Skip to content

Commit

Permalink
Merge pull request #103 from ansible-lockdown/devel
Browse files Browse the repository at this point in the history 
devel- main release
  • Loading branch information
@uk-bolly
uk-bolly authored Sep 29, 2023
2 parents 7b5b701 + d01954a commit 68ce732
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions tasks/section_1/cis_1.4.x.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,17 @@

- name: "1.4.1 | PATCH | Ensure bootloader password is set"
block:
- name: "1.4.1 | PATCH | Ensure bootloader password is set"
- name: "1.4.1 | PATCH | Ensure bootloader password is set | set superusers and password"
ansible.builtin.lineinfile:
path: "{{ ubtu20cis_grub_user_file }}"
regexp: '^(password_pbkdf2 {{ ubtu20cis_grub_user }}) grub.pbkdf2.*'
line: '\1 {{ ubtu20cis_bootloader_password_hash }}'
insertafter: set superusers="{{ ubtu20cis_grub_user }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
insertafter: "{{ item.after | default(omit) }}"
create: true
loop:
- { regexp: '^set superusers', line: 'set superusers="{{ ubtu20cis_grub_user }}"' }
- { regexp: '^password_pbkdf2 {{ ubtu20cis_grub_user }} grub.pbkdf2.*', line: 'password_pbkdf2 {{ ubtu20cis_grub_user }} {{ ubtu20cis_bootloader_password_hash }}', after: 'set superusers="' }
notify: Grub update

- name: "1.4.1 | PATCH | Ensure bootloader password is set | allow unrestricted boot"
Expand Down

0 comments on commit 68ce732

Please sign in to comment.