ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

lint updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-09-21 14:55:00 +01:00
parent 4072c5433f
commit e202d4bd68
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
4 changed files with 25 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.ansible-lint
View file

@ -6,12 +6,10 @@ skip_list:
- 'schema'
- 'no-changed-when'
- 'var-spacing'
- 'fqcn-builtins'
- 'experimental'
- 'name[play]'
- 'name[casing]'
- 'name[template]'
- 'fqcn[action]'
- 'key-order[task]'
- '204'
- '305'

2
.yamllint
View file

@ -30,4 +30,4 @@ rules:
trailing-spaces: enable
truthy:
allowed-values: ['true', 'false']
check-keys: false
check-keys: true

33
tasks/main.yml
View file

@ -127,66 +127,77 @@
- always
- name: Include preliminary steps
ansible.builtin.import_tasks: prelim.yml
ansible.builtin.import_tasks:
file: prelim.yml
tags:
- prelim_tasks
- always
- name: run pre_remediation audit
ansible.builtin.include_tasks: pre_remediation_audit.yml
ansible.builtin.include_tasks:
file: pre_remediation_audit.yml
when:
- run_audit
- name: run Section 1 tasks
ansible.builtin.import_tasks: section_1/main.yml
ansible.builtin.import_tasks:
file: section_1/main.yml
when: rhel9cis_section1
tags:
- rhel9cis_section1
- name: run Section 2 tasks
ansible.builtin.import_tasks: section_2/main.yml
ansible.builtin.import_tasks:
file: section_2/main.yml
when: rhel9cis_section2
tags:
- rhel9cis_section2
- name: run Section 3 tasks
ansible.builtin.import_tasks: section_3/main.yml
ansible.builtin.import_tasks:
file: section_3/main.yml
when: rhel9cis_section3
tags:
- rhel9cis_section3
- name: run Section 4 tasks
ansible.builtin.import_tasks: section_4/main.yml
ansible.builtin.import_tasks:
file: section_4/main.yml
when: rhel9cis_section4
tags:
- rhel9cis_section4
- name: run Section 5 tasks
ansible.builtin.import_tasks: section_5/main.yml
ansible.builtin.import_tasks:
file: section_5/main.yml
when: rhel9cis_section5
tags:
- rhel9cis_section5
- name: run Section 6 tasks
ansible.builtin.import_tasks: section_6/main.yml
ansible.builtin.import_tasks:
file: section_6/main.yml
when: rhel9cis_section6
tags:
- rhel9cis_section6
- name: run auditd logic
ansible.builtin.import_tasks: auditd.yml
ansible.builtin.import_tasks:
file: auditd.yml
when: update_audit_template
tags:
- always
- name: run post remediation tasks
ansible.builtin.import_tasks: post.yml
ansible.builtin.import_tasks:
file: post.yml
tags:
- post_tasks
- always
- name: run post_remediation audit
ansible.builtin.import_tasks: post_remediation_audit.yml
ansible.builtin.import_tasks:
file: post_remediation_audit.yml
when:
- run_audit

3
tasks/section_1/cis_1.1.8.x.yml
View file

@ -8,7 +8,8 @@
changed_when: false
register: rhel9cis_1_8_1_1_mount_check
- block:
- name: "1.1.8.1 | AUDIT | Ensure /dev/shm is a separate partition"
block:
- name: "1.1.8.1 | AUDIT | Ensure /dev/shm is a separate partition | Absent"
ansible.builtin.debug:
msg: "Warning!! {{ required_mount }} doesn't exist. This is a manual task"