Addressed #31 thanks to @Coconutcoo

Signed-off-by: Mark Bolwell <[email protected]>
ansible-lockdown · Sep 23, 2024 · 5348282 · 5348282
1 parent bd1138b
commit 5348282
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 17 deletions.
diff --git a/tasks/Cat2/RHEL-09-23xxxx.yml b/tasks/Cat2/RHEL-09-23xxxx.yml
@@ -1886,20 +1886,18 @@
 
     - name: "MEDIUM | RHEL-09-232250 | AUDIT | All RHEL 9 local files and directories must have a valid group owner."
       ansible.builtin.set_fact:
-        rhel9stig_ungrouped_files_found: true
-      loop: "{{ rhel9stig_ungrouped_files_dirs_audit.results }}"
+        rhel9stig_ungrouped_files_results: "{{ rhel9stig_ungrouped_files_dirs_audit.results.0['stdout_lines'] }}"
       when:
-        - item | length > 0
-        - item.stdout is defined  # skipped items are part of results list, but don't have the registered module properties
-        - item.stdout | length > 0
+        - rhel9stig_ungrouped_files_dirs_audit.results | length > 0
+        - rhel9stig_ungrouped_files_dirs_audit is defined
 
     - name: "MEDIUM | RHEL-09-232250 | WARN | All RHEL 9 local files and directories must have a valid group owner."
-      when: rhel9stig_ungrouped_files_found is defined
+      when: rhel9stig_ungrouped_files_results | length > 1
       ansible.builtin.debug:
-        msg: "Warning!! Missing group on items in {{ rhel9stig_ungrouped_files_dirs_audit.stdout_lines  }}"
+        msg: "Warning!! Missing group on items in {{ rhel9stig_ungrouped_files_results }}"
 
     - name: "MEDIUM | RHEL-09-232250 | WARN | All RHEL 9 local files and directories must have a valid group owner."
-      when: rhel9stig_ungrouped_files_found is defined
+      when: rhel9stig_ungrouped_files_results | length > 1
       ansible.builtin.import_tasks:
         file: warning_facts.yml
 
@@ -1921,7 +1919,7 @@
       when:
         - item['device'].startswith('/dev')
         - not 'bind' in item['options']
-      ansible.builtin.shell: find "{{ item.mount }}" -xdev -nogroup
+      ansible.builtin.shell: find "{{ item.mount }}" -xdev -nouser
       check_mode: false
       failed_when: false
       changed_when: false
@@ -1932,20 +1930,18 @@
 
     - name: "MEDIUM | RHEL-09-232255 | AUDIT | All RHEL 9 local files and directories must have a valid owner."
       ansible.builtin.set_fact:
-        rhel9stig_unowned_files_found: true
-      loop: "{{ rhel9stig_unowned_files_dirs_audit.results }}"
+        rhel9stig_unowned_files_results: "{{ rhel9stig_unowned_files_dirs_audit.results.0['stdout_lines'] }}"
       when:
-        - item | length > 0
-        - item.stdout is defined  # skipped items are part of results list, but don't have the registered module properties
-        - item.stdout | length > 0
+        - rhel9stig_unowned_files_dirs_audit.results | length > 0
+        - rhel9stig_unowned_files_dirs_audit is defined
 
     - name: "MEDIUM | RHEL-09-232255 | WARN | All RHEL 9 local files and directories must have a valid owner."
-      when: rhel9stig_unowned_files_found is defined
+      when: rhel9stig_unowned_files_results | length > 1
       ansible.builtin.debug:
-        msg: "Warning!! Missing group on items in {{ rhel9stig_ungrouped_files_dirs_audit.stdout_lines }}"
+        msg: "Warning!! Missing owner on items in {{ rhel9stig_unowned_files_results }}"
 
     - name: "MEDIUM | RHEL-09-232255 | WARN | All RHEL 9 local files and directories must have a valid owner."
-      when: rhel9stig_unowned_files_found is defined
+      when: rhel9stig_unowned_files_results | length > 1
       ansible.builtin.import_tasks:
         file: warning_facts.yml
 

diff --git a/vars/main.yml b/vars/main.yml
@@ -47,3 +47,7 @@ rhel9stig_dod_macs_server:  # Server also has client mac listed above don't dupl
 - hmac-sha1
 - [email protected]
 rhel9stig_dod_kex:
+
+# Defaults added for searches
+rhel9stig_ungrouped_files_found: false
+rhel9stig_unowned_files_found: false