forked from ansible-lockdown/RHEL9-CIS
updated to template for banner
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
5eb72bc544
commit
6541736459
1 changed files with 27 additions and 17 deletions
|
|
@ -7,6 +7,7 @@
|
||||||
when:
|
when:
|
||||||
- rhel9cis_rule_1_8_1
|
- rhel9cis_rule_1_8_1
|
||||||
- "'gdm' in ansible_facts.packages"
|
- "'gdm' in ansible_facts.packages"
|
||||||
|
- not rhel9cis_gui
|
||||||
tags:
|
tags:
|
||||||
- level2-server
|
- level2-server
|
||||||
- patch
|
- patch
|
||||||
|
|
@ -15,23 +16,32 @@
|
||||||
- rule_1.8.1
|
- rule_1.8.1
|
||||||
|
|
||||||
- name: "1.8.2 | PATCH | Ensure GDM login banner is configured"
|
- name: "1.8.2 | PATCH | Ensure GDM login banner is configured"
|
||||||
ansible.builtin.lineinfile:
|
block:
|
||||||
path: "{{ item.file }}"
|
- name: "1.8.2 | PATCH | Ensure GDM login banner is configured | gdm profile"
|
||||||
regexp: "{{ item.regexp }}"
|
ansible.builtin.lineinfile:
|
||||||
line: "{{ item.line }}"
|
path: /etc/dconf/profile/gdm
|
||||||
state: present
|
regexp: "{{ item.regexp }}"
|
||||||
create: true
|
line: "{{ item.line }}"
|
||||||
owner: root
|
state: present
|
||||||
group: root
|
create: true
|
||||||
mode: 0644
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: Reload dconf
|
||||||
|
with_items:
|
||||||
|
- { regexp: 'user-db', line: 'user-db:user' }
|
||||||
|
- { regexp: 'system-db', line: 'system-db:gdm' }
|
||||||
|
- { regexp: 'file-db', line: 'file-db:/usr/share/gdm/greeter-dconf-defaults' }
|
||||||
|
|
||||||
|
- name: "1.8.2 | PATCH | Ensure GDM login banner is configured | gdm profile"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: etc/dconf/db/gdm.d/01-banner-message.j2
|
||||||
|
dest: /etc/dconf/db/gdm.d/01-banner-message
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
notify: Reload dconf
|
notify: Reload dconf
|
||||||
with_items:
|
|
||||||
- { file: '/etc/dconf/profile/gdm', regexp: 'user-db', line: 'user-db:user' }
|
|
||||||
- { file: '/etc/dconf/profile/gdm', regexp: 'system-db', line: 'system-db:gdm' }
|
|
||||||
- { file: '/etc/dconf/profile/gdm', regexp: 'file-db', line: 'file-db:/usr/share/gdm/greeter-dconf-defaults' }
|
|
||||||
- { file: '/etc/dconf/db/gdm.d/01-banner-message', regexp: '\[org\/gnome\/login-screen\]', line: '[org/gnome/login-screen]' }
|
|
||||||
- { file: '/etc/dconf/db/gdm.d/01-banner-message', regexp: 'banner-message-enable', line: 'banner-message-enable=true' }
|
|
||||||
- { file: '/etc/dconf/db/gdm.d/01-banner-message', regexp: 'banner-message-text', line: "banner-message-text='{{ rhel9cis_warning_banner }}' " }
|
|
||||||
when:
|
when:
|
||||||
- rhel9cis_rule_1_8_2
|
- rhel9cis_rule_1_8_2
|
||||||
- rhel9cis_gui
|
- rhel9cis_gui
|
||||||
|
|
@ -77,7 +87,7 @@
|
||||||
regexp: "{{ item.regexp }}"
|
regexp: "{{ item.regexp }}"
|
||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
create: true
|
create: true
|
||||||
user: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue