Merge branch 'devel' into goss_version

2023-09-18 14:13:32 +01:00 · 2023-09-18 14:13:32 +01:00 · f25110de0d
commit f25110de0d
parent 9c84884357 a3b12b71fb
2 changed files with 13 additions and 8 deletions
--- a/.github/workflows/devel_pipeline_validation.yml
+++ b/.github/workflows/devel_pipeline_validation.yml
@ -27,7 +27,7 @@
                  repo-token: ${{ secrets.GITHUB_TOKEN }}
                  pr-message: |-
                      Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
-                      Please join in the conversation happening on the [Discord Server](https://discord.io/ansible-lockdown) as well.
+                      Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.

        # This workflow contains a single job which tests the playbook
        playbook-test:
--- a/tasks/section_1/cis_1.1.8.x.yml
+++ b/tasks/section_1/cis_1.1.8.x.yml
@ -3,18 +3,23 @@
 # Skips if mount is absent
 - name: "1.1.8.1 | AUDIT | Ensure /dev/shm is a separate partition"
  block:
-      - name: "1.1.8.1 | AUDIT | Ensure /dev/shm is a separate partition | Absent"
-        ansible.builtin.debug:
-            msg: "Warning!! {{ required_mount }} doesn't exist. This is a manual task"
+      - name: "1.1.8.1 | AUDIT | Ensure /dev/shm is a separate partition | check exists"
+        ansible.builtin.shell: mount -l | grep -w /dev/shm
+        changed_when: false
+        register: rhel9cis_1_8_1_1_mount_check

-      - name: "1.1.8.1 | AUDIT | Ensure separate partition exists for /home | Present"
-        ansible.builtin.import_tasks: warning_facts.yml
+      - block:
+            - name: "1.1.8.1 | AUDIT | Ensure /dev/shm is a separate partition | Absent"
+              ansible.builtin.debug:
+                  msg: "Warning!! {{ required_mount }} doesn't exist. This is a manual task"
+
+            - name: "1.1.8.1 | AUDIT | Ensure separate partition exists for /home | Present"
+              ansible.builtin.import_tasks: warning_facts.yml
+        when: rhel9cis_1_8_1_1_mount_check.rc == 1

  vars:
      warn_control_id: '1.1.8.1'
-      required_mount: '/dev/shm'
  when:
-      - required_mount not in mount_names
      - rhel9cis_rule_1_1_8_1
  tags:
      - level1-server