Merge branch 'main' into updated_devel

Signed-off-by: uk-bolly <[email protected]>
ansible-lockdown · May 24, 2024 · 44a2fa7 · 44a2fa7
2 parents a1981ae + 26e9ed2
commit 44a2fa7
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 0 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -29,6 +29,7 @@ CAT III
 - 040025 - /bin/false and ruleid
 - 040026 - /bin/false and ruleid
 
+
 ## 3.1 - STIG V1R12 - 25th Oct 2023
 
 ruleid updated

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 ## metadata for Audit benchmark
+
 benchmark_version: 'v1r13'
 
 ## Benchmark name used by audting control role
@@ -64,6 +65,7 @@ setup_audit: false
 
 # enable audits to run - this runs the audit and get the latest content
 run_audit: false
+
 # Run heavy tests - some tests can have more impact on a system enabling these can have greater impact on a system
 audit_run_heavy_tests: true
 

diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml
@@ -8,6 +8,7 @@
   ansible.builtin.include_tasks:
       file: LE_audit_setup.yml
 
+
 - name: Pre Audit Setup | Ensure {{ audit_conf_dir }} exists
   ansible.builtin.file:
       path: "{{ audit_conf_dir }}"
@@ -44,6 +45,7 @@
       src: "{{ audit_conf_source }}"
       dest: "{{ audit_conf_dest }}"
 
+
 - name: Pre Audit Setup | Get audit content from url
   when:
       - audit_content == 'get_url'
@@ -93,6 +95,7 @@
   block:
       - name: Pre Audit | Capture data {{ pre_audit_outfile }}
         ansible.builtin.shell: "cat {{ pre_audit_outfile }}"
+
         register: pre_audit
         changed_when: false
 

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
@@ -423,6 +423,49 @@
       - RHEL-08-010770
       - complexity-high
 
+
+- name: "PRELIM | RHEL-08-010400 | RHEL-08-020250 | RHEL-08-020290 | set sssd.conf location"
+  block:
+      - name: "PRELIM | RHEL-08-010400 | RHEL-08-020250 | RHEL-08-020290 | Get sssd.conf location"
+        ansible.builtin.stat:
+            path: "{{ rhel8stig_sssd_conf }}"
+        register: rhel8stig_sssd_conf_present
+
+      - name: "PRELIM | RHEL-08-010400 | RHEL-08-020250 | RHEL-08-020290 | Get sssd.conf location | Warning if not found"
+        ansible.builtin.debug:
+            msg: "Warning!! The configured sssd config file {{ rhel8stig_sssd_conf }} has not been found, some items will skip"
+        changed_when: true
+        when:
+            - not rhel8stig_sssd_conf_present.stat.exists
+  when:
+      - rhel_08_010400 or
+        rhel_08_020090 or
+        rhel_08_020250 or
+        rhel_08_020290
+  tags:
+      - always
+
+- name: "PRELIM | Gather interactive user ID min"
+  block:
+      - name: "PRELIM | Gather interactive user ID min"
+        ansible.builtin.shell: grep ^UID_MIN /etc/login.defs | awk '{print $2}'
+        changed_when: false
+        failed_when: false
+        register: rhel8stig_min_uid
+
+      - name: "PRELIM | Gather interactive user ID max"
+        ansible.builtin.shell: grep ^UID_MAX /etc/login.defs | awk '{print $2}'
+        changed_when: false
+        failed_when: false
+        register: rhel8stig_max_uid
+
+      - name: "PRELIM | Setting the fact"
+        ansible.builtin.set_fact:
+            rhel8stig_interactive_uid_start: "{{ rhel8stig_min_uid.stdout | string }}"
+            rhel8stig_interactive_uid_stop: "{{ rhel8stig_max_uid.stdout | string }}"
+  tags:
+      - always
+
 - name: "PRELIM | Gather the package facts"
   ansible.builtin.package_facts:
       manager: auto

diff --git a/vars/audit.yml b/vars/audit.yml
@@ -15,6 +15,7 @@ audit_file_git: "https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git"
 audit_git_version: "benchmark_{{ benchmark_version }}_rh8"
 
 ## Goss configuration information
+
 # Where the goss audit configuration will be stored - NOTE benchmark-audit is expected
 audit_conf_dir: "{{ audit_conf_dest | default('/opt') }}/{{ benchmark }}-Audit"