sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

improve layout 1.2.1.1

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-11 12:35:48 +00:00
parent 148165ad4d
commit 8cbf82bbc9
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tasks/section_1/cis_1.2.1.x.yml
View file

@ -14,9 +14,8 @@
- rule_1.2.1.1 - rule_1.2.1.1
- NIST800-53R5_SI-2 - NIST800-53R5_SI-2
block: block:
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | list installed pubkey keys" - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | List installed pubkey keys"
ansible.builtin.shell: | ansible.builtin.shell: "rpm -qa | grep {{ os_gpg_key_pubkey_name }}" # noqa command-instead-of-module
"rpm -qa | grep {{ os_gpg_key_pubkey_name }}"
changed_when: false changed_when: false
failed_when: false failed_when: false
register: discovered_os_installed_pub_keys register: discovered_os_installed_pub_keys
@ -29,7 +28,7 @@
register: discovered_os_gpg_key_check register: discovered_os_gpg_key_check
when: discovered_os_installed_pub_keys.rc == 0 when: discovered_os_installed_pub_keys.rc == 0
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | expected keys fail" - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | If expected keys fail"
when: when:
- discovered_os_installed_pub_keys.rc == 1 or - discovered_os_installed_pub_keys.rc == 1 or
discovered_os_gpg_key_check.rc == 1 discovered_os_gpg_key_check.rc == 1