ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 23:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Revert "Merge 'devel' of kris9854/RHEL9-CIS-fix into devel"

Browse source 
This reverts commit d4471a3016, reversing
changes made to d6ca36a91f.
This commit is contained in:
Kristian 2022-09-26 19:10:53 +02:00
parent 66d8fb8b32
commit da0734c3a8
65 changed files with 461 additions and 801 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tasks/section_1/cis_1.6.1.x.yml
View file

@ -16,10 +16,10 @@
- name: "1.6.1.2 | PATCH | Ensure SELinux is not disabled in bootloader configuration"
replace:
dest: /etc/default/grub
regexp: 'selinux=0'
regexp: '(selinux|enforcing)\s*=(\s0|0).*'
replace: ''
register: selinux_grub_patch
ignore_errors: true # noqa ignore-errors
ignore_errors: yes
notify: grub2cfg
when:
- rhel9cis_rule_1_6_1_2
@ -78,13 +78,7 @@
- name: "1.6.1.5 | AUDIT | Ensure no unconfined services exist | Message on unconfined services"
debug:
msg: "Warning!! You have unconfined services: {{ rhelcis_1_6_1_5_unconf_services.stdout_lines }}"
when: rhelcis_1_6_1_5_unconf_services.stdout | length > 0
- name: "1.6.1.5 | AUDIT | Ensure no unconfined services exist | warning count"
set_fact:
control_number: "{{ control_number }} + [ 'rule_1.6.1.5' ]"
warn_count: "{{ warn_count | int + 1 }}"
msg: "Warning! You have unconfined services: {{ rhelcis_1_6_1_5_unconf_services.stdout_lines }}"
when: rhelcis_1_6_1_5_unconf_services.stdout | length > 0
when:
- rhel9cis_rule_1_6_1_5