sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

revamp set facts premlim_ max_int_uid and prelim_min_int_uid

Browse source 
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
This commit is contained in:
Frederick Witty 2025-04-23 12:47:22 -04:00
parent 350b30dfe4
commit 42024903e3
No known key found for this signature in database
GPG key ID: D29987C25A47D813
2 changed files with 14 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
defaults/main.yml
View file

@ -1048,14 +1048,14 @@ rhel9cis_discover_int_uid: true
# This variable sets the minimum number from which to search for UID
# Note that the value will be dynamically overwritten if variable `rhel9cis_discover_int_uid` has
# been set to `true`.
prelim_min_int_uid: 1000
min_int_uid: 1000
### Controls:
# - Ensure local interactive user home directories exist
# - Ensure local interactive users own their home directories
# This variable sets the maximum number at which the search stops for UID
# Note that the value will be dynamically overwritten if variable `rhel9cis_discover_int_uid` has
# been set to `true`.
prelim_max_int_uid: 65533
max_int_uid: 65533
## Section6 vars
## Control 6.1.x - allow aide to be configured

21
tasks/prelim.yml
View file

@ -320,24 +320,27 @@
patterns: '*.conf,*.rules'
register: prelim_auditd_conf_files
- name: "PRELIM | AUDIT | Discover Interactive UID MIN and MIN from logins.def"
- name: "PRELIM | AUDIT | Discover Interactive UID_MIN and UID_MAX from /etc/login.defs"
when: rhel9cis_discover_int_uid
tags: always
block:
- name: "PRELIM | AUDIT | Capture UID_MIN information from logins.def"
ansible.builtin.shell: grep -w "^UID_MIN" /etc/login.defs | awk '{print $NF}'
- name: "PRELIM | AUDIT | Capture UID_MIN from /etc/login.defs"
ansible.builtin.command: awk '/^UID_MIN/ {print $2}' /etc/login.defs
changed_when: false
failed_when: false
register: prelim_uid_min_id
- name: "PRELIM | AUDIT | Capture UID_MAX information from logins.def"
ansible.builtin.shell: grep -w "^UID_MAX" /etc/login.defs | awk '{print $NF}'
- name: "PRELIM | AUDIT | Capture UID_MAX from /etc/login.defs"
ansible.builtin.command: awk '/^UID_MAX/ {print $2}' /etc/login.defs
changed_when: false
failed_when: false
register: prelim_uid_max_id
- name: "PRELIM | AUDIT | Set Fact for interactive uid/gid"
ansible.builtin.set_fact:
prelim_min_int_uid: "{{ prelim_uid_min_id.stdout }}"
prelim_max_int_uid: "{{ prelim_uid_max_id.stdout }}"
- name: "PRELIM | AUDIT | Set facts for interactive UID/GID ranges"
tags: always
ansible.builtin.set_fact:
prelim_min_int_uid: "{{ prelim_uid_min_id.stdout | default(min_int_uid) }}"
prelim_max_int_uid: "{{ prelim_uid_max_id.stdout | default(max_int_uid) }}"
- name: "PRELIM | AUDIT | Gather the package facts after prelim"
tags: