consistent vars and names

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/main.yml

@@ -20,18 +20,18 @@
   tags:
       - always
 
-- name: "Check password set for {{ ansible_user }}"
+- name: "Check password set for {{ ansible_env.SUDO_USER }}"
   block:
-      - name: Capture current password state of connecting user"
+      - name: "Check password set for {{ ansible_env.SUDO_USER }} | password state"
         ansible.builtin.shell: "grep {{ ansible_env.SUDO_USER }} /etc/shadow | awk -F: '{print $2}'"
         changed_when: false
         failed_when: false
         check_mode: false
-        register: ansible_user_password_set
+        register: rhel9cis_ansible_user_password_set
 
-      - name: "Assert that password set for {{ ansible_env.SUDO_USER }} and account not locked"
+      - name: "Check password set for {{ ansible_env.SUDO_USER }} | Assert password set and not locked"
         ansible.builtin.assert:
-            that: ansible_user_password_set.stdout | length != 0 and ansible_user_password_set.stdout != "!!"
+            that: ansible_user_password_set.stdout | length != 0 and rhel9cis_ansible_user_password_set.stdout != "!!"
             fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} has no password set - It can break access"
             success_msg: "You have a password set for the {{ ansible_env.SUDO_USER }} user"
         vars:
@@ -41,6 +41,7 @@
       - not system_is_ec2
   tags:
       - user_passwd
+      - rule_5.3.4
 
 - name: "Ensure root password is set"
   block:

tasks/prelim.yml

@@ -54,7 +54,7 @@
 
 - name: "PRELIM | Setup crypto-policy"
   block:
-      - name: "PRELIM | Install crypto-policies"
+      - name: "PRELIM | Install crypto-policies | pkgs present"
         ansible.builtin.package:
             name:
                 - crypto-policies
@@ -65,16 +65,16 @@
         ansible.builtin.shell: 'update-crypto-policies --show'
         changed_when: false
         check_mode: false
-        register: system_wide_crypto_policy
+        register: rhel9cis_system_wide_crypto_policy
 
-      - name: "PRELIM | Gather system-wide crypto-policy"
+      - name: "PRELIM | Gather system-wide crypto-policy | set fact system policy"
         ansible.builtin.set_fact:
-            current_crypto_policy: "{{ system_wide_crypto_policy.stdout.split(':')[0] }}"
+            current_crypto_policy: "{{ rhel9cis_system_wide_crypto_policy.stdout.split(':')[0] }}"
 
-      - name: "PRELIM | Gather system-wide crypto-policy module"
+      - name: "PRELIM | Gather system-wide crypto-policy module | set fact system policy submodule"
         ansible.builtin.set_fact:
-            current_crypto_module: "{{ system_wide_crypto_policy.stdout.split(':')[1] }}"
+            current_crypto_module: "{{ rhel9cis_system_wide_crypto_policy.stdout.split(':')[1] }}"
-        when: "':' in system_wide_crypto_policy.stdout"
+        when: "':' in rhel9cis_system_wide_crypto_policy.stdout"
   when:
       - rhel9cis_rule_1_10
   tags:

tasks/section_1/cis_1.10.yml

@@ -12,7 +12,7 @@
             update-crypto-policies
         notify: change_requires_reboot
         when:
-            - system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
+            - rhel9cis_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
   when:
       - rhel9cis_rule_1_10