tss user and spacing

Signed-off-by: Kristian <kris9854@gmail.com>
2022-09-27 17:15:49 +02:00 · 2022-09-27 17:15:49 +02:00 · fc407f8329
commit fc407f8329
parent 5098beec03
8 changed files with 12 additions and 14 deletions
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@ -1,8 +1,5 @@
 ---
-
 collections:
 - name: community.general
-
 - name: community.crypto
-
 - name: ansible.posix
--- a/tasks/section_3/cis_3.1.x.yml
+++ b/tasks/section_3/cis_3.1.x.yml
@ -64,7 +64,7 @@

 - name: "3.1.4 | PATCH | Ensure wireless interfaces are disabled"
  block:
-      - name: "3.1.4 | AUDIT |  Ensure wireless interfaces are disabled | Check if nmcli command is available"
+      - name: "3.1.4 | AUDIT | Ensure wireless interfaces are disabled | Check if nmcli command is available"
        command: rpm -q NetworkManager
        changed_when: false
        failed_when: false
--- a/tasks/section_4/main.yml
+++ b/tasks/section_4/main.yml
@ -15,7 +15,7 @@
  import_tasks: cis_4.2.1.x.yml
  when: rhel9cis_syslog == 'rsyslog'

- name: "SECTION | 4.2.2  Configure journald"
+- name: "SECTION | 4.2.2 | Configure journald"
  import_tasks: cis_4.2.2.x.yml
  when: rhel9cis_syslog == 'journald'

--- a/tasks/section_5/cis_5.1.x.yml
+++ b/tasks/section_5/cis_5.1.x.yml
@ -148,7 +148,7 @@
            dest: /etc/at.deny
            state: absent

-      - name: "5.1.9 | PATCH | Ensure at is restricted to authorized users  | Check if at.allow exists"
+      - name: "5.1.9 | PATCH | Ensure at is restricted to authorized users | Check if at.allow exists"
        stat:
            path: "/etc/at.allow"
        register: rhel9cis_5_1_9_at_allow_state
--- a/tasks/section_5/cis_5.2.x.yml
+++ b/tasks/section_5/cis_5.2.x.yml
@ -296,7 +296,7 @@
      - ssh
      - rule_5.2.14

- name: "5.2.15  | PATCH | Ensure SSH warning banner is configured"
+- name: "5.2.15 | PATCH | Ensure SSH warning banner is configured"
  lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^Banner'
@ -343,7 +343,7 @@
      - ssh
      - rule_5.2.17

- name: "5.2.18  | PATCH | Ensure SSH MaxSessions is set to 10 or less"
+- name: "5.2.18 | PATCH | Ensure SSH MaxSessions is set to 10 or less"
  lineinfile:
      path: /etc/ssh/sshd_config
      regexp: "^#MaxSessions|^MaxSessions"
--- a/tasks/section_5/cis_5.6.1.x.yml
+++ b/tasks/section_5/cis_5.6.1.x.yml
@ -78,7 +78,7 @@
      - password
      - rule_5.6.1.4

- name: "5.6.1.5 |  PATCH | Ensure all users last password change date is in the past"
+- name: "5.6.1.5 | PATCH | Ensure all users last password change date is in the past"
  block:
      - name: "5.6.1.5 | AUDIT | Ensure all users last password change date is in the past | Get current date in Unix Time"
        shell: echo $(($(date --utc --date "$1" +%s)/86400))
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@ -96,7 +96,7 @@
      - permissions
      - rule_6.1.4

- name: "6.1.5 | PATCH |  Ensure permissions on /etc/group are configured"
+- name: "6.1.5 | PATCH | Ensure permissions on /etc/group are configured"
  file:
      dest: /etc/group-
      owner: root
@ -299,7 +299,7 @@
        loop_control:
            label: "{{ item.mount }}"

-      - name: "6.1.14 | AUDIT | Audit SUID executables |  Alert no SUID executables exist"
+      - name: "6.1.14 | AUDIT | Audit SUID executables | Alert no SUID executables exist"
        debug:
            msg: "Good news! We have not found any SUID executable files on your system"
        failed_when: false
@ -307,7 +307,7 @@
        when:
            - rhel_08_6_1_14_perms_results.stdout is not defined

-      - name: "6.1.14 | AUDIT | Audit SUID executables |  Alert SUID executables exist"
+      - name: "6.1.14 | AUDIT | Audit SUID executables | Alert SUID executables exist"
        debug:
            msg: "Manual intervention is required -- SUID set on items in {{ item.item.mount }}: {{ item.stout_lines | join(', ') }}"
        with_items: "{{ rhel_08_6_1_14_perms_results.stdout_lines }}"
@ -334,7 +334,7 @@
        loop_control:
            label: "{{ item.mount }}"

-      - name: "6.1.15 | AUDIT | Audit SGID executables |  Alert no SGID executables exist"
+      - name: "6.1.15 | AUDIT | Audit SGID executables | Alert no SGID executables exist"
        debug:
            msg: "Good news! We have not found any SGID executable files on your system"
        failed_when: false
@ -342,7 +342,7 @@
        when:
            - rhel_08_6_1_15_perms_results.stdout is not defined

-      - name: "6.1.15 | AUDIT | Audit SGID executables |  Alert SGID executables exist"
+      - name: "6.1.15 | AUDIT | Audit SGID executables | Alert SGID executables exist"
        debug:
            msg: "Manual intervention is required -- SGID set on items in {{ item.item.mount }}: {{ item.stout_lines | join(', ') }}"
        with_items: "{{ rhel_08_6_1_15_perms_results.stdout_lines }}"
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@ -333,6 +333,7 @@
  when:
      - item.uid >= min_int_uid | int
      - item.id != 'nobody'
+      - (item.id != 'tss' and item.dir != '/dev/null')
      - rhel9cis_rule_6_2_10
  tags:
      - skip_ansible_lint  # settings found on 6_2_7