From 10a6a2e0dd165c0551909e8a3c19bab1be433739 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 25 Jan 2023 11:36:12 +0000
Subject: [PATCH] with_items to loop

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_3/cis_3.1.x.yml   | 4 +++-
 tasks/section_3/cis_3.4.1.x.yml | 6 ++++--
 tasks/section_4/cis_4.1.2.x.yml | 2 +-
 tasks/section_4/cis_4.2.2.x.yml | 4 ++--
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/tasks/section_3/cis_3.1.x.yml b/tasks/section_3/cis_3.1.x.yml
index 3a8e745..6de9cd7 100644
--- a/tasks/section_3/cis_3.1.x.yml
+++ b/tasks/section_3/cis_3.1.x.yml
@@ -62,7 +62,9 @@
             mode: "0600"
             owner: root
             group: root
-        loop: tipc  # note the item used in the template
+        loop:
+        - tipc
+        # note the item used in the template
 
       - name: "3.1.3 | PATCH | Ensure TIPC is disabled | blacklist"
         ansible.builtin.lineinfile:
diff --git a/tasks/section_3/cis_3.4.1.x.yml b/tasks/section_3/cis_3.4.1.x.yml
index e028734..8f3aba9 100644
--- a/tasks/section_3/cis_3.4.1.x.yml
+++ b/tasks/section_3/cis_3.4.1.x.yml
@@ -21,7 +21,8 @@
         ansible.builtin.systemd:
             name: "{{ item }}"
             masked: true
-        loop: firewalld
+        loop:
+        - firewalld
         when:
             - item in ansible_facts.packages
             - rhel9cis_firewall == 'nftables'
@@ -30,7 +31,8 @@
         ansible.builtin.systemd:
             name: "{{ item }}"
             masked: true
-        loop: nftables
+        loop:
+        - nftables
         when:
             - item in ansible_facts.packages
             - rhel9cis_firewall == 'firewalld'
diff --git a/tasks/section_4/cis_4.1.2.x.yml b/tasks/section_4/cis_4.1.2.x.yml
index e9cee1c..b830b1f 100644
--- a/tasks/section_4/cis_4.1.2.x.yml
+++ b/tasks/section_4/cis_4.1.2.x.yml
@@ -36,7 +36,7 @@
       regexp: "{{ item.regexp }}"
       line: "{{ item.line }}"
   notify: Restart auditd
-  with_items:
+  loop:
       - { regexp: '^admin_space_left_action', line: 'admin_space_left_action = {{ rhel9cis_auditd.admin_space_left_action }}' }
       - { regexp: '^action_mail_acct', line: 'action_mail_acct = {{ rhel9cis_auditd.action_mail_acct }}' }
       - { regexp: '^space_left_action', line: 'space_left_action = {{ rhel9cis_auditd.space_left_action }}' }
diff --git a/tasks/section_4/cis_4.2.2.x.yml b/tasks/section_4/cis_4.2.2.x.yml
index e22da77..72767a4 100644
--- a/tasks/section_4/cis_4.2.2.x.yml
+++ b/tasks/section_4/cis_4.2.2.x.yml
@@ -20,7 +20,7 @@
       regexp: "{{ item.regexp }}"
       line: "{{ item.line }}"
   notify: Restart systemd_journal_upload
-  with_items:
+  loop:
       - { regexp: 'URL=', line: 'URL={{ rhel9cis_journal_upload_url }}'}
       - { regexp: 'ServerKeyFile=', line: 'ServerKeyFile={{ rhel9cis_journal_upload_serverkeyfile }}'}
       - { regexp: 'ServerCertificateFile=', line: 'ServerCertificateFile={{ rhel9cis_journal_servercertificatefile }}'}
@@ -154,7 +154,7 @@
       regexp: "{{ item.regexp }}"
       line: "{{ item.line }}"
   notify: Restart systemd_journal_upload
-  with_items:
+  loop:
       - { regexp: '^#SystemMaxUse=|^SystemMaxUse=', line: 'SystemMaxUse={{ rhel9cis_journald_systemmaxuse }}'}
       - { regexp: '^#SystemKeepFree=|^SystemKeepFree=', line: 'SystemKeepFree={{ rhel9cis_journald_systemkeepfree }}' }
       - { regexp: '^#RuntimeMaxUse=|^RuntimeMaxUse=', line: 'RuntimeMaxUse={{ rhel9cis_journald_runtimemaxuse }}'}