adding suppress_etc_passwd_logging variable

Signed-off-by: Danny Brody <[email protected]>
ansible-lockdown · Jul 16, 2024 · e5a729d · e5a729d
1 parent 9eb6d35
commit e5a729d
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 0 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1238,3 +1238,4 @@ audit_run_script_environment:
 #### Logging Configuration Settings ####
 # Set to true in order to supress the various tasks from logging
 suppress_package_facts_logging: false
+suppress_etc_passwd_logging: false
diff --git a/tasks/parse_etc_password.yml b/tasks/parse_etc_password.yml
@@ -7,10 +7,13 @@
         changed_when: false
         check_mode: false
         register: amzn2023cis_passwd_file_audit
+        no_log: "{{ suppress_etc_passwd_logging | default(false) }}"
+
 
       - name: "PRELIM | 5.5.2 | 6.2.7 | 6.2.8 | 6.2.20 | Split passwd entries"
         ansible.builtin.set_fact:
             amzn2023cis_passwd: "{{ amzn2023cis_passwd_file_audit.stdout_lines | map('regex_replace', ld_passwd_regex, ld_passwd_yaml) | map('from_yaml') | list }}"
+        no_log: "{{ suppress_etc_passwd_logging | default(false) }}"
         loop: "{{ amzn2023cis_passwd_file_audit.stdout_lines }}"
         vars:
             ld_passwd_regex: >-

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
@@ -292,5 +292,6 @@
 - name: "PRELIM | Gather the package facts after prelim"
   ansible.builtin.package_facts:
       manager: auto
+  no_log: "{{ suppress_package_facts_logging | default(false) }}"
   tags:
       - always