From 939102430c50209ab5e0e6e164b3376d0c727846 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Fri, 27 Jan 2023 14:03:32 +0000
Subject: [PATCH] lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/auditd.yml              |  4 ++--
 tasks/section_5/cis_5.4.x.yml | 12 ++++++------
 tasks/section_6/cis_6.2.x.yml |  3 ---
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/tasks/auditd.yml b/tasks/auditd.yml
index f8d2fe6..f2dd122 100644
--- a/tasks/auditd.yml
+++ b/tasks/auditd.yml
@@ -1,7 +1,7 @@
 ---
 - name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | stat file
   ansible.builtin.stat:
-    path: /etc/audit/rules.d/99_auditd.rules
+      path: /etc/audit/rules.d/99_auditd.rules
   register: auditd_file
 
 - name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | setup file
@@ -20,7 +20,7 @@
 
 - name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | stat file
   ansible.builtin.stat:
-    path: /etc/audit/rules.d/98_auditd_exceptions.rules
+      path: /etc/audit/rules.d/98_auditd_exceptions.rules
   register: auditd_exception_file
 
 - name: POST | Set up auditd user logging exceptions | setup file
diff --git a/tasks/section_5/cis_5.4.x.yml b/tasks/section_5/cis_5.4.x.yml
index 939285f..cb37024 100644
--- a/tasks/section_5/cis_5.4.x.yml
+++ b/tasks/section_5/cis_5.4.x.yml
@@ -54,9 +54,9 @@
             line: "{{ item.line }}"
             insertbefore: "{{ item.before }}"
         loop:
-            - { 'regexp': '^auth\s+required\s+pam_faillock.so preauth silent deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so preauth silent deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}','before':'^auth\s+sufficient\s+pam_unix.so try_first_pass'}
-            - { 'regexp': '^auth\s+required\s+pam_faillock.so authfail deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so authfail deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}','before':'^auth\s+required\s+pam_deny.so'}
-            - { 'regexp': '^account\s+required\s+pam_faillock.so', 'line': 'account     required      pam_faillock.so','before':'^account     required      pam_unix.so'}
+            - { 'regexp': '^auth\s+required\s+pam_faillock.so preauth silent deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so preauth silent deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}', 'before':'^auth\s+sufficient\s+pam_unix.so try_first_pass'}
+            - { 'regexp': '^auth\s+required\s+pam_faillock.so authfail deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so authfail deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}', 'before':'^auth\s+required\s+pam_deny.so'}
+            - { 'regexp': '^account\s+required\s+pam_faillock.so', 'line': 'account     required      pam_faillock.so', 'before':'^account     required      pam_unix.so'}
         when:
             - rhel9cis_add_faillock_without_authselect
             - rhel9cis_5_4_2_risks == 'ACCEPT'
@@ -69,9 +69,9 @@
             insertbefore: "{{ item.before | default(omit)}}"
             insertafter: "{{ item.after | default(omit)}}"
         loop:
-            - { 'regexp': '^auth\s+required\s+pam_faillock.so preauth silent deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so preauth silent deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}','before':'^auth\s+sufficient\s+pam_unix.so try_first_pass'}
-            - { 'regexp': '^auth\s+required\s+pam_faillock.so authfail deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so authfail deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}','before':'^auth\s+required\s+pam_deny.so'}
-            - { 'regexp': '^account\s+required\s+pam_faillock.so', 'line': 'account     required      pam_faillock.so','before':'^account     required      pam_unix.so'}
+            - { 'regexp': '^auth\s+required\s+pam_faillock.so preauth silent deny=.*unlock_time=.*', 'line':'auth        required      pam_faillock.so preauth silent deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}', 'before':'^auth\s+sufficient\s+pam_unix.so try_first_pass'}
+            - { 'regexp': '^auth\s+required\s+pam_faillock.so authfail deny=.*unlock_time=.*', 'line': 'auth        required      pam_faillock.so authfail deny={{ rhel9cis_pam_faillock.deny }} unlock_time={{ rhel9cis_pam_faillock.unlock_time }}', 'before':'^auth\s+required\s+pam_deny.so'}
+            - { 'regexp': '^account\s+required\s+pam_faillock.so', 'line': 'account     required      pam_faillock.so', 'before':'^account     required      pam_unix.so'}
         when:
             - rhel9cis_add_faillock_without_authselect
             - rhel9cis_5_4_2_risks == 'ACCEPT'
diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
index a8cafff..bfd371a 100644
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@@ -223,9 +223,6 @@
               register: root_path_perms
               loop: "{{ rhel9cis_6_2_8_root_paths_split.stdout_lines }}"
 
-            - ansible.builtin.debug:
-                  msg: "{{ root_path_perms.results }}"
-
             - name: "6.2.8 | AUDIT | Ensure root PATH Integrity | Set permissions"
               ansible.builtin.file:
                   path: "{{ item.stat.path }}"