Merge pull request #293 from ansible-lockdown/standards

Updated ordering and notify location
ansible-lockdown · Aug 13, 2024 · ab3972d · ab3972d
2 parents 82dd636 + ab5a607
commit ab3972d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/tasks/fix-cat1.yml b/tasks/fix-cat1.yml
@@ -44,9 +44,9 @@
 
       - name: "HIGH | RHEL-08-010020 | AUDIT | Check for GRUB_CMDLINE_LINUX in /etc/default/grub"
         ansible.builtin.shell: grep -P '^\s*GRUB_CMDLINE_LINUX=".*"$' /etc/default/grub
-        check_mode: false
-        failed_when: false
         changed_when: rhel_08_010020_default_grub_missing_audit.rc > 0
+        failed_when: false
+        check_mode: false
         register: rhel_08_010020_default_grub_missing_audit
 
       - name: "HIGH | RHEL-08-010020 | AUDIT | Parse sane GRUB_CMDLINE_LINUX from /proc/cmdline"

diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml
@@ -6442,6 +6442,7 @@
             - "{{ rhel8stig_fapolicy_white_list }}"
         notify:
             - generate fapolicyd rules
+            - restart fapolicyd
         when:
             - ansible_distribution_version is version('8.4', '>=')
             - rhel_08_040137_rules_dir.stat.isdir
@@ -6456,6 +6457,7 @@
             - "{{ rhel8stig_fapolicy_white_list }}"
         notify:
             - generate fapolicyd rules
+            - restart fapolicyd
         when: ansible_distribution_version is version('8.3', '<=')
 
       - name: "MEDIUM | RHEL-08-040137 | PATCH | The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | Set fapolicy permissive 0"
@@ -6464,8 +6466,6 @@
             regexp: '^permissive ='
             line: 'permissive = 0'
             create: true
-  notify:
-      - restart fapolicyd
   when:
       - rhel_08_040137
   tags: