lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-13 12:10:18 +00:00 · 2023-01-13 12:10:18 +00:00 · acf0104f7a
commit acf0104f7a
parent 3ead0d63ac
34 changed files with 199 additions and 213 deletions
--- a/tasks/section_1/cis_1.1.2.x.yml
+++ b/tasks/section_1/cis_1.1.2.x.yml
@ -32,7 +32,7 @@
      fstype: "{{ item.fstype }}"
      state: present
      opts: defaults,{% if rhel9cis_rule_1_1_2_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_2_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_2_4 %}nosuid{% endif %}
-  notify: remount tmp
+  notify: Remount tmp
  with_items:
      - "{{ ansible_mounts }}"
  loop_control:
@ -64,7 +64,7 @@
      owner: root
      group: root
      mode: 0644
-  notify: systemd restart tmp.mount
+  notify: Systemd restart tmp.mount
  when:
      - rhel9cis_tmp_svc
      - rhel9cis_rule_1_1_2_1 or
--- a/tasks/section_1/cis_1.1.3.x.yml
+++ b/tasks/section_1/cis_1.1.3.x.yml
@ -35,7 +35,7 @@
      - "{{ ansible_mounts }}"
  loop_control:
      label: "{{ item.device }}"
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - var_mount_present is defined
      - item.mount == "/var"
--- a/tasks/section_1/cis_1.1.4.x.yml
+++ b/tasks/section_1/cis_1.1.4.x.yml
@ -37,7 +37,7 @@
      - "{{ ansible_mounts }}"
  loop_control:
      label: "{{ item.device }}"
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - var_tmp_mount_present is defined
      - item.mount == "/var/tmp"
--- a/tasks/section_1/cis_1.1.5.x.yml
+++ b/tasks/section_1/cis_1.1.5.x.yml
@ -37,7 +37,7 @@
      - "{{ ansible_mounts }}"
  loop_control:
      label: "{{ item.device }}"
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - var_log_mount_present is defined
      - item.mount == "/var/log"
--- a/tasks/section_1/cis_1.1.6.x.yml
+++ b/tasks/section_1/cis_1.1.6.x.yml
@ -10,8 +10,8 @@
        ansible.builtin.import_tasks: warning_facts.yml

  vars:
-       warn_control_id: '1.1.6.1'
-       required_mount: '/var/log/audit'
+      warn_control_id: '1.1.6.1'
+      required_mount: '/var/log/audit'
  when:
      - required_mount not in mount_names
      - rhel9cis_rule_1_1_6_1
@ -36,7 +36,7 @@
      - "{{ ansible_mounts }}"
  loop_control:
      label: "{{ item.device }}"
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - var_log_audit_mount_present is defined
      - item.mount == "/var/log/audit"
--- a/tasks/section_1/cis_1.1.7.x.yml
+++ b/tasks/section_1/cis_1.1.7.x.yml
@ -36,7 +36,7 @@
      - "{{ ansible_mounts }}"
  loop_control:
      label: "{{ item.device }}"
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - home_mount_present is defined
      - item.mount == "/home"
--- a/tasks/section_1/cis_1.1.8.x.yml
+++ b/tasks/section_1/cis_1.1.8.x.yml
@ -34,7 +34,7 @@
      fstype: tmpfs
      state: mounted
      opts: defaults,{% if rhel9cis_rule_1_1_8_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_8_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_8_4 %}nosuid{% endif %}
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - rhel9cis_rule_1_1_8_2 or
        rhel9cis_rule_1_1_8_3 or
--- a/tasks/section_1/cis_1.10.yml
+++ b/tasks/section_1/cis_1.10.yml
@ -4,7 +4,7 @@
  ansible.builtin.shell: |
      update-crypto-policies --set "{{ rhel9cis_crypto_policy }}"
      update-crypto-policies
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - rhel9cis_rule_1_10
      - system_wide_crypto_policy['stdout'] == 'LEGACY'
--- a/tasks/section_1/cis_1.2.x.yml
+++ b/tasks/section_1/cis_1.2.x.yml
@ -68,7 +68,7 @@
 - name: "1.2.3 | AUDIT | Ensure package manager repositories are configured"
  block:
      - name: "1.2.3 | AUDIT | Ensure package manager repositories are configured | Get repo list"
-        ansible.builtin.command: dnf repolist
+        ansible.builtin.shell: dnf repolist
        changed_when: false
        failed_when: false
        register: dnf_configured
--- a/tasks/section_1/cis_1.3.x.yml
+++ b/tasks/section_1/cis_1.3.x.yml
@ -8,7 +8,7 @@
            state: present

      - name: "1.3.1 | PATCH | Ensure AIDE is installed | Configure AIDE"
-        ansible.builtin.command: /usr/sbin/aide --init -B 'database_out=file:/var/lib/aide/aide.db.gz'
+        ansible.builtin.shell: /usr/sbin/aide --init -B 'database_out=file:/var/lib/aide/aide.db.gz'
        changed_when: false
        failed_when: false
        async: 45
--- a/tasks/section_1/cis_1.8.x.yml
+++ b/tasks/section_1/cis_1.8.x.yml
@ -25,7 +25,7 @@
      owner: root
      group: root
      mode: 0644
-  notify: reload dconf
+  notify: Reload dconf
  with_items:
      - { file: '/etc/dconf/profile/gdm', regexp: 'user-db', line: 'user-db:user' }
      - { file: '/etc/dconf/profile/gdm', regexp: 'system-db', line: 'system-db:gdm' }
@ -54,7 +54,7 @@
      owner: root
      group: root
      mode: 0644
-  notify: reload dconf
+  notify: Reload dconf
  with_items:
      - { file: '/etc/dconf/profile/gdm', regexp: 'user-db', line: 'user-db:user' }
      - { file: '/etc/dconf/profile/gdm', regexp: 'system-db', line: 'system-db:gdm' }
@ -81,7 +81,7 @@
      owner: root
      group: root
      mode: 0644
-  notify: reload dconf
+  notify: Reload dconf
  with_items:
      - { regex: '\[org\/gnome\/desktop\/media-handling\]', line: '[org/gnome/desktop/media-handling]' }
      - { regex: 'automount=', line: 'automount=false' }
--- a/tasks/section_1/cis_1.9.yml
+++ b/tasks/section_1/cis_1.9.yml
@ -4,7 +4,7 @@
  ansible.builtin.package:
      name: "*"
      state: latest
-  notify: change_requires_reboot
+  notify: Change_requires_reboot
  when:
      - rhel9cis_rule_1_9
      - not system_is_ec2