lint: ansible-lint suggested updates
Some checks failed
Ansible Lint Check / lint (push) Has been cancelled
Some checks failed
Ansible Lint Check / lint (push) Has been cancelled
This commit is contained in:
parent
2ba6c6691b
commit
58fd3ec476
20 changed files with 139 additions and 56 deletions
|
|
@ -1,15 +1,10 @@
|
|||
---
|
||||
- name: Lockdown | AUDIT | Check current authselect configuration
|
||||
command: authselect current
|
||||
ansible.builtin.command: authselect current
|
||||
register: baseline_lockdown_authselect_status
|
||||
failed_when: false # Exit code is 2 when not configured
|
||||
changed_when: false
|
||||
|
||||
- name: Lockdown | AUDIT | Do not disable root login if no authselect profile configured
|
||||
ansible.builtin.set_fact:
|
||||
rhel9cis_rule_5_1_20: false
|
||||
when: baseline_lockdown_authselect_status.rc == 2
|
||||
|
||||
- name: Lockdown | PATCH | Run Ansible Lockdown (RHEL9-CIS)
|
||||
ansible.builtin.include_role:
|
||||
name: RHEL9-CIS
|
||||
|
|
@ -19,11 +14,12 @@
|
|||
rhel9cis_rule_1_7_4: false
|
||||
# Don't restrict user SSH access in sshd_config - this is managed by FreeIPA
|
||||
rhel9cis_rule_5_1_7: false
|
||||
# Only disable root login once authselect is configured
|
||||
rhel9cis_rule_5_1_20: "{{ baseline_lockdown_authselect_status.rc != 2 }}"
|
||||
# TODO: figure out boot password
|
||||
rhel9cis_set_boot_pass: false
|
||||
# TODO: We intend to later deploy a remote rsyslog sink
|
||||
rhel9cis_syslog: rsyslog
|
||||
rhel9cis_time_synchronization_servers: "{{ baseline_ntp_servers }}"
|
||||
rhel9cis_warning_banner: "{{ baseline_warning_banner }}"
|
||||
rhel9cis_sshd_denyusers: "admin nobody"
|
||||
when: (ansible_distribution == "Rocky") and (ansible_distribution_major_version == "9")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue