Small changes, improved consistency

Signed-off-by: Pruteanu <ionut.pruteanu@siemens.com>
2025-12-27 15:33:06 +00:00 · 2024-02-16 18:59:31 +02:00 · 2024-02-16 18:59:31 +02:00 · f3a9100734
commit f3a9100734
parent 40bc7aa082
7 changed files with 8 additions and 10 deletions
--- a/tasks/section_1/cis_1.1.7.x.yml
+++ b/tasks/section_1/cis_1.1.7.x.yml
@ -39,7 +39,6 @@
  notify: Change_requires_reboot
  when:
      - item.mount == "/home"
-      - rhel9cis_rule_1_1_7_1
      - rhel9cis_rule_1_1_7_2 or
        rhel9cis_rule_1_1_7_3
  tags:
@ -49,5 +48,4 @@
      - mounts
      - rule_1.1.7.2
      - rule_1.1.7.3
-      - rule_1.1.7.4
      - skip_ansible_lint
--- a/tasks/section_1/cis_1.3.x.yml
+++ b/tasks/section_1/cis_1.3.x.yml
@ -54,7 +54,7 @@
      - patch
      - rule_1.3.2

- name: "1.3.3 | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
+- name: "1.3.3 | PATCH | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
  ansible.builtin.blockinfile:
      path: /etc/aide.conf
      marker: "# {mark} Audit tools - CIS benchmark - Ansible-lockdown"
--- a/tasks/section_1/cis_1.8.x.yml
+++ b/tasks/section_1/cis_1.8.x.yml
@ -118,7 +118,7 @@
      - gui
      - rule_1.8.4

- name: "1.8.5 PATCH | Ensure GDM screen locks cannot be overridden"
+- name: "1.8.5 | PATCH | Ensure GDM screen locks cannot be overridden"
  block:
      - name: "1.8.5 | PATCH | Ensure GDM screen locks cannot be overridden | Make lock directory"
        ansible.builtin.file:
--- a/tasks/section_4/cis_4.1.3.x.yml
+++ b/tasks/section_4/cis_4.1.3.x.yml
@ -99,7 +99,7 @@
      - level2-workstation
      - patch
      - auditd
-      - rule_4.1.3_7
+      - rule_4.1.3.7

 # All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.8 | PATCH | Ensure events that modify user/group information are collected"
@ -268,7 +268,7 @@
      - level2-workstation
      - patch
      - auditd
-      - rule_4.1.20
+      - rule_4.1.3.20

 - name: "4.1.3.21 | AUDIT | Ensure the running and on disk configuration is the same"
  ansible.builtin.debug:
--- a/tasks/section_5/cis_5.2.x.yml
+++ b/tasks/section_5/cis_5.2.x.yml
@ -1,6 +1,6 @@
 ---

- name: "5.2.1 | Ensure permissions on /etc/ssh/sshd_config are configured"
+- name: "5.2.1 | PATCH | Ensure permissions on /etc/ssh/sshd_config are configured"
  ansible.builtin.file:
      path: "/etc/ssh/sshd_config"
      owner: root
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@ -2,7 +2,7 @@

 - name: "5.6.2 | PATCH | Ensure system accounts are secured"
  block:
-      - name: "5.6.2 | Ensure system accounts are secured | Set nologin"
+      - name: "5.6.2 | PATCH |  Ensure system accounts are secured | Set nologin"
        ansible.builtin.user:
            name: "{{ item.id }}"
            shell: /usr/sbin/nologin
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@ -75,7 +75,7 @@
      - groups
      - rule_6.2.3

- name: "6.2.4 | AUDIT Ensure no duplicate UIDs exist"
+- name: "6.2.4 | AUDIT | Ensure no duplicate UIDs exist"
  block:
      - name: "6.2.4 | AUDIT | Ensure no duplicate UIDs exist | Check for duplicate UIDs"
        ansible.builtin.shell: "pwck -r | awk -F: '{if ($3 in uid) print $1 ; else uid[$3]}' /etc/passwd"
@ -88,7 +88,7 @@
            msg: "Warning!! The following users have UIDs that are duplicates: {{ rhel9cis_6_2_4_user_uid_check.stdout_lines }}"
        when: rhel9cis_6_2_4_user_uid_check.stdout | length >= 1

-      - name: "6.2.4 | AUDIT| Ensure no duplicate UIDs exist | warning count"
+      - name: "6.2.4 | AUDIT | Ensure no duplicate UIDs exist | warning count"
        ansible.builtin.import_tasks:
            file: warning_facts.yml
        when: rhel9cis_6_2_4_user_uid_check.stdout | length >= 1