Lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-12-11 11:49:02 +00:00 · 2024-12-11 11:49:02 +00:00 · 88ac5c3d65
commit 88ac5c3d65
parent fcf9eb674f
19 changed files with 127 additions and 84 deletions
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@ -45,7 +45,8 @@
          rhel9cis_aide_db_recreate
      block:
        - name: "6.1.1 | PATCH | Ensure AIDE is installed | Build AIDE DB"
-          ansible.builtin.shell: "{{ aide_initiate_command }}"
+          ansible.builtin.command: "{{ aide_initiate_command }}"
+          changed_when: true

        - name: "6.1.1 | PATCH | Ensure AIDE is installed | Build AIDE DB | Wait for file before continuing"
          ansible.builtin.wait_for:
@ -56,6 +57,7 @@
            src: /var/lib/aide/aide.db.new.gz
            dest: /var/lib/aide/aide.db.gz
            remote_src: true
+            mode: 'ug-wx,o-rwx'

 - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked"
  when:
@ -85,15 +87,15 @@

    - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked | aide service"
      when: rhel9cis_aide_scan == "timer"
-      ansible.builtin.systemd:
+      ansible.builtin.systemd_service:
        name: aidecheck.service
        enabled: true

    - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked | aide service"
      when: rhel9cis_aide_scan == "timer"
-      ansible.builtin.systemd:
+      ansible.builtin.systemd_service:
        name: aidecheck.timer
-        state: running
+        state: started
        enabled: true

 - name: "6.1.3 | PATCH | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"