added validate

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-04-04 16:16:31 +01:00 · 2022-04-04 16:16:31 +01:00 · e03f7194ff
commit e03f7194ff
parent 790db75501
1 changed files with 4 additions and 0 deletions
--- a/tasks/section_5/cis_5.3.x.yml
+++ b/tasks/section_5/cis_5.3.x.yml
@ -19,6 +19,7 @@
      dest: /etc/sudoers
      line: "Defaults    use_pty"
      state: present
+      validate: '/usr/sbin/visudo -cf %s'
  when:
      - rhel9cis_rule_5_3_2
  tags:
@ -35,6 +36,7 @@
      regexp: '^Defaults    logfile='
      line: 'Defaults    logfile="{{ rhel9cis_sudolog_location }}"'
      state: present
+      validate: '/usr/sbin/visudo -cf %s'
  when:
      - rhel9cis_rule_5_3_3
  tags:
@ -50,6 +52,7 @@
      path: "{{ item }}"
      regexp: '^([^#|{% if system_is_ec2 %}ec2-user{% endif %}].*)NOPASSWD(.*)'
      replace: '\1PASSWD\2'
+      validate: '/usr/sbin/visudo -cf %s'
  with_items:
      - "{{ rhel9cis_sudoers_files.stdout_lines }}"
  when:
@ -67,6 +70,7 @@
      path: "{{ item }}"
      regexp: '^([^#].*)!authenticate(.*)'
      replace: '\1authenticate\2'
+      validate: '/usr/sbin/visudo -cf %s'
  with_items:
      - "{{ rhel9cis_sudoers_files.stdout_lines }}"
  when: