sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

removed arg warn

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-10 11:19:41 +00:00
parent cb0dd58df5
commit 77dd593e0f
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
6 changed files with 0 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/main.yml
View file

@ -84,8 +84,6 @@
block:
- name: "Check su group exists if defined"
shell: grep -w "{{ rhel9cis_sugroup }}" /etc/group
args:
warn: false
register: sugroup_exists
changed_when: false
failed_when: sugroup_exists.rc >= 2

6
tasks/post_remediation_audit.yml
View file

@ -5,8 +5,6 @@
environment: "{{ audit_run_script_environment | default({}) }}"
changed_when: audit_run_post_remediation.rc == 0
register: audit_run_post_remediation
args:
warn: false
- name: Post Audit | ensure audit files readable by users
file:
@ -21,8 +19,6 @@
block:
- name: "capture data {{ post_audit_outfile }}"
shell: "cat {{ post_audit_outfile }}"
args:
warn: false
register: post_audit
changed_when: false
@ -38,8 +34,6 @@
block:
- name: "Post Audit | capture data {{ post_audit_outfile }}"
shell: "tail -2 {{ post_audit_outfile }}"
args:
warn: false
register: post_audit
changed_when: false

6
tasks/pre_remediation_audit.yml
View file

@ -76,15 +76,11 @@
environment: "{{ audit_run_script_environment | default({}) }}"
changed_when: audit_run_pre_remediation.rc == 0
register: audit_run_pre_remediation
args:
warn: false
- name: Pre Audit | Capture audit data if json format
block:
- name: "Pre Audit | capture data {{ pre_audit_outfile }}"
shell: "cat {{ pre_audit_outfile }}"
args:
warn: false
register: pre_audit
changed_when: false
@ -100,8 +96,6 @@
block:
- name: "Pre Audit | capture data {{ pre_audit_outfile }}"
shell: "tail -2 {{ pre_audit_outfile }}"
args:
warn: false
register: pre_audit
changed_when: false

8
tasks/prelim.yml
View file

@ -4,8 +4,6 @@
# List users in order to look files inside each home directory
- name: "PRELIM | List users accounts"
shell: "awk -F: '{print $1}' /etc/passwd"
args:
warn: false
changed_when: false
check_mode: false
register: users
@ -16,8 +14,6 @@
- name: "PRELIM | Gather accounts with empty password fields"
shell: "cat /etc/shadow | awk -F: '($2 == \"\" ) {j++;print $1; } END {exit j}'"
args:
warn: false
changed_when: false
check_mode: false
register: empty_password_accounts
@ -28,8 +24,6 @@
- name: "PRELIM | Gather UID 0 accounts other than root"
shell: "cat /etc/passwd | awk -F: '($3 == 0 && $1 != \"root\") {i++;print $1 } END {exit i}'"
args:
warn: false
changed_when: false
check_mode: false
register: rhel9cis_uid_zero_accounts_except_root
@ -50,8 +44,6 @@
- name: "PRELIM | Gather system-wide crypto-policy"
shell: update-crypto-policies --show
args:
warn: false
changed_when: false
check_mode: false
register: system_wide_crypto_policy

4
tasks/section_5/cis_5.2.x.yml
View file

@ -274,16 +274,12 @@
block:
- name: "5.2.14 | AUDIT | Ensure system-wide crypto policy is not over-ridden"
shell: grep -i '^\s*CRYPTO_POLICY=' /etc/sysconfig/sshd
args:
warn: false
changed_when: false
failed_when: ( ssh_crypto_discovery.rc not in [ 0, 1 ] )
register: ssh_crypto_discovery
- name: "5.2.14 | PATCH | Ensure system-wide crypto policy is not over-ridden"
shell: sed -ri "s/^\s*(CRYPTO_POLICY\s*=.*)$/# \1/" /etc/sysconfig/sshd
args:
warn: false
notify: restart sshd
when: ssh_crypto_discovery.stdout | length > 0
when:

4
tasks/section_5/cis_5.4.x.yml
View file

@ -17,8 +17,6 @@
- name: "5.4.1 | PATCH | Ensure custom authselect profile is used | Create custom profiles"
shell: authselect create-profile {{ rhel9cis_authselect['custom_profile_name'] }} -b {{ rhel9cis_authselect['default_file_to_copy'] }}
args:
warn: false
when: rhel9cis_authselect_custom_profile_create
when:
- rhel9cis_rule_5_4_1
@ -47,8 +45,6 @@
- name: "5.4.2 | PATCH | Ensure authselect includes with-faillock | Create custom profiles"
shell: "authselect select custom/{{ rhel9cis_authselect['custom_profile_name'] }} with-faillock"
args:
warn: false
when: rhel9cis_authselect_custom_profile_select
when:
- rhel9cis_rule_5_4_2