updated yamllint, company naming, linting and spacing

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-12-04 11:45:13 +00:00 · 2024-12-04 11:45:13 +00:00 · 2de8a39cdc
commit 2de8a39cdc
parent 1b694832bb
66 changed files with 461 additions and 675 deletions
--- a/tasks/section_6/cis_6.3.1.x.yml
+++ b/tasks/section_6/cis_6.3.1.x.yml
@ -27,8 +27,7 @@
        state: present

 - name: "6.3.1.2 | PATCH | Ensure auditing for processes that start prior to auditd is enabled"
-  when:
-    - rhel9cis_rule_6_3_1_2
+  when: rhel9cis_rule_6_3_1_2
  tags:
    - level2-server
    - level2-workstation
@ -49,11 +48,11 @@
        - discovered_grubby_curr_value_audit_linux.stdout == '' or
          '0' in discovered_grubby_curr_value_audit_linux.stdout or
          'off' in discovered_grubby_curr_value_audit_linux.stdout|lower
-      ansible.builtin.shell: grubby --update-kernel=ALL --args="audit=1"
+      ansible.builtin.command: grubby --update-kernel=ALL --args="audit=1"
+      changed_when: true

 - name: "6.3.1.3 | PATCH | Ensure audit_backlog_limit is sufficient"
-  when:
-    - rhel9cis_rule_6_3_1_3
+  when: rhel9cis_rule_6_3_1_3
  tags:
    - level2-server
    - level2-workstation
@ -81,21 +80,18 @@
        discovered_reset_backlog_limits: true

    - name: "6.3.1.3 | AUDIT | Check to see if any limits are too low"
-      when:
-        - (item | int < rhel9cis_audit_back_log_limit)
+      when: (item | int < rhel9cis_audit_back_log_limit)
      ansible.builtin.set_fact:
        discovered_reset_backlog_limits: true
      loop: "{{ discovered_grubby_curr_value_backlog_linux.stdout_lines }}"

    - name: "6.3.1.3 | AUDIT | Ensure audit_backlog_limit is sufficient | Grubby update applied"
-      when:
-        - discovered_reset_backlog_limits is defined
-      ansible.builtin.shell:
-        cmd: 'grubby --update-kernel=ALL --args="audit_backlog_limit={{ rhel9cis_audit_back_log_limit }}"'
+      when: discovered_reset_backlog_limits is defined
+      ansible.builtin.command: 'grubby --update-kernel=ALL --args="audit_backlog_limit={{ rhel9cis_audit_back_log_limit }}"'
+      changed_when: true

 - name: "6.3.1.4 | PATCH | Ensure auditd service is enabled and active"
-  when:
-    - rhel9cis_rule_6_3_1_4
+  when: rhel9cis_rule_6_3_1_4
  tags:
    - level2-server
    - level2-workstation