renamed variables

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-09-05 17:36:07 +01:00 · 2024-09-05 17:36:07 +01:00 · 14d038e8eb
commit 14d038e8eb
parent c58c4eb4e8
14 changed files with 113 additions and 113 deletions
--- a/tasks/section_5/cis_5.3.3.4.x.yml
+++ b/tasks/section_5/cis_5.3.3.4.x.yml
@ -14,18 +14,18 @@
    - name: "5.3.3.4.1 | PATCH | Ensure pam_unix does not include nullok | capture state"
      ansible.builtin.shell: grep -E "pam_unix.so.*nullok" /etc/pam.d/*-auth | cut -d ':' -f1 | uniq
      changed_when: false
-      failed_when: rhel9cis_pam_nullok.rc not in [ 0, 1 ]
-      register: rhel9cis_pam_nullok
+      failed_when: discovered_pam_nullok.rc not in [ 0, 1 ]
+      register: discovered_pam_nullok

    - name: "5.3.3.4.1 | PATCH | Ensure pam_unix does not include nullok | Ensure nullok removed"
      when:
-        - rhel9cis_pam_nullok.stdout | length > 0
+        - discovered_pam_nullok.stdout | length > 0
        - not rhel9cis_allow_authselect_updates
      ansible.builtin.replace:
        path: "{{ item }}"
        regexp: nullok
        replace: ''
-      loop: "{{ rhel9cis_pam_nullok.stdout_lines }}"
+      loop: "{{ discovered_pam_nullok.stdout_lines }}"

    - name: "5.3.3.4.1 | PATCH | Ensure password number of changed characters is configured | Remove nullok from pam files AuthSelect"
      when:
@ -53,18 +53,18 @@
    - name: "5.3.3.4.2 | AUDIT | Ensure pam_unix does not include remember | capture state"
      ansible.builtin.shell: grep -E "password.*pam_unix.so.*remember" /etc/pam.d/*-auth | cut -d ':' -f1 | uniq
      changed_when: false
-      failed_when: rhel9cis_pam_remember.rc not in [ 0, 1 ]
-      register: rhel9cis_pam_remember
+      failed_when: discovered_pam_remember.rc not in [ 0, 1 ]
+      register: discovered_pam_remember

    - name: "5.3.3.4.2 | PATCH | Ensure pam_unix does not include remember | Ensure remember removed"
      when:
        - not rhel9cis_allow_authselect_updates
-        - rhel9cis_pam_remember.stdout | length > 0
+        - discovered_pam_remember.stdout | length > 0
      ansible.builtin.replace:
        path: "{{ item }}"
        regexp: remember
        replace: ''
-      loop: "{{ rhel9cis_pam_remember.stdout_lines }}"
+      loop: "{{ discovered_pam_remember.stdout_lines }}"

    - name: "5.3.3.4.2 | PATCH | Ensure pam_unix does not include remember  | Remove remember from pam files AuthSelect"
      when:
@ -93,18 +93,18 @@
    - name: "5.3.3.4.3 | AUDIT | Ensure pam_unix includes a strong password hashing algorithm | capture state"
      ansible.builtin.shell: grep -E "password.*pam_unix.so.*(sha512|yescrypt)" /etc/pam.d/*-auth | cut -d ':' -f1 | uniq
      changed_when: false
-      failed_when: rhel9cis_pam_pwhash.rc not in [ 0, 1 ]
-      register: rhel9cis_pam_pwhash
+      failed_when: discovered_pam_pwhash.rc not in [ 0, 1 ]
+      register: discovered_pam_pwhash

    - name: "5.3.3.4.3 | PATCH | Ensure pam_unix includes a strong password hashing algorithm | Ensure hash algorithm set"
      when:
        - not rhel9cis_allow_authselect_updates
-        - rhel9cis_pam_remember.stdout | length > 0
+        - discovered_pam_remember.stdout | length > 0
      ansible.builtin.replace:
        path: "{{ item }}"
        regexp: "(md5|bigcrypt|sha256|blowfish|gost_yescrypt|sha512|yescrypt)"
        replace: '{{ rhel9cis_passwd_hash_algo }}'
-      loop: "{{ rhel9cis_pam_remember.stdout_lines }}"
+      loop: "{{ discovered_pam_remember.stdout_lines }}"

    - name: "5.3.3.4.3 | PATCH | Ensure pam_unix includes a strong password hashing algorithm | Add hash algorithm to pam files AuthSelect"
      when:
@ -134,20 +134,20 @@
    - name: "5.3.3.4.4 | PATCH | Ensure pam_unix includes use_authtok | capture state"
      ansible.builtin.shell: grep -PH -- '^\h*^password\h*[^#\n\r]+\h+pam_unix.so\b' /etc/pam.d/{password,system}-auth | grep -Pv -- '\buse_authtok\b'
      changed_when: false
-      failed_when: rhel9cis_pam_authtok.rc not in [ 0, 1 ]
-      register: rhel9cis_pam_authtok
+      failed_when: discovered_pam_authtok.rc not in [ 0, 1 ]
+      register: discovered_pam_authtok

    - name: "5.3.3.4.4 | PATCH | Ensure pam_unix includes use_authtok | pam_files"
      when:
        - not rhel9cis_allow_authselect_updates
-        - rhel9cis_pam_authtok is defined
-        - rhel9cis_pam_authtok.stdout | length > 0
+        - discovered_pam_authtok is defined
+        - discovered_pam_authtok.stdout | length > 0
      ansible.builtin.lineinfile:
        path: "{{ item }}"
        regexp: ^(\s*password\s+)(requisite|required|sufficient)(\s+pam_unix.so\s)(.*)use_authtok(.*$)
        line: \1\2\3\4use_authtok \5
        backrefs: true
-      loop: "{{ rhel9cis_pam_authtok.stdout_lines }}"
+      loop: "{{ discovered_pam_authtok.stdout_lines }}"

    - name: "5.3.3.4.4 | PATCH | Ensure pam_unix includes use_authtok | Add use_authtok pam files AuthSelect"
      when: