sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

with_items to loop

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-25 09:49:43 +00:00
parent 3c33ce5056
commit 466e88613e
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
8 changed files with 9 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/parse_etc_password.yml
View file

@ -11,7 +11,7 @@
- name: "PRELIM | 5.5.2 | 6.2.7 | 6.2.8 | 6.2.20 | Split passwd entries"
ansible.builtin.set_fact:
rhel9cis_passwd: "{{ rhel9cis_passwd_file_audit.stdout_lines | map('regex_replace', ld_passwd_regex, ld_passwd_yaml) | map('from_yaml') | list }}"
with_items: "{{ rhel9cis_passwd_file_audit.stdout_lines }}"
loop: "{{ rhel9cis_passwd_file_audit.stdout_lines }}"
vars:
ld_passwd_regex: >-
^(?P<id>[^:]*):(?P<password>[^:]*):(?P<uid>[^:]*):(?P<gid>[^:]*):(?P<gecos>[^:]*):(?P<dir>[^:]*):(?P<shell>[^:]*)

3
tasks/section_1/cis_1.1.2.x.yml
View file

@ -33,8 +33,7 @@
state: present
opts: defaults,{% if rhel9cis_rule_1_1_2_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_2_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_2_4 %}nosuid{% endif %}
notify: Remount tmp
with_items:
- "{{ ansible_mounts }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.device }}"
when:

3
tasks/section_1/cis_1.1.3.x.yml
View file

@ -31,8 +31,7 @@
fstype: "{{ item.fstype }}"
state: present
opts: defaults,{% if rhel9cis_rule_1_1_3_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_3_3 %}nosuid,{% endif %}
with_items:
- "{{ ansible_mounts }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.device }}"
notify: Change_requires_reboot

3
tasks/section_1/cis_1.1.4.x.yml
View file

@ -33,8 +33,7 @@
fstype: "{{ item.fstype }}"
state: present
opts: defaults,{% if rhel9cis_rule_1_1_4_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_4_3 %}nosuid,{% endif %}{% if rhel9cis_rule_1_1_4_4 %}nodev{% endif %}
with_items:
- "{{ ansible_mounts }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.device }}"
notify: Change_requires_reboot

3
tasks/section_1/cis_1.1.5.x.yml
View file

@ -33,8 +33,7 @@
fstype: "{{ item.fstype }}"
state: present
opts: defaults,{% if rhel9cis_rule_1_1_5_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_5_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_5_4 %}nosuid{% endif %}
with_items:
- "{{ ansible_mounts }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.device }}"
notify: Change_requires_reboot

3
tasks/section_1/cis_1.1.6.x.yml
View file

@ -32,8 +32,7 @@
fstype: "{{ item.fstype }}"
state: present
opts: defaults,{% if rhel9cis_rule_1_1_6_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_6_3 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_6_4 %}nosuid{% endif %}
with_items:
- "{{ ansible_mounts }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.device }}"
notify: Change_requires_reboot

3
tasks/section_1/cis_1.1.7.x.yml
View file

@ -32,8 +32,7 @@
fstype: "{{ item.fstype }}"
state: present
opts: defaults,{% if rhel9cis_rule_1_1_7_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_7_3 %}nosuid,{% endif %}
with_items:
- "{{ ansible_mounts }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.device }}"
notify: Change_requires_reboot

4
tasks/section_1/cis_1.8.x.yml
View file

@ -27,7 +27,7 @@
group: root
mode: 0644
notify: Reload dconf
with_items:
loop:
- { regexp: 'user-db', line: 'user-db:user' }
- { regexp: 'system-db', line: 'system-db:gdm' }
- { regexp: 'file-db', line: 'file-db:/usr/share/gdm/greeter-dconf-defaults' }
@ -62,7 +62,7 @@
group: root
mode: 0644
notify: Reload dconf
with_items:
loop:
- { file: '/etc/dconf/profile/gdm', regexp: 'user-db', line: 'user-db:user' }
- { file: '/etc/dconf/profile/gdm', regexp: 'system-db', line: 'system-db:gdm' }
- { file: '/etc/dconf/profile/gdm', regexp: 'file-db', line: 'file-db:/usr/share/gdm/greeter-dconf-defaults'}