added args warn for shell

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/section_1/cis_1.1.x.yml

@@ -252,6 +252,8 @@
           1.1.16 | L1 | AUDIT | Ensure nosuid option set on /dev/shm partition | Check for /dev/shm existence
           1.1.17 | L1 | AUDIT | Ensure noexec option set on /dev/shm partition | Check for /dev/shm existence"
         shell: mount -l | grep -E '\s/dev/shm\s'
+        args:
+            warn: false
         changed_when: false
         failed_when: false
         check_mode: no
@@ -306,7 +308,7 @@
 - name: "1.1.21 | L1 | PATCH | Ensure sticky bit is set on all world-writable directories"
   shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
   args:
-      warn: no
+      warn: false
   changed_when: false
   failed_when: false
   when:

tasks/section_1/cis_1.10.yml

@@ -4,6 +4,8 @@
   shell: |
       update-crypto-policies --set "{{ rhel9cis_crypto_policy }}"
       update-crypto-policies
+  args:
+      warn: false
   when:
       - rhel9cis_rule_1_10
       - system_wide_crypto_policy['stdout'] == 'LEGACY'

tasks/section_1/cis_1.11.yml

@@ -4,6 +4,8 @@
   shell: |
       update-crypto-policies --set "{{ rhel9cis_crypto_policy }}"
       update-crypto-policies
+  args:
+      warn: false
   when:
       - rhel9cis_rule_1_11
       - system_wide_crypto_policy['stdout'] not in rhel9cis_allowed_crypto_policies

tasks/section_1/cis_1.2.x.yml

@@ -38,6 +38,8 @@
 
 - name: "1.2.3 | L1 | AUDIT | Ensure GPG keys are configured"
   shell: gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-{{ ansible_distribution|lower }}-release
+  args:
+      warn: false
   when:
       - rhel9cis_rule_1_2_3
       - ansible_distribution == "RedHat"
@@ -77,12 +79,12 @@
   block:
       - name: "1.2.5 | L1 | AUDIT | Ensure package manager repositories are configured | Get repo list"
         shell: dnf repolist
+        args:
+            warn: false
         changed_when: false
         failed_when: false
         register: dnf_configured
         check_mode: no
-        args:
-            warn: false
 
       - name: "1.2.5 | L1 | AUDIT | Ensure package manager repositories are configured | Display repo list"
         debug:

tasks/section_1/cis_1.4.x.yml

@@ -9,12 +9,13 @@
 
       - name: "1.4.1 | L1 | PATCH | Ensure AIDE is installed | Configure AIDE"
         shell: /usr/sbin/aide --init -B 'database_out=file:/var/lib/aide/aide.db.gz'
+        args:
+            warn: false
+            creates: /var/lib/aide/aide.db.gz
         changed_when: false
         failed_when: false
         async: 45
         poll: 0
-        args:
-            creates: /var/lib/aide/aide.db.gz
         when: not ansible_check_mode
   when:
       - rhel9cis_config_aide

tasks/section_1/cis_1.7.1.x.yml

@@ -66,6 +66,8 @@
   block:
       - name: "1.7.1.5 | L2 | AUDIT | Ensure no unconfined daemons exist | Find the unconfined daemons"
         shell: ps -eZ | grep unconfined_service_t | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'
+        args:
+            warn: false
         register: rhelcis_1_7_1_5_unconf_daemons
         failed_when: false
         changed_when: false