var fixes for 1.1.2.3.x and 1.1.2.4.x

Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
2026-03-25 14:27:12 +00:00 · 2025-06-16 15:14:08 -04:00 · 2025-06-16 15:14:08 -04:00 · b38e7d06eb
commit b38e7d06eb
parent 6ced990430
4 changed files with 10 additions and 16 deletions
--- a/tasks/pre_remediation_audit.yml
+++ b/tasks/pre_remediation_audit.yml
@ -46,7 +46,7 @@
    remote_src: "{{ (audit_conf_source is contains('http')) | ternary(true, false) }}"
    extra_opts: "{{ (audit_conf_source is contains('github')) | ternary('--strip-components=1', []) }}"

- name: Pre Audit Setup | Check Goss is available
+- name: Pre Audit Setup | Check goss is available
  when: run_audit
  block:
    - name: Pre Audit Setup | Check for goss file
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@ -136,8 +136,7 @@
  register: prelim_systemd_coredump

 - name: "PRELIM | PATCH | Setup crypto-policy"
-  when:
-    - rhel9cis_rule_1_6_1
+  when: rhel9cis_rule_1_6_1
  tags:
    - level1-server
    - level1-workstation
@ -185,15 +184,13 @@
        grub2_path: /etc/grub2-efi.cfg

 - name: "PRELIM | AUDIT | Discover Gnome Desktop Environment"
-  tags:
-    - always
+  tags: always
  ansible.builtin.stat:
    path: /usr/share/gnome/gnome-version.xml
  register: prelim_gnome_present

 - name: "PRELIM | PATCH | Install dconf if gui installed"
-  when:
-    - rhel9cis_gui
+  when: rhel9cis_gui
  tags:
    - always
  ansible.builtin.package:
@ -251,9 +248,7 @@
    state: touch

 - name: "PRELIM | PATCH | sshd_config.d/50-redhat.conf exists"
-  when:
-    - rhel9cis_rule_5_1_10 or
-      rhel9cis_rule_5_1_11
+  when: rhel9cis_rule_5_1_10 or rhel9cis_rule_5_1_11
  ansible.builtin.stat:
    path: /etc/ssh/sshd_config.d/50-redhat.conf
  register: discovered_sshd_50_redhat_file
@ -281,8 +276,7 @@
 - name: "PRELIM | PATCH | Create journald config directory"
  when:
    - rhel9cis_syslog == 'journald'
-    - rhel9cis_rule_6_2_1_3 or
-      rhel9cis_rule_6_2_1_4
+    - rhel9cis_rule_6_2_1_3 or rhel9cis_rule_6_2_1_4
  tags: always
  ansible.builtin.file:
    path: /etc/systemd/journald.conf.d
--- a/tasks/section_1/cis_1.1.2.3.x.yml
+++ b/tasks/section_1/cis_1.1.2.3.x.yml
@ -21,12 +21,12 @@
      register: discovered_home_mount

    - name: "1.1.2.3.1 | AUDIT | Ensure /home is a separate partition | Absent"
-      when: discovered_dev_shm_mount is undefined
+      when: discovered_home_mount is undefined
      ansible.builtin.debug:
        msg: "Warning!! {{ required_mount }} is not mounted on a separate partition"

    - name: "1.1.2.3.1 | AUDIT | Ensure /home is a separate partition | Present"
-      when: discovered_dev_shm_mount is undefined
+      when: discovered_home_mount is undefined
      ansible.builtin.import_tasks:
        file: warning_facts.yml

--- a/tasks/section_1/cis_1.1.2.4.x.yml
+++ b/tasks/section_1/cis_1.1.2.4.x.yml
@ -22,12 +22,12 @@
      register: discovered_var_mount

    - name: "1.1.2.4.1 | AUDIT | Ensure /var is a separate partition | Absent"
-      when: discovered_dev_shm_mount is undefined
+      when: discovered_var_mount is undefined
      ansible.builtin.debug:
        msg: "Warning!! {{ required_mount }} is not mounted on a separate partition"

    - name: "1.1.2.4.1 | AUDIT | Ensure /var is a separate partition | Present"
-      when: discovered_dev_shm_mount is undefined
+      when: discovered_var_mount is undefined
      ansible.builtin.import_tasks:
        file: warning_facts.yml