Revert "Merge 'devel' of kris9854/RHEL9-CIS-fix into devel"

This reverts commit d4471a3016, reversing changes made to d6ca36a91f.
2025-12-27 23:43:06 +00:00 · 2022-09-26 19:10:53 +02:00 · 2022-09-26 19:10:53 +02:00 · da0734c3a8
commit da0734c3a8
parent 66d8fb8b32
65 changed files with 461 additions and 801 deletions
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@ -5,31 +5,23 @@
      - name: "6.1.1 | AUDIT | Audit system file permissions | Audit the packages"
        shell: rpm -Va --nomtime --nosize --nomd5 --nolinkto
        args:
-            warn: false
+            warn: no
        changed_when: false
        failed_when: false
        register: rhel9cis_6_1_1_packages_rpm

      - name: "6.1.1 | AUDIT | Audit system file permissions | Create list and warning"
        block:
-            - name: "6.1.1 | AUDIT | Audit system file permissions | Add file discrepancy list to system"
+            - name: "6.1.1 | Audit system file permissions | Add file discrepancy list to system"
              copy:
                  dest: "{{ rhel9cis_rpm_audit_file }}"
                  content: "{{ rhel9cis_6_1_1_packages_rpm.stdout }}"
-                  owner: root
-                  group: root
-                  mode: 0640

            - name: "6.1.1 | AUDIT | Audit system file permissions | Message out alert for package descrepancies"
              debug:
                  msg: |
-                     "Warning!! You have some package descrepancies issues.
+                     "Warning! You have some package descrepancies issues.
                      The file list can be found in {{ rhel9cis_rpm_audit_file }}"
-
-            - name: "6.1.1 | AUDIT | Audit system file permissions | warning count"
-              set_fact:
-                  control_number: "{{ control_number }} + [ 'rule_6.1.1' ]"
-                  warn_count: "{{ warn_count | int + 1 }}"
        when: rhel9cis_6_1_1_packages_rpm.stdout|length > 0

      - name: "6.1.1 | AUDIT | Audit system file permissions | Message out no package descrepancies"
@ -49,7 +41,7 @@
 - name: "6.1.2 | PATCH | Ensure sticky bit is set on all world-writable directories"
  shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
  args:
-      warn: false
+      warn: no
  changed_when: false
  failed_when: false
  when: