sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

lint and var renaming

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-11-04 18:39:01 +00:00
parent fa13b06b1f
commit 879d9c9a1b
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
18 changed files with 84 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tasks/section_5/cis_5.2.x.yml
View file

@ -89,16 +89,16 @@
become: true
changed_when: false
failed_when: false
register: rhel9cis_5_2_4_authenticate
register: discovered_priv_reauth
- name: "5.2.5 | PATCH | Ensure re-authentication for privilege escalation is not disabled globally"
when: rhel9cis_5_2_4_authenticate.stdout | length > 0
when: discovered_priv_reauth.stdout | length > 0
ansible.builtin.replace:
path: "{{ item }}"
regexp: '^([^#].*)!authenticate(.*)'
replace: '\1authenticate\2'
validate: '/usr/sbin/visudo -cf %s'
loop: "{{ rhel9cis_5_2_4_authenticate.stdout_lines }}"
loop: "{{ discovered_priv_reauth.stdout_lines }}"
- name: "5.2.6 | PATCH | Ensure sudo authentication timeout is configured correctly"
when: