v1.0.0 updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-09 16:29:47 +00:00 · 2023-01-09 16:29:47 +00:00 · 2634fabd41
commit 2634fabd41
parent 4e004e7d88
18 changed files with 288 additions and 329 deletions
--- a/tasks/section_1/cis_1.8.x.yml
+++ b/tasks/section_1/cis_1.8.x.yml
@ -1,7 +1,7 @@
 ---

 - name: "1.8.1 | PATCH | Ensure GNOME Display Manager is removed"
-  package:
+  ansible.builtin.package:
      name: gdm
      state: absent
  when:
@ -16,7 +16,7 @@
      - rule_1.8.1

 - name: "1.8.2 | PATCH | Ensure GDM login banner is configured"
-  lineinfile:
+  ansible.builtin.lineinfile:
      path: "{{ item.file }}"
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
@ -45,8 +45,8 @@
      - gdm
      - rule_1.8.2

- name: "1.8.3 | PATCH | Ensure last logged in user display is disabled"
-  lineinfile:
+- name: "1.8.3 | PATCH | Ensure GDM disable-user-list option is enabled"
+  ansible.builtin.lineinfile:
      path: "{{ item.file }}"
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
@ -72,24 +72,8 @@
      - gui
      - rule_1.8.3

- name: "1.8.4 | PATCH | Ensure XDMCP is not enabled"
-  lineinfile:
-      path: /etc/gdm/custom.conf
-      regexp: 'Enable=true'
-      state: absent
-  when:
-      - rhel9cis_rule_1_8_4
-      - rhel9cis_gui
-  tags:
-      - level1-server
-      - level1-workstation
-      - automated
-      - patch
-      - gui
-      - rule_1.8.4
-
- name: "1.8.5 | PATCH | Ensure automatic mounting of removable media is disabled"
-  lineinfile:
+- name: "1.8.6 | PATCH | Ensure automatic mounting of removable media is disabled"
+  ansible.builtin.lineinfile:
      path: /etc/dconf/db/local.d/00-media-automount
      regexp: "{{ item.regex }}"
      line: "{{ item.line }}"
@ -103,7 +87,7 @@
      - { regex: 'automount=', line: 'automount=false' }
      - { regex: 'automount-open=', line: 'automount-open=false'}
  when:
-      - rhel9cis_rule_1_8_5
+      - rhel9cis_rule_1_8_6
      - rhel9cis_gui
  tags:
      - level1-server
@ -111,4 +95,21 @@
      - automated
      - patch
      - gui
-      - rule_1.8.5
+      - rule_1.8.6
+
+
+- name: "1.8.10 | PATCH | Ensure XDMCP is not enabled"
+  ansible.builtin.lineinfile:
+      path: /etc/gdm/custom.conf
+      regexp: 'Enable=true'
+      state: absent
+  when:
+      - rhel9cis_rule_1_8_10
+      - rhel9cis_gui
+  tags:
+      - level1-server
+      - level1-workstation
+      - automated
+      - patch
+      - gui
+      - rule_1.8.4