ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-26 15:13:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

added validate

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-04 16:16:31 +01:00
parent 790db75501
commit e03f7194ff
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_5/cis_5.3.x.yml
View file

@ -19,6 +19,7 @@
dest: /etc/sudoers dest: /etc/sudoers
line: "Defaults use_pty" line: "Defaults use_pty"
state: present state: present
validate: '/usr/sbin/visudo -cf %s'
when: when:
- rhel9cis_rule_5_3_2 - rhel9cis_rule_5_3_2
tags: tags:
@ -35,6 +36,7 @@
regexp: '^Defaults logfile=' regexp: '^Defaults logfile='
line: 'Defaults logfile="{{ rhel9cis_sudolog_location }}"' line: 'Defaults logfile="{{ rhel9cis_sudolog_location }}"'
state: present state: present
validate: '/usr/sbin/visudo -cf %s'
when: when:
- rhel9cis_rule_5_3_3 - rhel9cis_rule_5_3_3
tags: tags:
@ -50,6 +52,7 @@
path: "{{ item }}" path: "{{ item }}"
regexp: '^([^#|{% if system_is_ec2 %}ec2-user{% endif %}].*)NOPASSWD(.*)' regexp: '^([^#|{% if system_is_ec2 %}ec2-user{% endif %}].*)NOPASSWD(.*)'
replace: '\1PASSWD\2' replace: '\1PASSWD\2'
validate: '/usr/sbin/visudo -cf %s'
with_items: with_items:
- "{{ rhel9cis_sudoers_files.stdout_lines }}" - "{{ rhel9cis_sudoers_files.stdout_lines }}"
when: when:
@ -67,6 +70,7 @@
path: "{{ item }}" path: "{{ item }}"
regexp: '^([^#].*)!authenticate(.*)' regexp: '^([^#].*)!authenticate(.*)'
replace: '\1authenticate\2' replace: '\1authenticate\2'
validate: '/usr/sbin/visudo -cf %s'
with_items: with_items:
- "{{ rhel9cis_sudoers_files.stdout_lines }}" - "{{ rhel9cis_sudoers_files.stdout_lines }}"
when: when: