sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

lint and var renaming

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-11-04 18:39:01 +00:00
parent fa13b06b1f
commit 879d9c9a1b
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
18 changed files with 84 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_5/cis_5.3.2.x.yml
View file

@ -136,11 +136,11 @@
ansible.builtin.shell: |
grep -P -- '\b(pam_unix\.so)\b' /etc/authselect/"$(head -1 /etc/authselect/authselect.conf)"/{system,password}-auth
changed_when: false
failed_when: rhel9cis_authselect_pam_unix.rc not in [ 0, 1 ]
register: rhel9cis_authselect_pam_unix
failed_when: discovered_discovered_authselect_pam_unix.rc not in [ 0, 1 ]
register: discovered_discovered_authselect_pam_unix
- name: "5.3.2.5 | PATCH | Ensure pam_unix module is enabled | system-auth"
when: "'system-auth:password' not in rhel9cis_authselect_pam_unix.stdout"
when: "'system-auth:password' not in discovered_authselect_pam_unix.stdout"
ansible.builtin.lineinfile:
path: /etc/authselect/custom/{{ rhel9cis_authselect['custom_profile_name'] }}/system-auth
regexp: "{{ item.regexp }}"
@ -154,7 +154,7 @@
notify: Authselect update
- name: "5.3.2.5 | PATCH | Ensure pam_unix module is enabled | password-auth"
when: "'password-auth:password' not in rhel9cis_authselect_pam_unix.stdout"
when: "'password-auth:password' not in discovered_authselect_pam_unix.stdout"
ansible.builtin.lineinfile:
path: /etc/authselect/custom/{{ rhel9cis_authselect['custom_profile_name'] }}/password-auth
line: "{{ item.line }}"