sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Initial v2

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-07-24 14:03:12 +01:00
parent 5c5499fd72
commit 6ea105374a
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
5 changed files with 136 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/main.yml
View file

@ -28,7 +28,7 @@
- user_passwd
- rule_5.3.4
vars:
sudo_password_rule: rhel9cis_rule_5_3_4 # pragma: allowlist secret
sudo_password_rule: rhel9cis_rule_5_3_4 # pragma: allowlist secret
block:
- name: "Check password set for {{ ansible_env.SUDO_USER }} | password state"
ansible.builtin.shell: "(grep {{ ansible_env.SUDO_USER }} /etc/shadow || echo 'not found:not found') | awk -F: '{print $2}'"
@ -230,6 +230,6 @@
- name: If Warnings found Output count and control IDs affected
when: warn_count != 0
tags:
- always
- always
ansible.builtin.debug:
msg: "You have {{ warn_count }} Warning(s) that require investigating that are related to the following benchmark ID(s) {{ warn_control_list }}"