sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

updated issues and added improvements

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-25 16:58:11 +01:00
parent 49ab8c6f9f
commit a8602689b8
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
7 changed files with 18 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/main.yml
View file

@ -50,11 +50,13 @@
- name: Check rhel9cis_bootloader_password_hash variable has been changed
assert:
that: rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword'
msg: "This role will not be able to run single user password commands as rhel9cis_bootloader_password_hash variable has not been set"
that: rhel9cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword'
msg: "This role will not be able to run single user password commands as rhel9cis_bootloader_password_hash variable has not been set correctly"
when:
- rhel9cis_set_boot_pass
- rhel9cis_rule_1_5_2
- rhel9cis_rule_1_4_1
tags:
- always
- name: "check sugroup exists if used"
block: