From 14e04df045241e2749b68e69c127b58dfd884473 Mon Sep 17 00:00:00 2001 From: Alexandre Rousseau Date: Wed, 6 Dec 2023 22:27:26 -0500 Subject: [PATCH 1/3] Fix loop condition default Signed-off-by: Alexandre Rousseau --- tasks/section_5/cis_5.2.4.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section_5/cis_5.2.4.x.yml b/tasks/section_5/cis_5.2.4.x.yml index a1fd1d6e..17b2573a 100644 --- a/tasks/section_5/cis_5.2.4.x.yml +++ b/tasks/section_5/cis_5.2.4.x.yml @@ -65,7 +65,7 @@ ansible.builtin.file: path: "{{ item.path }}" mode: '0640' - loop: "{{ auditd_conf_files.files }}" + loop: "{{ auditd_conf_files.files|default({})}}" loop_control: label: "{{ item.path }}" when: From 7ed10020303c32680296a8702c4a0d0b8ee7bcbd Mon Sep 17 00:00:00 2001 From: Alexandre Rousseau Date: Wed, 6 Dec 2023 23:30:40 -0500 Subject: [PATCH 2/3] Fix loop condition default Signed-off-by: Alexandre Rousseau --- tasks/section_5/cis_5.2.4.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section_5/cis_5.2.4.x.yml b/tasks/section_5/cis_5.2.4.x.yml index 17b2573a..8e7d983e 100644 --- a/tasks/section_5/cis_5.2.4.x.yml +++ b/tasks/section_5/cis_5.2.4.x.yml @@ -65,7 +65,7 @@ ansible.builtin.file: path: "{{ item.path }}" mode: '0640' - loop: "{{ auditd_conf_files.files|default({})}}" + loop: "{{ auditd_conf_files.files|default([])}}" loop_control: label: "{{ item.path }}" when: From c6fbfac6f1586792c12e6f3e827a827979c3f8c5 Mon Sep 17 00:00:00 2001 From: Alexandre Rousseau Date: Wed, 20 Dec 2023 14:47:11 -0500 Subject: [PATCH 3/3] added default value for ubtu20cis_uses_root Signed-off-by: Alexandre Rousseau --- defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 94112ddb..7e3c3780 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -73,6 +73,12 @@ ubtu20cis_system_is_container: false # skip events for ec2 instance testing pipeline system_is_ec2: false +## Root user used +# Root by default is not used unless setup by user +# The role will only run certain commands if set to true +# This allows the ability to skip tasks that may cause an issue +ubtu20cis_uses_root: false + # Section 1 Fixes # Section 1 is Initial setup (FileSystem Configuration, Configure Software Updates, Filesystem Integrity Checking, Secure Boot Settings, # Additional Process Hardening, Mandatory Access Control, Command Line Warning Banners, and GNOME Display Manager)