From 9196e916fc6c3d8613f899720e1920e9183d61b0 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 7 Aug 2024 10:30:45 +0100
Subject: [PATCH] update var naming

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 handlers/main.yml                 |  8 ++------
 tasks/section_1/cis_1.5.x.yml     |  2 +-
 tasks/section_6/cis_6.2.2.1.x.yml | 30 ++++++++++++++--------------
 tasks/section_6/cis_6.3.2.x.yml   | 33 +++++++++++++++++++++++++------
 4 files changed, 45 insertions(+), 28 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index d4aaf2c..125586c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -42,7 +42,7 @@
   notify: Set Crypto Policy
 
 - name: Set Crypto Policy
-  when: rhel9cis_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
+  when: prelim_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
   ansible.builtin.shell: |
     update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
     update-crypto-policies
@@ -91,13 +91,9 @@
   ansible.builtin.systemd:
     daemon-reload: true
 
-- name: Apply_authselect
-  when: not rhel9cis_rule_5_4_2
+- name: Authselect update
   ansible.builtin.shell: authselect apply-changes
 
-- name: Apply_authselect
-  when: rhel9cis_rule_5_4_2
-  ansible.builtin.shell: "authselect select custom/{{ rhel9cis_authselect['custom_profile_name'] }} {{ rhel9cis_authselect['options'] }} --force --backup=rhel9cis_commit_{{ ansible_date_time.epoch}}"
 ## Auditd tasks note order for handlers to run
 
 - name: Auditd immutable check
diff --git a/tasks/section_1/cis_1.5.x.yml b/tasks/section_1/cis_1.5.x.yml
index 05d4b6e..1184603 100644
--- a/tasks/section_1/cis_1.5.x.yml
+++ b/tasks/section_1/cis_1.5.x.yml
@@ -56,7 +56,7 @@
 - name: "1.5.4 | PATCH | Ensure core dump storage is disabled"
   when:
     - rhel9cis_rule_1_5_4
-    - systemd_coredump.stat.exists
+    - prelim_systemd_coredump.stat.exists
   tags:
     - level1-server
     - level1-workstation
diff --git a/tasks/section_6/cis_6.2.2.1.x.yml b/tasks/section_6/cis_6.2.2.1.x.yml
index 4db5c29..20b148b 100644
--- a/tasks/section_6/cis_6.2.2.1.x.yml
+++ b/tasks/section_6/cis_6.2.2.1.x.yml
@@ -2,8 +2,8 @@
 
 - name: "6.2.2.1.1 | PATCH | Ensure systemd-journal-remote is installed"
   when:
-    - ubtu22cis_rule_6_2_2_1_1
-    - not ubtu22cis_system_is_log_server
+    - rhel9cis_rule_6_2_2_1_1
+    - not rhel9cis_system_is_log_server
   tags:
     - level1-server
     - level1-workstation
@@ -19,8 +19,8 @@
 
 - name: "6.2.2.1.2 | PATCH | Ensure systemd-journal-remote authentication is configured"
   when:
-    - ubtu22cis_rule_6_2_2_1_2
-    - not ubtu22cis_system_is_log_server
+    - rhel9cis_rule_6_2_2_1_2
+    - not rhel9cis_system_is_log_server
   tags:
     - level1-server
     - level1-workstation
@@ -35,15 +35,15 @@
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
   loop:
-    - { regexp: 'URL=', line: 'URL={{ ubtu22cis_remote_log_server }}'}
-    - { regexp: 'ServerKeyFile=', line: 'ServerKeyFile={{ ubtu22cis_journal_upload_serverkeyfile }}'}
-    - { regexp: 'ServerCertificateFile=', line: 'ServerCertificateFile={{ ubtu22cis_journal_servercertificatefile }}'}
-    - { regexp: 'TrustedCertificateFile=', line: 'TrustedCertificateFile={{ ubtu22cis_journal_trustedcertificatefile }}'}
+    - { regexp: 'URL=', line: 'URL={{ rhel9cis_remote_log_server }}'}
+    - { regexp: 'ServerKeyFile=', line: 'ServerKeyFile={{ rhel9cis_journal_upload_serverkeyfile }}'}
+    - { regexp: 'ServerCertificateFile=', line: 'ServerCertificateFile={{ rhel9cis_journal_servercertificatefile }}'}
+    - { regexp: 'TrustedCertificateFile=', line: 'TrustedCertificateFile={{ rhel9cis_journal_trustedcertificatefile }}'}
 
 - name: "6.2.2.1.3 | PATCH | Ensure systemd-journal-remote is enabled and active"
   when:
-    - not ubtu22cis_system_is_log_server
-    - ubtu22cis_rule_6_2_2_1_3
+    - not rhel9cis_system_is_log_server
+    - rhel9cis_rule_6_2_2_1_3
   tags:
     - level1-server
     - level1-workstation
@@ -59,8 +59,8 @@
 
 - name: "6.2.2.1.4 | PATCH | Ensure systemd-journal-remote service is not in use"
   when:
-    - not ubtu22cis_system_is_log_server
-    - ubtu22cis_rule_6_2_2_1_4
+    - not rhel9cis_system_is_log_server
+    - rhel9cis_rule_6_2_2_1_4
   tags:
     - level1-server
     - level1-workstation
@@ -81,7 +81,7 @@
 
 - name: "6.2.2.2 | PATCH | Ensure journald ForwardToSyslog is disabled"
   when:
-    - ubtu22cis_rule_6_2_2_2
+    - rhel9cis_rule_6_2_2_2
   tags:
     - level1-server
     - level2-workstation
@@ -110,7 +110,7 @@
 
 - name: "6.2.2.3 | PATCH | Ensure journald Compress is configured"
   when:
-    - ubtu22cis_rule_6_2_2_3
+    - rhel9cis_rule_6_2_2_3
   tags:
     - level1-server
     - level1-workstation
@@ -136,7 +136,7 @@
 
 - name: "6.2.2.4 | PATCH | Ensure journald Storage is configured"
   when:
-    - ubtu22cis_rule_6_2_2_4
+    - rhel9cis_rule_6_2_2_4
   tags:
     - level1-server
     - level1-workstation
diff --git a/tasks/section_6/cis_6.3.2.x.yml b/tasks/section_6/cis_6.3.2.x.yml
index dd9df94..08a5365 100644
--- a/tasks/section_6/cis_6.3.2.x.yml
+++ b/tasks/section_6/cis_6.3.2.x.yml
@@ -13,7 +13,7 @@
   ansible.builtin.lineinfile:
     path: /etc/audit/auditd.conf
     regexp: "^max_log_file( |=)"
-    line: "max_log_file = {{ rhel9cis_auditd['max_log_file'] }}"
+    line: "max_log_file = {{ rhel9cis_auditd_max_log_file_size }}"
   notify: Restart auditd
 
 - name: "6.3.2.2 | PATCH | Ensure audit logs are not automatically deleted"
@@ -29,7 +29,7 @@
   ansible.builtin.lineinfile:
     path: /etc/audit/auditd.conf
     regexp: "^max_log_file_action"
-    line: "max_log_file_action = {{ rhel9cis_auditd['max_log_file_action'] }}"
+    line: "max_log_file_action = {{ rhel9cis_auditd_max_log_file_action }}"
   notify: Restart auditd
 
 - name: "6.3.2.3 | PATCH | Ensure system is disabled when audit logs are full"
@@ -51,11 +51,32 @@
     line: "{{ item.line }}"
   notify: Restart auditd
   loop:
-    - { regexp: '^admin_space_left_action', line: 'admin_space_left_action = {{ rhel9cis_auditd.admin_space_left_action }}' }
-    - { regexp: '^action_mail_acct', line: 'action_mail_acct = {{ rhel9cis_auditd.action_mail_acct }}' }
-    - { regexp: '^space_left_action', line: 'space_left_action = {{ rhel9cis_auditd.space_left_action }}' }
+    - { regexp: '^disk_full_action', line: 'disk_full_action = {{ rhel9cis_auditd_disk_full_action }}' }
+    - { regexp: '^disk_error_action', line: 'disk_error_action = {{ rhel9cis_auditd_disk_error_action }}' }
 
-- name: PATCH | Configure other keys for auditd.conf
+- name: "6.3.2.4 | PATCH | Ensure system warns when audit logs are low on space"
+  when:
+    - rhel9cis_rule_6_3_2_4
+  tags:
+    - level2-server
+    - level2-workstation
+    - patch
+    - auditd
+    - rule_6.3.2.4
+    - NIST800-53R5_AU-2
+    - NIST800-53R5_AU-8
+    - NIST800-53R5_AU-12
+    - NIST800-53R5_SI-5
+  ansible.builtin.lineinfile:
+    path: /etc/audit/auditd.conf
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  notify: Restart auditd
+  loop:
+    - { regexp: '^space_left_action', line: 'space_left_action = {{ rhel9cis_auditd_space_left_action }}' }
+    - { regexp: '^admin_space_left_action', line: 'admin_space_left_action = {{ rhel9cis_auditd_admin_space_left_action }}' }
+
+- name: "PATCH | Configure other keys for auditd.conf"
   when:
     - rhel9cis_auditd_extra_conf.keys() | length > 0
     - rhel9cis_auditd_extra_conf_usage