conditionals updated 4.4.3.4.3,4.4.3.4.4 and 6.2.11\n 6.2.6 and 6.2.7…

… typo fix
ansible-lockdown · Dec 5, 2024 · 99655f4 · 99655f4
1 parent fa44e77
commit 99655f4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/tasks/section_4/cis_4.4.3.4.x.yml b/tasks/section_4/cis_4.4.3.4.x.yml
@@ -103,6 +103,7 @@
 
       - name: "4.4.3.4.3 | PATCH | Ensure pam_unix includes a strong password hashing algorithm | pam_files"
         when:
+            - not rhel8cis_allow_authselect_updates
             - discovered_hash_state is defined
             - discovered_hash_state | length > 0
         ansible.builtin.replace:
@@ -148,6 +149,7 @@
 
       - name: "4.4.3.4.4 | PATCH | Ensure pam_unix includes use_authtok | pam_files"
         when:
+            - not rhel8cis_allow_authselect_updates
             - discovered_pam_authtok is defined
             - discovered_pam_authtok | length > 0
         ansible.builtin.replace:

diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
@@ -192,7 +192,7 @@
       - name: "6.2.6 | WARNING | Ensure no duplicate user names exist | Print warning about users with duplicate User Names"
         when: discovered_username_check.stdout | length > 0
         ansible.builtin.debug:
-            msg: "Warning!! The following user names are duplicates: {{ discovered_user_username_check.stdout_lines }}"
+            msg: "Warning!! The following user names are duplicates: {{ discovered_username_check.stdout_lines }}"
 
       - name: "6.2.6 | WARNING | Ensure no duplicate user names exist | Set warning count"
         when: discovered_username_check.stdout | length > 0
@@ -227,7 +227,7 @@
       - name: "6.2.7 | AUDIT | Ensure no duplicate group names exist | Print warning about users with duplicate group names"
         when: discovered_group_check.stdout | length > 0
         ansible.builtin.debug:
-            msg: "Warning!! The following group names are duplicates: {{ discovered_group_group_check.stdout_lines }}"
+            msg: "Warning!! The following group names are duplicates: {{ discovered_group_check.stdout_lines }}"
 
       - name: "6.2.7 | AUDIT | Ensure no duplicate group names exist | Set warning count"
         when: discovered_group_check.stdout | length > 0
@@ -376,7 +376,7 @@
         # check_mode: false
         # register: discovered_hidden_files
         ansible.builtin.find:
-            path: /home
+            path: "{{ prelim_interactive_users_home.stdout_lines | list }}"
             file_type: file
             hidden: true
         register: discovered_hidden_files
@@ -420,9 +420,9 @@
 
             - name: "6.2.11 | PATCH | Ensure local interactive user dot files access is configured | Changes files ownerships"
               ansible.builtin.file:
-                  path: '{{ item.path }}'
-                  owner: "{{ item.path | dirname | basename }}"
-                  group: "{{  item.path | dirname | basename }}"
+                  path: "{{ item.path }}"
+                  owner: "{{ rhel8cis_passwd | selectattr('dir', 'in', item.path) | map(attribute='uid') | last }}"
+                  group: "{{ rhel8cis_passwd | selectattr('dir', 'in', item.path) | map(attribute='gid') | last }}"
               with_items: "{{ discovered_hidden_files.files }}"
 
             - name: "6.2.11 | PATCH | Ensure local interactive user dot files access is configured | rename .forward or .netrc files"