ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updated OS checks and conditionals

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-02-01 09:39:13 +00:00
parent 113d422dd4
commit fa68e03517
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
3 changed files with 17 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml
View file

@ -8,6 +8,9 @@ container_vars_file: is_container.yml
# system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks # system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
system_is_ec2: false system_is_ec2: false
# Run the OS validation check
os_check: true
rhel9cis_notauto: false rhel9cis_notauto: false
rhel9cis_section1: true rhel9cis_section1: true
rhel9cis_section2: true rhel9cis_section2: true

23
tasks/main.yml
View file

@ -1,23 +1,24 @@
--- ---
# tasks file for RHEL9-CIS # tasks file for RHEL9-CIS
- name: Check OS version and family - name: Check OS version and family
assert: assert:
that: that: (ansible_os_family == 'RedHat' or ansible_os_family == "Rocky") and ansible_distribution_major_version is version_compare('8', '==')
- (ansible_os_family == 'RedHat' or ansible_os_family == "Rocky") fail_msg: "This role can only be run against RHEL8 family OSs. {{ ansible_distribution }} {{ ansible_distribution_major_version }} is not supported."
- ansible_distribution_major_version |int >= 8 success_msg: "This role is running against a supported OS {{ ansible_distribution }} {{ ansible_distribution_major_version }}"
fail_msg: "This role can only be run against RHEL 8 or 9. {{ ansible_distribution }} {{ ansible_distribution_major_version }} is not supported." when:
success_msg: "Supported OS release and version" - os_check
- not system_is_ec2
tags: tags:
- always - always
- name: Check ansible version - name: Check ansible version
assert: assert:
that: that: ansible_version.full is version_compare(min_ansible_version, '>=')
- "ansible_version.full is version_compare ('2.9', '>=')" fail_msg: "You must use Ansible {{ min_ansible_version }} or greater"
fail_msg: "You must use ansible 2.9 or greater" success_msg: "This role is running a supported version of ansible {{ ansible_version.full }} >= {{ min_ansible_version }}"
success_msg: "Supported ansible_version"
tags: tags:
- always - always
- name: Setup rules if container - name: Setup rules if container
block: block:

2
vars/main.yml
View file

@ -1,5 +1,7 @@
--- ---
# vars file for RHEL9-CIS # vars file for RHEL9-CIS
min_ansible_version: 2.9
rhel9cis_allowed_crypto_policies: rhel9cis_allowed_crypto_policies:
- 'FUTURE' - 'FUTURE'
- 'FIPS' - 'FIPS'