sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Updated title for authselect checks

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-23 14:14:46 +00:00
parent 2555971fea
commit 3d0cbce21e
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/main.yml
View file

@ -106,22 +106,22 @@
fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} is locked - It can break access" fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} is locked - It can break access"
success_msg: "The local account is not locked for {{ ansible_env.SUDO_USER }} user" success_msg: "The local account is not locked for {{ ansible_env.SUDO_USER }} user"
- name: "PRELIM | AUDIT | Check authselect profile is selected" - name: "Check authselect profile is selected"
when: rhel9cis_allow_authselect_updates when: rhel9cis_allow_authselect_updates
tags: always tags: always
block: block:
- name: "PRELIM | AUDIT | Check authselect profile name has been updated" - name: "Check authselect profile name has been updated | Ensure name from default is changed"
ansible.builtin.assert: ansible.builtin.assert:
that: rhel9cis_authselect_custom_profile_name != 'cis_example_profile' that: rhel9cis_authselect_custom_profile_name != 'cis_example_profile'
fail_msg: "You still have the default name for your authselect profile" fail_msg: "You still have the default name for your authselect profile"
- name: "PRELIM | AUDIT | Check authselect profile is selected" - name: "Check authselect profile is selected | Check current profile"
ansible.builtin.shell: authselect current | head -1 | awk '{print $NF}' ansible.builtin.shell: authselect current | head -1 | awk '{print $NF}'
changed_when: false changed_when: false
failed_when: prelim_authselect_current_profile.rc not in [ 0, 1 ] failed_when: prelim_authselect_current_profile.rc not in [ 0, 1 ]
register: prelim_authselect_current_profile register: prelim_authselect_current_profile
- name: "PRELIM | AUDIT | Check authselect profile is selected" - name: "Check authselect profile is selected | Ensure profile name is set"
ansible.builtin.assert: ansible.builtin.assert:
that: prelim_authselect_current_profile is defined that: prelim_authselect_current_profile is defined
success_msg: "Authselect is running and profile is selected" success_msg: "Authselect is running and profile is selected"