lint updates

Signed-off-by: Mark Bolwell <[email protected]>
ansible-lockdown · Oct 26, 2022 · 4d48ae5 · 4d48ae5
1 parent aed7835
commit 4d48ae5
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 20 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -6,6 +6,9 @@ skip_list:
     - 'no-changed-when'
     - 'var-spacing'
     - 'fqcn-builtins'
+    - 'experimental'
+    - 'name[casing]'
+    - 'name[template]'
     - '204'
     - '305'
     - '303'

diff --git a/.yamllint b/.yamllint
@@ -14,16 +14,13 @@ rules:
     spaces: 4
     # Requiring consistent indentation within a file, either indented or not
     indent-sequences: consistent
-  truthy: disable
+    level: error
   braces:
     max-spaces-inside: 1
     level: error
   brackets:
     max-spaces-inside: 1
     level: error
-  indentation:
-    indent-sequences: consistent
-    level: error
   line-length: disable
   key-duplicates: enable
   new-line-at-end-of-file: enable

diff --git a/meta/main.yml b/meta/main.yml
@@ -4,7 +4,8 @@ galaxy_info:
     description: "Apply the DISA RHEL 8 STIG"
     company: "MindPoint Group"
     license: MIT
-    # role_name: rhel8_stig
+    role_name: rhel8_stig
+    namespace: mindpointgroup
     min_ansible_version: '2.9.0'
     platforms:
         - name: EL

diff --git a/site.yml b/site.yml
@@ -1,5 +1,5 @@
 ---
-- hosts: all
+- hosts: all  # noqa: name[play]
   become: true
 
   roles:

diff --git a/tasks/fix-cat1.yml b/tasks/fix-cat1.yml
@@ -18,9 +18,9 @@
   block:
       - name: "HIGH | RHEL-08-010020 | PATCH | The Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | install FIPS"
         package:
-            name: 
-            - dracut-fips
-            - crypto-policies-scripts
+            name:
+                - dracut-fips
+                - crypto-policies-scripts
             state: present
         notify:
             - rebuild initramfs

diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml
@@ -85,7 +85,7 @@
       - name: |
               "MEDIUM | RHEL-08-010040 | PATCH | RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a ssh logon. | Set banner message""
               "MEDIUM | RHEL-08-010060 | PATCH | RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | Set banner message""
-        copy:
+        copy:  # noqa: template-instead-of-copy
             dest: "{{ item }}"
             content: "{{ rhel8stig_logon_banner }}"
             owner: root
@@ -133,7 +133,7 @@
       - banner
 
 - name: "MEDIUM | RHEL-08-010050 | PATCH | RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon."
-  copy:
+  copy:  # noqa: template-instead-of-copy
       dest: /etc/dconf/db/local.d/01-banner-message
       content: |
           [org/gnome/login-screen]
@@ -295,11 +295,11 @@
     "MEDIUM | RHEL-08-010141 | PATCH | RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance."
     "MEDIUM | RHEL-08-010149 | PATCH | RHEL 8 operating systems booted with a BIOS must require a unique superusers name upon booting into single-user and maintenance modes."
   template:
-    src: 01_users.j2
-    dest: /etc/grub.d/01_users
-    owner: root
-    group: root
-    mode: 0644
+      src: 01_users.j2
+      dest: /etc/grub.d/01_users
+      owner: root
+      group: root
+      mode: 0644
   notify: confirm grub2 user cfg
   when:
       - rhel_08_010141 or
@@ -771,9 +771,9 @@
     "MEDIUM | RHEL-08-010290 | PATCH | The RHEL 8 SSH daemon must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | Add ssh ciphers"
     "MEDIUM | RHEL-08-010291 | PATCH | The RHEL 8 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | Add ssh ciphers"
   lineinfile:
-    path: /etc/crypto-policies/back-ends/opensshserver.config
-    regexp: '^CRYPTO_POLICY='
-    line: CRYPTO_POLICY='{{ rhel8stig_ssh_server_crypto_settings }}'
+      path: /etc/crypto-policies/back-ends/opensshserver.config
+      regexp: '^CRYPTO_POLICY='
+      line: CRYPTO_POLICY='{{ rhel8stig_ssh_server_crypto_settings }}'
   notify: change_requires_reboot
   when:
       - rhel_08_010290 or

diff --git a/vars/main.yml b/vars/main.yml
@@ -1,5 +1,5 @@
 ---
-rhel8stig_min_ansible_version: 2.6
+rhel8stig_min_ansible_version: 2.9.0
 
 rhel8stig_dconf_available: "{{ rhel8stig_gui or rhel8stig_dconf_audit.rc == 0 or
        rhel8stig_always_configure_dconf }}"