sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Merge pull request #274 from jsonar-cpapke/fix_pam_unix_enabled_audit

Browse source 
Use shell for grep with shell expansions
This commit is contained in:
uk-bolly 2025-01-10 16:31:06 +00:00 committed by GitHub
commit 39270dbbf3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/section_5/cis_5.3.2.x.yml
View file

@ -141,7 +141,7 @@
- rule_5.3.2.5 - rule_5.3.2.5
block: block:
- name: "5.3.2.5 | AUDIT | Ensure pam_unix module is enabled" - name: "5.3.2.5 | AUDIT | Ensure pam_unix module is enabled"
ansible.builtin.command: grep -P -- '\b(pam_unix\.so)\b' /etc/authselect/"$(head -1 /etc/authselect/authselect.conf)"/{system,password}-auth ansible.builtin.shell: grep -P -- '\b(pam_unix\.so)\b' /etc/authselect/"$(head -1 /etc/authselect/authselect.conf)"/{system,password}-auth
changed_when: false changed_when: false
failed_when: discovered_discovered_authselect_pam_unix.rc not in [ 0, 1 ] failed_when: discovered_discovered_authselect_pam_unix.rc not in [ 0, 1 ]
register: discovered_discovered_authselect_pam_unix register: discovered_discovered_authselect_pam_unix