sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

added args warn for shell

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-01-13 12:08:30 +00:00
parent 66814a6f01
commit 95d8152603
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
24 changed files with 187 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_4/cis_4.1.1.x.yml
View file

@ -41,6 +41,8 @@
block:
- name: "4.1.1.3 | L2 | AUDIT | Ensure auditing for processes that start prior to auditd is enabled | Get GRUB_CMDLINE_LINUX"
shell: grep 'GRUB_CMDLINE_LINUX=' /etc/default/grub | sed 's/.$//'
args:
warn: false
changed_when: false
failed_when: false
check_mode: no
@ -74,6 +76,8 @@
block:
- name: "4.1.1.4 | L2 | AUDIT | Ensure audit_backlog_limit is sufficient | Get GRUB_CMDLINE_LINUX"
shell: grep 'GRUB_CMDLINE_LINUX=' /etc/default/grub | sed 's/.$//'
args:
warn: false
changed_when: false
failed_when: false
check_mode: no

2
tasks/section_4/cis_4.1.x.yml
View file

@ -121,6 +121,8 @@
block:
- name: "4.1.12 | L2 | AUDIT | Ensure successful file system mounts are collected"
shell: for i in $(df | grep '^/dev' | awk '{ print $NF }'); do find $i -xdev -type f -perm -4000 -o -type f -perm -2000 2>/dev/null; done
args:
warn: false
changed_when: false
failed_when: false
check_mode: no

2
tasks/section_4/cis_4.2.1.x.yml
View file

@ -44,6 +44,8 @@
block:
- name: "4.2.1.4 | L1 | AUDIT | Ensure logging is configured | rsyslog current config message out"
shell: cat /etc/rsyslog.conf
args:
warn: false
become: yes
changed_when: false
failed_when: no

2
tasks/section_4/cis_4.2.3.yml
View file

@ -2,6 +2,8 @@
- name: "4.2.3 | L1 | PATCH | Ensure permissions on all logfiles are configured"
shell: find /var/log -type f -exec chmod g-wx,o-rwx "{}" +
args:
warn: false
changed_when: false
failed_when: false
when: