updated authselect logic

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-08-08 11:08:09 +01:00 · 2024-08-08 11:08:09 +01:00 · 565ef20715
commit 565ef20715
parent 9598139f4c
4 changed files with 135 additions and 93 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -112,6 +112,29 @@
            fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} is locked - It can break access"
            success_msg: "The local account is not locked for {{ ansible_env.SUDO_USER }} user"

+- name: "PRELIM | AUDIT | Check authselect profile is selected"
+  when:
+      - rhel9cis_allow_authselect_updates
+  tags:
+      - always
+  block:
+      - name: "PRELIM | AUDIT | Check authselect profile name has been updated"
+        ansible.builtin.assert:
+          that: rhel9cis_authselect_custom_profile_name != 'cis_example_profile'
+          fail_msg: "You still have the default name for your authselect profile"
+
+      - name: "PRELIM | AUDIT | Check authselect profile is selected"
+        ansible.builtin.shell: authselect current
+        changed_when: false
+        failed_when: prelim_authselect_current_config.rc not in [ 0, 1 ]
+        register: prelim_authselect_current_config
+
+      - name: "PRELIM | AUDIT | Check authselect profile is selected"
+        ansible.builtin.assert:
+          that: prelim_authselect_current_config is defined
+          success_msg: "Authselect is running and profile is selected"
+          fail_msg: Authselect updates have been selected there are issues with profile selection"
+
 - name: "Ensure root password is set"
  when:
    - rhel9cis_rule_5_4_2_4