Updated with changes to search for everything contianing nfs

Signed-off-by: layluke <[email protected]>
ansible-lockdown · Sep 30, 2024 · 32fb1a2 · 32fb1a2
1 parent 8af2759
commit 32fb1a2
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/tasks/Cat2/RHEL-09-23xxxx.yml b/tasks/Cat2/RHEL-09-23xxxx.yml
@@ -197,7 +197,6 @@
 - name: "MEDIUM | RHEL-09-231065 | PATCH | RHEL 9 must prevent special devices on file systems that are imported via Network File System (NFS)."
   when:
     - rhel_09_231065
-    - ansible_facts['mounts']| selectattr('fstype', '==', 'nfs')
     - "'nfs-utils' in ansible_facts.packages"
     - "'nodev' not in item.options"
     - rhel9stig_disruption_high
@@ -215,14 +214,13 @@
     path: "{{ item.mount }}"
     src: "{{ item.device }}"
     state: present
-  loop: "{{ ansible_facts.mounts | selectattr('fstype', 'equalto', 'nfs') | list }}"
+  loop: "{{ ansible_facts.mounts | selectattr('fstype', 'contains', 'nfs') | list }}"
   loop_control:
     label: "{{ item.device }}"
 
 - name: "MEDIUM | RHEL-09-231070 | PATCH | RHEL 9  must prevent code from being executed on file systems that are imported via Network File System (NFS)."
   when:
     - rhel_09_231070
-    - ansible_facts['mounts']| selectattr('fstype', '==', 'nfs')
     - "'nfs-utils' in ansible_facts.packages"
     - "'noexec' not in item.options"
     - rhel9stig_disruption_high
@@ -240,14 +238,13 @@
     path: "{{ item.mount }}"
     src: "{{ item.device }}"
     state: present
-  loop: "{{ ansible_facts.mounts | selectattr('fstype', 'equalto', 'nfs') | list }}"
+  loop: "{{ ansible_facts.mounts | selectattr('fstype', 'contains', 'nfs') | list }}"
   loop_control:
     label: "{{ item.device }}"
 
 - name: "MEDIUM | RHEL-09-231075 | PATCH | RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS)."
   when:
     - rhel_09_231075
-    - ansible_facts['mounts']| selectattr('fstype', '==', 'nfs')
     - "'nfs-utils' in ansible_facts.packages"
     - "'nosuid' not in item.options"
     - rhel9stig_disruption_high
@@ -265,7 +262,7 @@
     path: "{{ item.mount }}"
     src: "{{ item.device }}"
     state: present
-  loop: "{{ ansible_facts.mounts | selectattr('fstype', 'equalto', 'nfs') | list }}"
+  loop: "{{ ansible_facts.mounts | selectattr('fstype', 'contains', 'nfs') | list }}"
   loop_control:
     label: "{{ item.device }}"