ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-25 22:53:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

improved tests based upon #190 thanks to @ipruteanu-sie

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-06-05 08:01:17 +01:00
parent b279a9fb80
commit bd7c4e3da2
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
2 changed files with 9 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tasks/section_5/cis_5.6.x.yml
View file

@ -14,8 +14,10 @@
- item.id != "halt"
- item.id != "nfsnobody"
- item.uid < min_int_uid | int
- item.shell != " /bin/false"
- item.shell != " /usr/sbin/nologin"
- item.shell != "/bin/false"
- item.shell != "/usr/sbin/nologin"
- item.shell != "/sbin/nologin"
- item.shell != "/dev/null"
loop_control:
label: "{{ item.id }}"
@ -31,8 +33,10 @@
- item.id != "root"
- item.id != "nfsnobody"
- item.uid < min_int_uid | int
- item.shell != " /bin/false"
- item.shell != " /usr/sbin/nologin"
- item.shell != "/bin/false"
- item.shell != "/usr/sbin/nologin"
- item.shell != "/sbin/nologin"
- item.shell != "/dev/null"
loop_control:
label: "{{ item.id }}"
when: