removed jmespath dependancy

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-07-11 16:57:45 +01:00 · 2024-07-11 16:57:45 +01:00 · 7dcb2cae1c
commit 7dcb2cae1c
parent a946ec6534
1 changed files with 18 additions and 34 deletions
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@ -173,7 +173,7 @@

      - name: "6.1.10 | AUDIT | Ensure no unowned files or directories exist | Displaying any unowned files or directories"
        ansible.builtin.debug:
-            msg: "Warning!! Missing owner on items in {{ rhel_09_6_1_10_audit | community.general.json_query('results[*].stdout_lines[*]') | flatten }}"  # noqa jinja[invalid]
+            msg: "Warning!! Missing owner on items in {{ rhel_09_6_1_10_audit.stdout_lines }}"
        when: rhel_09_6_1_10_unowned_files_found

      - name: "6.1.10 | AUDIT | Ensure no unowned files or directories exist | warning"
@ -220,7 +220,7 @@

      - name: "6.1.11 | AUDIT | Ensure no ungrouped files or directories exist | Displaying all ungrouped files or directories"
        ansible.builtin.debug:
-            msg: "Warning!! Missing group on items in {{ rhel_09_6_1_11_audit | community.general.json_query('results[*].stdout_lines[*]') | flatten }}"  # noqa jinja[invalid]
+            msg: "Warning!! Missing group on items in {{ rhel_09_6_1_11_audit.stdout_lines }}"
        when: rhel_09_6_1_11_ungrouped_files_found

      - name: "6.1.11 | AUDIT | Ensure no ungrouped files or directories exist | warning"
@ -258,34 +258,26 @@
 - name: "6.1.13 | AUDIT | Audit SUID executables"
  block:
      - name: "6.1.13 | AUDIT | Audit SUID executables | Find all SUID executables"
-        ansible.builtin.shell: df {{ item.mount }} --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000
+        ansible.builtin.shell: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000"
        failed_when: false
        changed_when: false
        register: rhel_09_6_1_13_suid_perms
-        loop: "{{ ansible_facts.mounts }}"
-        loop_control:
-            label: "{{ item.mount }}"
-
-      - name: "6.1.13 | AUDIT | Audit SUID executables | set fact SUID executables"
-        ansible.builtin.set_fact:
-            rhel9_6_1_13_suid_found: true
-        loop: "{{ rhel_09_6_1_13_suid_perms.results }}"
-        when:
-            - item | length > 0
-            - item.stdout is defined  # skipped items are part of results list, but don't have the registered module properties
-            - item.stdout | length > 0

      - name: "6.1.13 | AUDIT | Audit SUID executables | Alert SUID executables exist"
        ansible.builtin.debug:
-            msg: "Warning!! SUID set on items in {{ rhel_09_6_1_13_suid_perms | community.general.json_query('results[*].stdout_lines[*]') | flatten }}"  # noqa jinja[invalid]
-        when: rhel9_6_1_13_suid_found
+            msg: "Warning!! SUID set on items in {{ rhel_09_6_1_13_suid_perms.stdout_lines }}"
+        when:
+            - rhel_09_6_1_13_suid_perms.stdout is defined
+            - rhel_09_6_1_13_suid_perms.stdout | length > 0

      - name: "6.1.13 | AUDIT | Audit SUID executables | Alert SUID executables exist | warning"
        ansible.builtin.import_tasks:
            file: warning_facts.yml
        vars:
            warn_control_id: '6.1.13'
-        when: rhel9_6_1_13_suid_found
+        when:
+            - rhel_09_6_1_13_suid_perms.stdout is defined
+            - rhel_09_6_1_13_suid_perms.stdout | length > 0
  vars:
      rhel9_6_1_13_suid_found: false
  when:
@ -301,34 +293,26 @@
 - name: "6.1.14 | AUDIT | Audit SGID executables"
  block:
      - name: "6.1.14 | AUDIT | Audit SGID executables | Find all SGID executables"
-        ansible.builtin.shell: df {{ item.mount }} --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000
+        ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000
        failed_when: false
        changed_when: false
        register: rhel_09_6_1_14_sgid_perms
-        loop: "{{ ansible_facts.mounts }}"
-        loop_control:
-            label: "{{ item.mount }}"
-
-      - name: "6.1.14 | AUDIT | Audit SGID executables | Set fact SGID executables"
-        ansible.builtin.set_fact:
-            rhel9_6_1_14_sgid_found: true
-        loop: "{{ rhel_09_6_1_14_sgid_perms.results }}"
-        when:
-            - item | length > 0
-            - item.stdout is defined  # skipped items are part of results list, but don't have the registered module properties
-            - item.stdout | length > 0

      - name: "6.1.14 | AUDIT | Audit SGID executables | Alert SGID executables exist"
        ansible.builtin.debug:
-            msg: "Warning!! SGID set on items in {{ rhel_09_6_1_14_sgid_perms | community.general.json_query('results[*].stdout_lines[*]') | flatten }}"  # noqa jinja[invalid]
-        when: rhel9_6_1_14_sgid_found
+            msg: "Warning!! SGID set on items in {{ rhel_09_6_1_14_sgid_perms.stdout_lines }}"
+        when:
+            - rhel_09_6_1_14_sgid_perms.stdout is defined
+            - rhel_09_6_1_14_sgid_perms.stdout | length > 0

      - name: "6.1.14 | AUDIT | Audit SGID executables| warning"
        ansible.builtin.import_tasks:
            file: warning_facts.yml
        vars:
            warn_control_id: '6.1.14'
-        when: rhel9_6_1_14_sgid_found
+        when:
+            - rhel_09_6_1_14_sgid_perms.stdout is defined
+            - rhel_09_6_1_14_sgid_perms.stdout | length > 0
  vars:
      rhel9_6_1_14_sgid_found: false
  when: