lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-13 12:10:18 +00:00 · 2023-01-13 12:10:18 +00:00 · acf0104f7a
commit acf0104f7a
parent 3ead0d63ac
34 changed files with 199 additions and 213 deletions
--- a/tasks/section_4/cis_4.1.2.x.yml
+++ b/tasks/section_4/cis_4.1.2.x.yml
@ -5,7 +5,7 @@
      path: /etc/audit/auditd.conf
      regexp: "^max_log_file( |=)"
      line: "max_log_file = {{ rhel9cis_max_log_file_size }}"
-  notify: restart auditd
+  notify: Restart auditd
  when:
      - rhel9cis_rule_4_1_2_1
  tags:
@ -21,7 +21,7 @@
      path: /etc/audit/auditd.conf
      regexp: "^max_log_file_action"
      line: "max_log_file_action = {{ rhel9cis_auditd['max_log_file_action'] }}"
-  notify: restart auditd
+  notify: Restart auditd
  when:
      - rhel9cis_rule_4_1_2_2
  tags:
@ -36,7 +36,7 @@
      path: /etc/audit/auditd.conf
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
-  notify: restart auditd
+  notify: Restart auditd
  with_items:
      - { regexp: '^admin_space_left_action', line: 'admin_space_left_action = {{ rhel9cis_auditd.admin_space_left_action }}' }
      - { regexp: '^action_mail_acct', line: 'action_mail_acct = {{ rhel9cis_auditd.action_mail_acct }}' }
@ -56,7 +56,7 @@
      regexp: "^{{ item }}( |=)"
      line: "{{ item }} = {{ rhel9cis_auditd_extra_conf[item] }}"
  loop: "{{ rhel9cis_auditd_extra_conf.keys() }}"
-  notify: restart auditd
+  notify: Restart auditd
  when:
      - rhel9cis_auditd_extra_conf.keys() | length > 0
  tags:
--- a/tasks/section_4/cis_4.1.4.x.yml
+++ b/tasks/section_4/cis_4.1.4.x.yml
@ -64,9 +64,9 @@
  loop: "{{ auditd_conf_files.files }}"
  loop_control:
      label: "{{ item.path }}"
-  when: 
-       - item.mode != '06(0|4)0'
-       - rhel9cis_rule_4_1_4_5
+  when:
+      - item.mode != '06(0|4)0'
+      - rhel9cis_rule_4_1_4_5
  tags:
      - level2-server
      - level2-workstation
--- a/tasks/section_4/cis_4.2.1.x.yml
+++ b/tasks/section_4/cis_4.2.1.x.yml
@ -32,10 +32,10 @@
      path: /etc/systemd/journald.conf
      regexp: "^#ForwardToSyslog=|^ForwardToSyslog="
      line: ForwardToSyslog=yes
-  notify: restart rsyslog
+  notify: Restart rsyslog
  when:
      - rhel9cis_rule_4_2_1_3
-      - rhel9cis_preferred_log_capture == "rsyslog"
+      - rhel9cis_syslog == "rsyslog"
  tags:
      - level1-server
      - level1-workstation
@ -47,7 +47,7 @@
      path: /etc/rsyslog.conf
      regexp: '^\$FileCreateMode'
      line: '$FileCreateMode 0640'
-  notify: restart rsyslog
+  notify: Restart rsyslog
  when:
      - rhel9cis_rule_4_2_1_4
  tags:
@ -60,7 +60,7 @@
 - name: "4.2.1.5 | PATCH | Ensure logging is configured"
  block:
      - name: "4.2.1.5 | AUDIT | Ensure logging is configured | rsyslog current config message out"
-        ansible.builtin.command: cat /etc/rsyslog.conf
+        ansible.builtin.shell: cat /etc/rsyslog.conf
        changed_when: false
        failed_when: false
        check_mode: false
@ -84,7 +84,7 @@
              mail.warning                                            -/var/log/mail.warning
              mail.err                                                /var/log/mail.err
            insertafter: '# Log all the mail messages in one place.'
-        notify: restart rsyslog
+        notify: Restart rsyslog
        when: rhel9cis_rsyslog_ansiblemanaged

      - name: "4.2.1.5 | PATCH | Ensure logging is configured | news.crit log setting"
@ -97,7 +97,7 @@
              news.crit                                               -/var/log/news/news.crit
              news.notice                                             -/var/log/news/news.crit
            insertafter: '# Save news errors of level crit and higher in a special file.'
-        notify: restart rsyslog
+        notify: Restart rsyslog
        when: rhel9cis_rsyslog_ansiblemanaged

      - name: "4.2.1.5 | PATCH | Ensure logging is configured | Misc. log setting"
@ -111,7 +111,7 @@
              *.crit                                                   /var/log/warn
              *.*;mail.none;news.none                                  /var/log/messages
            insertafter: '#### RULES ####'
-        notify: restart rsyslog
+        notify: Restart rsyslog
        when: rhel9cis_rsyslog_ansiblemanaged

      - name: "4.2.1.5 | PATCH | Ensure logging is configured | Local log settings"
@ -127,7 +127,7 @@
              local6,local7.*                                          -/var/log/localmessages
              *.emrg                                                    :omusrmsg:*
            insertafter: '#### RULES ####'
-        notify: restart rsyslog
+        notify: Restart rsyslog

      - name: "4.2.1.5 | PATCH | Ensure logging is configured | Auth Settings"
        ansible.builtin.blockinfile:
@ -138,7 +138,7 @@
              # Private settings to meet CIS standards
              auth,authpriv.*                                           /var/log/secure
            insertafter: '#### RULES ####'
-        notify: restart rsyslog
+        notify: Restart rsyslog

      - name: "4.2.1.5 | PATCH | Ensure logging is configured | Cron Settings"
        ansible.builtin.blockinfile:
@ -149,7 +149,7 @@
              # Cron settings to meet CIS standards
              cron.*                                                   /var/log/cron
            insertafter: '#### RULES ####'
-        notify: restart rsyslog
+        notify: Restart rsyslog
  when:
      - rhel9cis_rule_4_2_1_5
  tags:
@ -171,7 +171,7 @@
  failed_when:
      - result is failed
      - result.rc != 257
-  notify: restart rsyslog
+  notify: Restart rsyslog
  when:
      - rhel9cis_rule_4_2_1_6
      - rhel9cis_remote_log_server
@ -189,7 +189,7 @@
            path: /etc/rsyslog.conf
            regexp: '{{ item }}'
            replace: '#\1'
-        notify: restart rsyslog
+        notify: Restart rsyslog
        loop:
            - '^(\$ModLoad imtcp)'
            - '^(\$InputTCPServerRun)'
@ -202,7 +202,7 @@
            path: /etc/rsyslog.conf
            regexp: '^#(.*{{ item }}.*)'
            replace: '\1'
-        notify: restart rsyslog
+        notify: Restart rsyslog
        loop:
            - 'ModLoad imtcp'
            - 'InputTCPServerRun'
--- a/tasks/section_4/cis_4.2.2.x.yml
+++ b/tasks/section_4/cis_4.2.2.x.yml
@ -19,7 +19,7 @@
      path: /etc/systemd/journal-upload.conf
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
-  notify: restart systemd_journal_upload
+  notify: Restart systemd_journal_upload
  with_items:
      - { regexp: 'URL=', line: 'URL={{ rhel9cis_journal_upload_url }}'}
      - { regexp: 'ServerKeyFile=', line: 'ServerKeyFile={{ rhel9cis_journal_upload_serverkeyfile }}'}
@ -92,7 +92,7 @@
        ansible.builtin.import_tasks: warning_facts.yml
        when: "'static' not in rhel9cis_4_2_2_2_status.stdout"
  vars:
-     warn_control_id: '4.2.2.2'
+      warn_control_id: '4.2.2.2'
  when:
      - rhel9cis_rule_4_2_2_2
  tags:
@ -108,7 +108,7 @@
      path: /etc/systemd/journald.conf
      regexp: "^#Compress=|^Compress="
      line: Compress=yes
-  notify: restart systemd_journal_upload
+  notify: Restart systemd_journal_upload
  when:
      - rhel9cis_rule_4_2_2_3
  tags:
@ -124,7 +124,7 @@
      path: /etc/systemd/journald.conf
      regexp: "^#Storage=|^Storage="
      line: Storage=persistent
-  notify: restart systemd_journal_upload
+  notify: Restart systemd_journal_upload
  when:
      - rhel9cis_rule_4_2_2_4
  tags:
@ -141,7 +141,7 @@
      path: /etc/systemd/journald.conf
      regexp: "^ForwardToSyslog="
      line: "#ForwardToSyslog=yes"
-  notify: restart systemd_journal_upload
+  notify: Restart systemd_journal_upload
  when:
      - rhel9cis_rule_4_2_2_5
  tags:
@ -157,7 +157,7 @@
      path: /etc/systemd/journald.conf
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
-  notify: restart journald
+  notify: Restart systemd_journal_upload
  with_items:
      - { regexp: '^#SystemMaxUse=|^SystemMaxUse=', line: 'SystemMaxUse={{ rhel9cis_journald_systemmaxuse }}'}
      - { regexp: '^#SystemKeepFree=|^SystemKeepFree=', line: 'SystemKeepFree={{ rhel9cis_journald_systemkeepfree }}' }