From f3a91007347cfddf26ab18adecd6f88410b9572f Mon Sep 17 00:00:00 2001
From: Pruteanu <ionut.pruteanu@siemens.com>
Date: Fri, 16 Feb 2024 18:59:31 +0200
Subject: [PATCH] Small changes, improved consistency

Signed-off-by: Pruteanu <ionut.pruteanu@siemens.com>
---
 tasks/section_1/cis_1.1.7.x.yml | 2 --
 tasks/section_1/cis_1.3.x.yml   | 2 +-
 tasks/section_1/cis_1.8.x.yml   | 2 +-
 tasks/section_4/cis_4.1.3.x.yml | 4 ++--
 tasks/section_5/cis_5.2.x.yml   | 2 +-
 tasks/section_5/cis_5.6.x.yml   | 2 +-
 tasks/section_6/cis_6.2.x.yml   | 4 ++--
 7 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/tasks/section_1/cis_1.1.7.x.yml b/tasks/section_1/cis_1.1.7.x.yml
index ef16988..d113361 100644
--- a/tasks/section_1/cis_1.1.7.x.yml
+++ b/tasks/section_1/cis_1.1.7.x.yml
@@ -39,7 +39,6 @@
   notify: Change_requires_reboot
   when:
       - item.mount == "/home"
-      - rhel9cis_rule_1_1_7_1
       - rhel9cis_rule_1_1_7_2 or
         rhel9cis_rule_1_1_7_3
   tags:
@@ -49,5 +48,4 @@
       - mounts
       - rule_1.1.7.2
       - rule_1.1.7.3
-      - rule_1.1.7.4
       - skip_ansible_lint
diff --git a/tasks/section_1/cis_1.3.x.yml b/tasks/section_1/cis_1.3.x.yml
index dda9c66..3010b5a 100644
--- a/tasks/section_1/cis_1.3.x.yml
+++ b/tasks/section_1/cis_1.3.x.yml
@@ -54,7 +54,7 @@
       - patch
       - rule_1.3.2
 
-- name: "1.3.3 | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
+- name: "1.3.3 | PATCH | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
   ansible.builtin.blockinfile:
       path: /etc/aide.conf
       marker: "# {mark} Audit tools - CIS benchmark - Ansible-lockdown"
diff --git a/tasks/section_1/cis_1.8.x.yml b/tasks/section_1/cis_1.8.x.yml
index e6f4b0c..b7f4791 100644
--- a/tasks/section_1/cis_1.8.x.yml
+++ b/tasks/section_1/cis_1.8.x.yml
@@ -118,7 +118,7 @@
       - gui
       - rule_1.8.4
 
-- name: "1.8.5 PATCH | Ensure GDM screen locks cannot be overridden"
+- name: "1.8.5 | PATCH | Ensure GDM screen locks cannot be overridden"
   block:
       - name: "1.8.5 | PATCH | Ensure GDM screen locks cannot be overridden | Make lock directory"
         ansible.builtin.file:
diff --git a/tasks/section_4/cis_4.1.3.x.yml b/tasks/section_4/cis_4.1.3.x.yml
index ec925bb..2c8746a 100644
--- a/tasks/section_4/cis_4.1.3.x.yml
+++ b/tasks/section_4/cis_4.1.3.x.yml
@@ -99,7 +99,7 @@
       - level2-workstation
       - patch
       - auditd
-      - rule_4.1.3_7
+      - rule_4.1.3.7
 
 # All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.8 | PATCH | Ensure events that modify user/group information are collected"
@@ -268,7 +268,7 @@
       - level2-workstation
       - patch
       - auditd
-      - rule_4.1.20
+      - rule_4.1.3.20
 
 - name: "4.1.3.21 | AUDIT | Ensure the running and on disk configuration is the same"
   ansible.builtin.debug:
diff --git a/tasks/section_5/cis_5.2.x.yml b/tasks/section_5/cis_5.2.x.yml
index 7daf6d1..ac62767 100644
--- a/tasks/section_5/cis_5.2.x.yml
+++ b/tasks/section_5/cis_5.2.x.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: "5.2.1 | Ensure permissions on /etc/ssh/sshd_config are configured"
+- name: "5.2.1 | PATCH | Ensure permissions on /etc/ssh/sshd_config are configured"
   ansible.builtin.file:
       path: "/etc/ssh/sshd_config"
       owner: root
diff --git a/tasks/section_5/cis_5.6.x.yml b/tasks/section_5/cis_5.6.x.yml
index a2c0219..9cc58a5 100644
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@@ -2,7 +2,7 @@
 
 - name: "5.6.2 | PATCH | Ensure system accounts are secured"
   block:
-      - name: "5.6.2 | Ensure system accounts are secured | Set nologin"
+      - name: "5.6.2 | PATCH |  Ensure system accounts are secured | Set nologin"
         ansible.builtin.user:
             name: "{{ item.id }}"
             shell: /usr/sbin/nologin
diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
index 6ab91cd..e2d03e5 100644
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@@ -75,7 +75,7 @@
       - groups
       - rule_6.2.3
 
-- name: "6.2.4 | AUDIT Ensure no duplicate UIDs exist"
+- name: "6.2.4 | AUDIT | Ensure no duplicate UIDs exist"
   block:
       - name: "6.2.4 | AUDIT | Ensure no duplicate UIDs exist | Check for duplicate UIDs"
         ansible.builtin.shell: "pwck -r | awk -F: '{if ($3 in uid) print $1 ; else uid[$3]}' /etc/passwd"
@@ -88,7 +88,7 @@
             msg: "Warning!! The following users have UIDs that are duplicates: {{ rhel9cis_6_2_4_user_uid_check.stdout_lines }}"
         when: rhel9cis_6_2_4_user_uid_check.stdout | length >= 1
 
-      - name: "6.2.4 | AUDIT| Ensure no duplicate UIDs exist | warning count"
+      - name: "6.2.4 | AUDIT | Ensure no duplicate UIDs exist | warning count"
         ansible.builtin.import_tasks:
             file: warning_facts.yml
         when: rhel9cis_6_2_4_user_uid_check.stdout | length >= 1