updated yamllint, company naming, linting and spacing

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-12-04 11:45:13 +00:00 · 2024-12-04 11:45:13 +00:00 · 2de8a39cdc
commit 2de8a39cdc
parent 1b694832bb
66 changed files with 461 additions and 675 deletions
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@ -19,10 +19,11 @@
      register: discovered_aide_installed

    - name: "6.1.1 | PATCH | Ensure AIDE is installed| Build AIDE DB"
-      when: discovered_aide_installed.changed  # noqa: no-handler
+      when: discovered_aide_installed.changed  # noqa no-handler
      block:
        - name: "6.1.1 | PATCH | Ensure AIDE is installed| Build AIDE DB"
-          ansible.builtin.shell: /usr/sbin/aide --init
+          ansible.builtin.command: /usr/sbin/aide --init
+          changed_when: true

        - name: "6.1.1 | PATCH | Ensure AIDE is installed| Build AIDE DB | Wait for file before continuing"
          ansible.builtin.wait_for:
@ -33,6 +34,7 @@
            src: /var/lib/aide/aide.db.new.gz
            dest: /var/lib/aide/aide.db.gz
            remote_src: true
+            mode: 'go-wx'

 - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked"
  when:
@ -62,15 +64,15 @@

    - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked | aide service"
      when: rhel9cis_aide_scan == "timer"
-      ansible.builtin.systemd:
+      ansible.builtin.systemd_service:
        name: aidecheck.service
        enabled: true

    - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked | aide service"
      when: rhel9cis_aide_scan == "timer"
-      ansible.builtin.systemd:
+      ansible.builtin.systemd_service:
        name: aidecheck.timer
-        state: running
+        state: started
        enabled: true

 - name: "6.1.3 | PATCH | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"