consistent lineinfile usage

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-04-06 16:58:03 +01:00 · 2022-04-06 16:58:03 +01:00 · 82d1d18504
commit 82d1d18504
parent 02d686f920
12 changed files with 41 additions and 76 deletions
--- a/tasks/section_5/cis_5.3.x.yml
+++ b/tasks/section_5/cis_5.3.x.yml
@ -16,9 +16,8 @@

 - name: "5.3.2 | PATCH | Ensure sudo commands use pty"
  lineinfile:
-      dest: /etc/sudoers
+      path: /etc/sudoers
      line: "Defaults    use_pty"
-      state: present
      validate: '/usr/sbin/visudo -cf %s'
  when:
      - rhel9cis_rule_5_3_2
@ -32,10 +31,9 @@

 - name: "5.3.3 | PATCH | Ensure sudo log file exists"
  lineinfile:
-      dest: /etc/sudoers
+      path: /etc/sudoers
      regexp: '^Defaults    logfile='
      line: 'Defaults    logfile="{{ rhel9cis_sudolog_location }}"'
-      state: present
      validate: '/usr/sbin/visudo -cf %s'
  when:
      - rhel9cis_rule_5_3_3
@ -122,8 +120,7 @@
  block:
      - name: "5.3.7 | PATCH | Ensure access to the su command is restricted | Setting pam_wheel to use_uid"
        lineinfile:
-            state: present
-            dest: /etc/pam.d/su
+            path: /etc/pam.d/su
            regexp: '^(#)?auth\s+required\s+pam_wheel\.so'
            line: 'auth           required        pam_wheel.so use_uid {% if rhel9cis_sugroup is defined %}group={{ rhel9cis_sugroup }}{% endif %}'