updated marker

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-03-10 15:19:35 +00:00 · 2023-03-10 15:19:35 +00:00 · 5e5174a5b0
commit 5e5174a5b0
parent ebdb8b9129
3 changed files with 8 additions and 8 deletions
--- a/tasks/section_1/cis_1.3.x.yml
+++ b/tasks/section_1/cis_1.3.x.yml
@ -57,7 +57,7 @@
 - name: "1.3.3 | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
  ansible.builtin.blockinfile:
      path: /etc/aide.conf
-      marker: "# {mark} Audit tools (CIS - Ansible)"
+      marker: "# {mark} Audit tools - CIS benchmark - Ansible-lockdown"
      block: |
        /sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
        /sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
--- a/tasks/section_4/cis_4.2.1.x.yml
+++ b/tasks/section_4/cis_4.2.1.x.yml
@ -75,7 +75,7 @@
      - name: "4.2.1.5 | PATCH | Ensure logging is configured | mail.* log setting"
        ansible.builtin.blockinfile:
            path: /etc/rsyslog.conf
-            marker: "# {mark} MAIL LOG SETTINGS (ANSIBLE MANAGED)"
+            marker: "# {mark} MAIL LOG SETTINGS - CIS benchmark - Ansible-lockdown"
            block: |
              # mail logging additions to meet CIS standards
              mail.*                                                  -/var/log/mail
@ -90,7 +90,7 @@
        ansible.builtin.blockinfile:
            path: /etc/rsyslog.conf
            state: present
-            marker: "# {mark} NEWS LOG SETTINGS (ANSIBLE MANAGED)"
+            marker: "# {mark} NEWS LOG SETTINGS - CIS benchmark - Ansible-lockdown"
            block: |
              # news logging additions to meet CIS standards
              news.crit                                               -/var/log/news/news.crit
@ -103,7 +103,7 @@
        ansible.builtin.blockinfile:
            path: /etc/rsyslog.conf
            state: present
-            marker: "# {mark} MISC. LOG SETTINGS (ANSIBLE MANAGED)"
+            marker: "# {mark} MISC. LOG SETTINGS - CIS benchmark - Ansible-lockdown"
            block: |
              # misc. logging additions to meet CIS standards
              *.=warning;*.=err                                        -/var/log/warn
@ -117,7 +117,7 @@
        ansible.builtin.blockinfile:
            path: /etc/rsyslog.conf
            state: present
-            marker: "#{mark} LOCAL LOG SETTINGS (ANSIBLE MANAGED)"
+            marker: "#{mark} LOCAL LOG SETTINGS - CIS benchmark - Ansible-lockdown"
            block: |
              # local log settings to meet CIS standards
              local0,local1.*                                          -/var/log/localmessages
@ -132,7 +132,7 @@
        ansible.builtin.blockinfile:
            path: /etc/rsyslog.conf
            state: present
-            marker: "#{mark} Auth SETTINGS (ANSIBLE MANAGED)"
+            marker: "#{mark} Auth SETTINGS - CIS benchmark - Ansible-lockdown"
            block: |
              # Private settings to meet CIS standards
              auth,authpriv.*                                           /var/log/secure
@ -143,7 +143,7 @@
        ansible.builtin.blockinfile:
            path: /etc/rsyslog.conf
            state: present
-            marker: "#{mark} Cron SETTINGS (ANSIBLE MANAGED)"
+            marker: "#{mark} Cron SETTINGS - CIS benchmark - Ansible-lockdown"
            block: |
              # Cron settings to meet CIS standards
              cron.*                                                   /var/log/cron
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@ -48,7 +48,7 @@
  ansible.builtin.blockinfile:
      path: "{{ item.path }}"
      state: "{{ item.state }}"
-      marker: "# {mark} CIS 5.6.3 ANSIBLE MANAGED"
+      marker: "# {mark} - CIS benchmark - Ansible-lockdown"
      create: true
      mode: 0644
      block: |