lint

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-12 13:47:13 +00:00 · 2023-01-12 13:47:13 +00:00 · dae7d03c34
commit dae7d03c34
parent 3321547bfa
7 changed files with 48 additions and 48 deletions
--- a/tasks/section_4/cis_4.1.4.x.yml
+++ b/tasks/section_4/cis_4.1.4.x.yml
@ -16,13 +16,13 @@
            "4.1.4.2 | PATCH | Ensure only authorized users own audit log files"
            "4.1.4.3 | PATCH | Ensure only authorized groups are assigned ownership of audit log files"
        ansible.builtin.file:
-          path: "{{ audit_logfile.stdout }}"
-          state: file
-          mode: 0640
-          owner: root
-          group: root
+            path: "{{ audit_logfile.stdout }}"
+            state: file
+            mode: 0640
+            owner: root
+            group: root
  when:
-      - rhel9cis_rule_4_1_4_1 or 
+      - rhel9cis_rule_4_1_4_1 or
        rhel9cis_rule_4_1_4_2 or
        rhel9cis_rule_4_1_4_3
  tags:
@ -38,14 +38,14 @@
  block:
      - name: "4.1.4.4 | AUDIT | Ensure the audit log directory is 0750 or more restrictive | get current permissions"
        ansible.builtin.stat:
-          path: "{{ audit_logfile.stdout | dirname }}"
+            path: "{{ audit_logfile.stdout | dirname }}"
        register: auditlog_dir

      - name: "4.1.4.4 | PATCH | Ensure the audit log directory is 0750 or more restrictive | set"
        ansible.builtin.file:
-          path: "{{ audit_logfile.stdout | dirname }}"
-          state: directory
-          mode: 0750
+            path: "{{ audit_logfile.stdout | dirname }}"
+            state: directory
+            mode: 0750
        when: not auditlog_dir.stat.mode is match('07(0|5)0')
  when:
      - rhel9cis_rule_4_1_4_4
@ -58,22 +58,22 @@

 - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive"
  block:
-    
-    - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive | get permissions"
-      ansible.builtin.stat:
-        path: "{{ item.path }}"
-      register: item_file
-      loop: "{{ audit_conf_files.results | map(attribute='files') | flatten }}"
-      loop_control:
-        label: "{{ item.path }}"

-    - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive | set permissions"
-      ansible.builtin.file:
-          path: "{{ audit_logfile.stdout | dirname }}"
-          state: file
-          mode: 0640
-      loop: "{{ audit_config_files }}"
-      when: not item_file.stat.mode is match('06(0|4)0')
+      - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive | get permissions"
+        ansible.builtin.stat:
+            path: "{{ item.path }}"
+        register: item_file
+        loop: "{{ audit_conf_files.results | map(attribute='files') | flatten }}"
+        loop_control:
+            label: "{{ item.path }}"
+
+      - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive | set permissions"
+        ansible.builtin.file:
+            path: "{{ audit_logfile.stdout | dirname }}"
+            state: file
+            mode: 0640
+        loop: "{{ audit_config_files }}"
+        when: not item_file.stat.mode is match('06(0|4)0')
  when:
      - rhel9cis_rule_4_1_4_5
  tags:
@ -158,7 +158,7 @@
      - /sbin/auditd
      - /sbin/augenrules
  when:
-      - rhel9cis_rule_4_1_4_9 
+      - rhel9cis_rule_4_1_4_9
  tags:
      - level2-server
      - level2-workstation