remove state file on file module

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-26 08:29:03 +00:00 · 2023-01-26 08:29:03 +00:00 · f9267a389b
commit f9267a389b
parent 10a6a2e0dd
3 changed files with 2 additions and 15 deletions
--- a/tasks/section_1/cis_1.7.x.yml
+++ b/tasks/section_1/cis_1.7.x.yml
@ -50,7 +50,6 @@
 - name: "1.7.4 | PATCH | Ensure permissions on /etc/motd are configured"
  ansible.builtin.file:
      dest: /etc/motd
-      state: file
      owner: root
      group: root
      mode: 0644
@ -66,7 +65,6 @@
 - name: "1.7.5 | PATCH | Ensure permissions on /etc/issue are configured"
  ansible.builtin.file:
      dest: /etc/issue
-      state: file
      owner: root
      group: root
      mode: 0644
@ -82,7 +80,6 @@
 - name: "1.7.6 | PATCH | Ensure permissions on /etc/issue.net are configured"
  ansible.builtin.file:
      dest: /etc/issue.net
-      state: file
      owner: root
      group: root
      mode: 0644
--- a/tasks/section_4/cis_4.1.4.x.yml
+++ b/tasks/section_4/cis_4.1.4.x.yml
@ -17,7 +17,6 @@
            "4.1.4.3 | PATCH | Ensure only authorized groups are assigned ownership of audit log files"
        ansible.builtin.file:
            path: "{{ audit_logfile.stdout }}"
-            state: file
            mode: 0640
            owner: root
            group: root
@ -59,7 +58,6 @@
 - name: "4.1.4.5 | PATCH | Ensure audit configuration files are 640 or more restrictive"
  ansible.builtin.file:
      path: "{{ item.path }}"
-      state: file
      mode: 0640
  loop: "{{ auditd_conf_files.files }}"
  loop_control:
@ -77,7 +75,6 @@
 - name: "4.1.4.6 | PATCH | Ensure audit configuration files are owned by root"
  ansible.builtin.file:
      path: "{{ item.path }}"
-      state: file
      owner: root
  loop: "{{ auditd_conf_files.files }}"
  loop_control:
@ -94,7 +91,6 @@
 - name: "4.1.4.7 | PATCH | Ensure audit configuration files belong to group root"
  ansible.builtin.file:
      path: "{{ item.path }}"
-      state: file
      group: root
  loop: "{{ auditd_conf_files.files }}"
  loop_control:
@ -125,7 +121,6 @@
      - name: "4.1.4.8 | PATCH | Ensure audit tools are 755 or more restrictive | set if required"
        ansible.builtin.file:
            path: "{{ item.item }}"
-            state: file
            mode: 0750
        register: "audit_bins"
        loop: "{{ audit_bins.results }}"
@ -144,7 +139,6 @@
 - name: "4.1.4.9 | PATCH | Ensure audit tools are owned by root"
  ansible.builtin.file:
      path: "{{ item }}"
-      state: file
      owner: root
      group: root
  loop:
@ -166,7 +160,6 @@
 - name: "4.1.4.10 | PATCH | Ensure audit tools belong to group root"
  ansible.builtin.file:
      path: "{{ item }}"
-      state: file
      group: root
  loop:
      - /sbin/auditctl
--- a/tasks/section_5/cis_5.2.x.yml
+++ b/tasks/section_5/cis_5.2.x.yml
@ -3,7 +3,6 @@
 - name: "5.2.1 | Ensure permissions on /etc/ssh/sshd_config are configured"
  ansible.builtin.file:
      dest: /etc/ssh/sshd_config
-      state: file
      owner: root
      group: root
      mode: 0600
@ -33,8 +32,7 @@
            owner: root
            group: root
            mode: 0600
-        with_items:
-            - "{{ rhel9cis_5_2_2_ssh_private_host_key.files }}"
+        loop: "{{ rhel9cis_5_2_2_ssh_private_host_key.files }}"
        loop_control:
            label: "{{ item.path }}"
  when:
@ -63,8 +61,7 @@
            owner: root
            group: root
            mode: 0644
-        with_items:
-            - "{{ rhel9cis_5_2_3_ssh_public_host_key.files }}"
+        loop: "{{ rhel9cis_5_2_3_ssh_public_host_key.files }}"
        loop_control:
            label: "{{ item.path }}"
  when: