sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

improved logic

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-02-26 12:26:19 +00:00
parent d6fb1734e3
commit 12be5388ff
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 1 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tasks/section_1/cis_1.4.x.yml
View file

@ -50,7 +50,7 @@
efi_mount_options: ['umask=0077','fmask=0077','uid=0','gid=0']
block:
- name: "1.4.2 | AUDIT | Ensure permissions on bootloader config are configured | efi based system | capture current state"
ansible.builtin.shell: grep "^[^#;]" /etc/fstab | grep '/boot/efi' | cut -d ' ' -f4
ansible.builtin.shell: grep "^[^#;]" /etc/fstab | grep '/boot/efi' | awk -F" " '{print $4}'
changed_when: false
register: discovered_efi_fstab
@ -67,10 +67,3 @@
line: \1{{ discovered_efi_fstab.stdout + efi_mount_opts_addition }}\2
backrefs: true
notify: Remount /boot/efi
- debug:
msg:
- "{{ discovered_efi_fstab.stdout }}"
- "{{ efi_mount_opts_addition }}"
- pause: