diff --git a/tasks/prelim.yml b/tasks/prelim.yml index c72db659..50d73e0e 100644 --- a/tasks/prelim.yml +++ b/tasks/prelim.yml @@ -138,28 +138,13 @@ - always - name: "PRELIM | PATCH | Ensure auditd is installed" - block: - - name: "PRELIM | PATCH | Ensure auditd is installed" - ansible.builtin.package: - name: ['auditd', 'audispd-plugins'] - state: present - when: - - "'auditd' not in ansible_facts.packages or - 'auditd-plugins' not in ansible_facts.packages" - - - name: "PRELIM | AUDIT | Audit conf and rules files | list files" - ansible.builtin.find: - path: /etc/audit/ - file_type: file - recurse: true - patterns: '*.conf,*.rules' - register: auditd_conf_files - + ansible.builtin.package: + name: ['auditd', 'audispd-plugins'] + state: present when: - - ubtu22cis_rule_4_1_1_1 or - ubtu22cis_rule_4_1_4_5 or - ubtu22cis_rule_4_1_4_6 or - ubtu22cis_rule_4_1_4_7 + - "'auditd' not in ansible_facts.packages or + 'auditd-plugins' not in ansible_facts.packages" + - ubtu22cis_rule_4_1_1_1 tags: - level2-server - level2-workstation @@ -167,6 +152,18 @@ - auditd - always +- name: "PRELIM | AUDIT | Audit conf and rules files | list files" + ansible.builtin.find: + path: /etc/audit/ + file_type: file + recurse: true + patterns: '*.conf,*.rules' + register: auditd_conf_files + tags: + - patch + - auditd + - always + - name: "PRELIM | AUDIT | Check if auditd is immutable before changes" ansible.builtin.shell: auditctl -l | grep -c '-e 2' changed_when: false diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml index 9c4c677d..9770898e 100644 --- a/tasks/section_6/cis_6.1.x.yml +++ b/tasks/section_6/cis_6.1.x.yml @@ -21,6 +21,8 @@ owner: root group: root mode: '0644' + failed_when: discovered_file_exists.state not in '[ file, absent ]' + register: discovered_file_exists when: - ubtu22cis_rule_6_1_2 tags: