPASSWD(.*)'
+#      regexp: '^([^#|{% if system_is_ec2 %}ec2-user{% endif %}].*)NOPASSWD(.*)'
-      replace: '\1PASSWD\2'
+#      replace: '\1PASSWD\2'
-      validate: '/usr/sbin/visudo -cf %s'
+#      validate: '/usr/sbin/visudo -cf %s'
-  loop: "{{ rhel9cis_sudoers_files.stdout_lines }}"
+#  loop: "{{ rhel9cis_sudoers_files.stdout_lines }}"
-  when:
+#  when:
-      - rhel9cis_rule_5_3_4
+#      - rhel9cis_rule_5_3_4
-  tags:
+#  tags:
-      - level2-server
+#      - level2-server
-      - level2-workstation
+#      - level2-workstation
-      - patch
+#      - patch
-      - sudo
+#      - sudo
-      - rule_5.3.4
+#      - rule_5.3.4
 
 - name: "5.3.5 | PATCH | Ensure re-authentication for privilege escalation is not disabled globally"
   ansible.builtin.replace: