lint and var renaming

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/section_5/cis_5.2.x.yml

@@ -89,16 +89,16 @@
       become: true
       changed_when: false
       failed_when: false
-      register: rhel9cis_5_2_4_authenticate
+      register: discovered_priv_reauth
 
     - name: "5.2.5 | PATCH | Ensure re-authentication for privilege escalation is not disabled globally"
-      when: rhel9cis_5_2_4_authenticate.stdout | length > 0
+      when: discovered_priv_reauth.stdout | length > 0
       ansible.builtin.replace:
         path: "{{ item }}"
         regexp: '^([^#].*)!authenticate(.*)'
         replace: '\1authenticate\2'
         validate: '/usr/sbin/visudo -cf %s'
-      loop: "{{ rhel9cis_5_2_4_authenticate.stdout_lines }}"
+      loop: "{{ discovered_priv_reauth.stdout_lines }}"
 
 - name: "5.2.6 | PATCH | Ensure sudo authentication timeout is configured correctly"
   when:

tasks/section_5/cis_5.3.1.x.yml

@@ -32,10 +32,10 @@
       ansible.builtin.package:
         name: authselect
         state: latest
-      register: rhel9cis_authselect_update
+      register: discovered_authselect_updated
 
     - name: "5.3.1.2 | AUDIT | Ensure latest version of authselect is installed | Patch"
-      when: rhel9cis_authselect_update.changed  # noqa no-handler
+      when: discovered_authselect_updated.changed  # noqa no-handler
       ansible.builtin.set_fact:
         authselect_update: OK
 

tasks/section_5/cis_5.3.2.x.yml

@@ -136,11 +136,11 @@
       ansible.builtin.shell: |
         grep -P -- '\b(pam_unix\.so)\b' /etc/authselect/"$(head -1 /etc/authselect/authselect.conf)"/{system,password}-auth
       changed_when: false
-      failed_when: rhel9cis_authselect_pam_unix.rc not in [ 0, 1 ]
-      register: rhel9cis_authselect_pam_unix
+      failed_when: discovered_discovered_authselect_pam_unix.rc not in [ 0, 1 ]
+      register: discovered_discovered_authselect_pam_unix
 
     - name: "5.3.2.5 | PATCH | Ensure pam_unix module is enabled | system-auth"
-      when: "'system-auth:password' not in rhel9cis_authselect_pam_unix.stdout"
+      when: "'system-auth:password' not in discovered_authselect_pam_unix.stdout"
       ansible.builtin.lineinfile:
         path: /etc/authselect/custom/{{ rhel9cis_authselect['custom_profile_name'] }}/system-auth
         regexp: "{{ item.regexp }}"
@@ -154,7 +154,7 @@
       notify: Authselect update
 
     - name: "5.3.2.5 | PATCH | Ensure pam_unix module is enabled | password-auth"
-      when: "'password-auth:password' not in rhel9cis_authselect_pam_unix.stdout"
+      when: "'password-auth:password' not in discovered_authselect_pam_unix.stdout"
       ansible.builtin.lineinfile:
         path: /etc/authselect/custom/{{ rhel9cis_authselect['custom_profile_name'] }}/password-auth
         line: "{{ item.line }}"

tasks/section_5/cis_5.3.3.3.x.yml

@@ -12,9 +12,9 @@
   block:
     - name: "5.3.3.3.1 | AUDIT | Ensure password history remember is configured | Check existing files"
       ansible.builtin.shell: grep -Psi -- '^\h*password\s+[^#\n\r]+\h+pam_pwhistory\.so\s+([^#\n\r]+\s+)?remember=\d+\b' /etc/pam.d/password-auth /etc/pam.d/system-auth
-      register: rhel9_pwhistory_remember
       changed_when: false
-      failed_when: rhel9_pwhistory_remember.rc not in [0, 1]
+      failed_when: discovered_pwhistory_remember.rc not in [0, 1]
+      register: discovered_pwhistory_remember
 
     - name: "5.3.3.3.1 | PATCH | Ensure password number of changed characters is configured | Ensure remember is set pwhistory file"
       ansible.builtin.lineinfile:
@@ -59,9 +59,9 @@
   block:
     - name: "5.3.3.3.2 | AUDIT | Ensure password history is enforced for the root user | Check existing files"
       ansible.builtin.shell: grep -Psi -- '^\h*password\h+[^#\n\r]+\h+pam_pwhistory\.so\h+([^#\n\r]+\h+)?enforce_for_root\b' /etc/pam.d/{system,password}-auth
-      register: rhel9_pwhistory_enforce_for_root
+      register: discovered_pwhistory_enforce_for_root
       changed_when: false
-      failed_when: rhel9_pwhistory_enforce_for_root.rc not in [0, 1]
+      failed_when: discovered_pwhistory_enforce_for_root.rc not in [0, 1]
 
     - name: "5.3.3.3.2 | PATCH| Ensure password history is enforced for the root user | Ensure enforce_for_root is set pwhistory file"
       ansible.builtin.lineinfile:
@@ -72,7 +72,7 @@
     - name: "5.3.3.3.2 | PATCH | Ensure password history is enforced for the root user | Ensure enforce_for_root is set"
       when:
         - not rhel9cis_allow_authselect_updates
-        - rhel9_pwhistory_enforce_for_root.stdout | length == 0
+        - discovered_pwhistory_enforce_for_root.stdout | length == 0
         - rhel9cis_disruption_high
       ansible.builtin.lineinfile:
         path: "/{{ rhel9cis_pam_confd_dir }}{{ rhel9cis_pam_pwhistory_file }}"
@@ -83,7 +83,7 @@
     - name: "5.3.3.3.2 | PATCH | Ensure password history is enforced for the root user | Ensure enforce_for_root is set"
       when:
         - rhel9cis_allow_authselect_updates
-        - rhel9_pwhistory_enforce_for_root.stdout | length == 0
+        - discovered_pwhistory_enforce_for_root.stdout | length == 0
         - rhel9cis_disruption_high
       ansible.builtin.replace:
         path: "/etc/authselect/custom/{{ rhel9cis_authselect_custom_profile_name }}/{{ item }}-auth"
@@ -106,9 +106,9 @@
   block:
     - name: "5.3.3.3.3 | AUDIT | Ensure pam_pwhistory includes use_authtok | Check existing files"
       ansible.builtin.shell: grep -Psi -- '^\h*password\h+[^#\n\r]+\h+pam_pwhistory\.so\h+([^#\n\r]+\h+)?use_authtok\b' /etc/pam.d/{system,password}-auth
-      register: rhel9_pwhistory_use_authtok
+      register: discovered_pwhistory_use_authtok
       changed_when: false
-      failed_when: rhel9_pwhistory_use_authtok.rc not in [0, 1]
+      failed_when: discovered_pwhistory_use_authtok.rc not in [0, 1]
 
     - name: "5.3.3.3.3 | PATCH | Ensure pam_pwhistory includes use_authtok | Update pwhistory for use_authtok"
       ansible.builtin.lineinfile:
@@ -119,7 +119,7 @@
     - name: "5.3.3.3.3 | PATCH | Ensure pam_pwhistory includes use_authtok | Ensure use_authtok is set"
       when:
         - not rhel9cis_allow_authselect_updates
-        - rhel9_pwhistory_use_authtok.stdout | length == 0
+        - discovered_pwhistory_use_authtok.stdout | length == 0
         - rhel9cis_disruption_high
       ansible.builtin.lineinfile:
         path: "/{{ rhel9cis_pam_confd_dir }}{{ rhel9cis_pam_pwhistory_file }}"
@@ -130,7 +130,7 @@
     - name: "PATCH | Ensure pam_pwhistory includes use_authtok | add authtok to pam files AuthSelect"
       when:
         - rhel9cis_allow_authselect_updates
-        - rhel9_pwhistory_use_authtok.stdout | length == 0
+        - discovered_pwhistory_use_authtok.stdout | length == 0
         - rhel9cis_disruption_high
       ansible.builtin.lineinfile:
         path: "/etc/authselect/custom/{{ rhel9cis_authselect_custom_profile_name }}/{{ item }}-auth"