lint

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-04-05 10:24:47 +01:00 · 2022-04-05 10:24:47 +01:00 · 13a6746997
commit 13a6746997
parent 4e873bc0d6
24 changed files with 104 additions and 107 deletions
--- a/tasks/section_5/cis_5.1.x.yml
+++ b/tasks/section_5/cis_5.1.x.yml
@ -168,4 +168,4 @@
      - automated
      - patch
      - cron
-      - rule_5.1.9
+      - rule_5.1.9
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@ -54,7 +54,7 @@
        with_items:
            - "system-auth"
            - "password-auth"
-  when: 
+  when:
      - ansible_distribution_version <= "8.1"
      - rhel9cis_rule_5_5_2

@ -67,7 +67,7 @@
  with_items:
      - { regexp: '^\s*deny\s*=\s*[1-5]\b', line: 'deny = 5' }
      - { regexp: '^\s*unlock_time\s*=\s*(0|9[0-9][0-9]|[1-9][0-9][0-9][0-9]+)\b', line: 'unlock_time = 900' }
-  when: 
+  when:
      - ansible_distribution_version >= "8.2"
      - rhel9cis_rule_5_5_2

@ -79,9 +79,9 @@
            state: present
            line: "password    requisite     pam_pwhistory.so try_first_pass local_users_only enforce_for_root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
            insertafter: '^password\s*requisite\s*pam_pwquality.so'
-        
+
      - name: "5.5.3 | PATCH | Ensure password reuse is limited | pam_unix"
-        replace: 
+        replace:
            path: /etc/pam.d/system-auth
            regexp: '^password\s*sufficient\s*pam_unix.so.*$'
            replace: 'password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok remember={{ rhel9cis_pam_faillock.remember }}'
@ -97,15 +97,15 @@
  block:
      - name: "5.5.4 | PATCH | Ensure password hashing algorithm is SHA-512 | libuser.conf"
        replace:
-          path: /etc/libuser.conf
-          regexp: '^crypt_style\s*=\s*.*$'
-          replace: 'crypt_style = sha512'
-      
+            path: /etc/libuser.conf
+            regexp: '^crypt_style\s*=\s*.*$'
+            replace: 'crypt_style = sha512'
+
      - name: "5.5.4 | PATCH | Ensure password hashing algorithm is SHA-512 | login.defs"
        replace:
-          path: /etc/login.defs
-          regexp: '^ENCRYPT_METHOD.*'
-          replace: 'ENCRYPT_METHOD SHA512'
+            path: /etc/login.defs
+            regexp: '^ENCRYPT_METHOD.*'
+            replace: 'ENCRYPT_METHOD SHA512'

      - name: "5.5.4 | PATCH | Ensure password hashing algorithm is SHA-512 | password-auth"
        replace:
@ -114,7 +114,7 @@
            replace: 'password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok remember={{ rhel9cis_pam_faillock.remember }}'

      - name: "5.5.4 | PATCH | Ensure password hashing algorithm is SHA-512 | system-auth"
-        replace: 
+        replace:
            path: /etc/pam.d/system-auth
            regexp: '^password\s*sufficient\s*pam_unix.so.*$'
            replace: 'password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok remember={{ rhel9cis_pam_faillock.remember }}'
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@ -73,8 +73,8 @@

 - name: "5.6.4 | PATCH | Ensure default group for the root account is GID 0"
  user:
-    name: root
-    group: 0
+      name: root
+      group: 0
  when:
      - rhel9cis_rule_5_6_4
  tags: