lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-09-16 11:34:42 +01:00 · 2022-09-16 11:34:42 +01:00 · 3df35e03a0
commit 3df35e03a0
parent 1992eea6da
14 changed files with 58 additions and 55 deletions
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@ -5,7 +5,7 @@
      - name: "6.1.1 | AUDIT | Audit system file permissions | Audit the packages"
        shell: rpm -Va --nomtime --nosize --nomd5 --nolinkto
        args:
-            warn: no
+            warn: false
        changed_when: false
        failed_when: false
        register: rhel9cis_6_1_1_packages_rpm
@ -16,6 +16,9 @@
              copy:
                  dest: "{{ rhel9cis_rpm_audit_file }}"
                  content: "{{ rhel9cis_6_1_1_packages_rpm.stdout }}"
+                  owner: root
+                  group: root
+                  mode: 0640

            - name: "6.1.1 | AUDIT | Audit system file permissions | Message out alert for package descrepancies"
              debug:
@ -26,7 +29,7 @@
            - name: "6.1.1 | AUDIT | Audit system file permissions | warning count"
              set_fact:
                  control_number: "{{ control_number }} + [ 'rule_6.1.1' ]"
-                  warn_count: "{{ warn_count|int + 1 }}"
+                  warn_count: "{{ warn_count | int + 1 }}"
        when: rhel9cis_6_1_1_packages_rpm.stdout|length > 0

      - name: "6.1.1 | AUDIT | Audit system file permissions | Message out no package descrepancies"
@ -46,7 +49,7 @@
 - name: "6.1.2 | PATCH | Ensure sticky bit is set on all world-writable directories"
  shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
  args:
-      warn: no
+      warn: false
  changed_when: false
  failed_when: false
  when: