From ab5a6072394676489ddb8f68b3b1208a87f10c9c Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 13 Aug 2024 13:34:11 +0100 Subject: [PATCH] Updated ordering and notify location Signed-off-by: Mark Bolwell --- tasks/fix-cat1.yml | 4 ++-- tasks/fix-cat2.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/fix-cat1.yml b/tasks/fix-cat1.yml index 3e0a322..a620305 100644 --- a/tasks/fix-cat1.yml +++ b/tasks/fix-cat1.yml @@ -44,9 +44,9 @@ - name: "HIGH | RHEL-08-010020 | AUDIT | Check for GRUB_CMDLINE_LINUX in /etc/default/grub" ansible.builtin.shell: grep -P '^\s*GRUB_CMDLINE_LINUX=".*"$' /etc/default/grub - check_mode: false - failed_when: false changed_when: rhel_08_010020_default_grub_missing_audit.rc > 0 + failed_when: false + check_mode: false register: rhel_08_010020_default_grub_missing_audit - name: "HIGH | RHEL-08-010020 | AUDIT | Parse sane GRUB_CMDLINE_LINUX from /proc/cmdline" diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml index c825ddc..ec4bce8 100644 --- a/tasks/fix-cat2.yml +++ b/tasks/fix-cat2.yml @@ -6442,6 +6442,7 @@ - "{{ rhel8stig_fapolicy_white_list }}" notify: - generate fapolicyd rules + - restart fapolicyd when: - ansible_distribution_version is version('8.4', '>=') - rhel_08_040137_rules_dir.stat.isdir @@ -6456,6 +6457,7 @@ - "{{ rhel8stig_fapolicy_white_list }}" notify: - generate fapolicyd rules + - restart fapolicyd when: ansible_distribution_version is version('8.3', '<=') - name: "MEDIUM | RHEL-08-040137 | PATCH | The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | Set fapolicy permissive 0" @@ -6464,8 +6466,6 @@ regexp: '^permissive =' line: 'permissive = 0' create: true - notify: - - restart fapolicyd when: - rhel_08_040137 tags: