From 45be13dc800e29fa6034d45c3c61d1184a7395a2 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 11 Jul 2023 13:32:31 +0100 Subject: [PATCH 1/5] removed yaml for ansible cli from config Signed-off-by: Mark Bolwell --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index 427d0fa3..fe93a962 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -7,7 +7,7 @@ nocows=1 retry_files_save_path=/dev/null # Use the YAML callback plugin. -stdout_callback = yaml +#stdout_callback = yaml # Use the stdout_callback when running ad-hoc commands. bin_ansible_callbacks = True From d08f9d9f3d251503dd6fca5422ca3bded9199565 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 11 Jul 2023 13:32:43 +0100 Subject: [PATCH 2/5] fixed 10020 Signed-off-by: Mark Bolwell --- tasks/fix-cat1.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/fix-cat1.yml b/tasks/fix-cat1.yml index fa4ca9ee..7b147fa5 100644 --- a/tasks/fix-cat1.yml +++ b/tasks/fix-cat1.yml @@ -93,13 +93,13 @@ with_items: - "{{ ansible_mounts | json_query(query) }}" vars: - query: "[?mount=='{{ rhel8stig_boot_part }}'] | [0]" + query: "[?mount=='{{ rhel8stig_boot_part.stdout }}'] | [0]" key: GRUB_CMDLINE_LINUX param: boot value: UUID={{ item.uuid }} insert: true when: - - rhel8stig_boot_part not in ['/', ''] + - rhel8stig_boot_part.stdout not in ['/', ''] - not ansible_check_mode or rhel_08_010020_default_grub_missing_audit is not changed notify: confirm grub2 user cfg @@ -112,12 +112,12 @@ - fips=1 - boot=UUID={{ ansible_mounts | json_query(query) }} vars: - query: "[?mount=='{{ rhel8stig_boot_part }}'].uuid | [0]" + query: "[?mount=='{{ rhel8stig_boot_part.stdout }}'].uuid | [0]" register: rhel_08_010020_audit when: - not ansible_check_mode or rhel_08_010020_default_grub_missing_audit is not changed - - "rhel8stig_boot_part not in ['/', ''] or + - "rhel8stig_boot_part.stdout not in ['/', ''] or 'boot=' not in item" changed_when: - ansible_check_mode From 2b5785284c71714b4cfd9618c88a7b64ec4a7dd2 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 11 Jul 2023 13:32:51 +0100 Subject: [PATCH 3/5] updated tags Signed-off-by: Mark Bolwell --- tasks/main.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 68d9436e..ab438ff9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -175,9 +175,7 @@ - change_requires_reboot - not rhel8stig_skip_reboot tags: - - CAT1 - - CAT2 - - CAT3 + - always - name: Include post-remediation tasks ansible.builtin.import_tasks: post_remediation_audit.yml @@ -200,6 +198,4 @@ - change_requires_reboot - rhel8stig_skip_reboot tags: - - CAT1 - - CAT2 - - CAT3 + - always From 7b6c0159db6752bbbe6ea21a8725667f462a8b39 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 11 Jul 2023 13:33:05 +0100 Subject: [PATCH 4/5] fix boot_part var Signed-off-by: Mark Bolwell --- tasks/prelim.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/prelim.yml b/tasks/prelim.yml index 36ba127e..b6436d95 100644 --- a/tasks/prelim.yml +++ b/tasks/prelim.yml @@ -3,10 +3,10 @@ - name: "PRELIM | RHEL-08-010020" block: - name: "PRELIM | RHEL-08-010020 | Check if /boot or /boot/efi reside on separate partitions" - ansible.builtin.shell: df --ouAtput=target /boot | tail -n 1 + ansible.builtin.shell: df --output=target /boot | tail -n 1 changed_when: false check_mode: false - register: rhel_08_boot_part + register: rhel8stig_boot_part - name: "PRELIM | RHEL-08-010020 | crypto-policies-scripts package for FIPS" ansible.builtin.package: From 4f8b3aa5c6dba14c9dd4c0704ff0dd0d9a747d05 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 18 Jul 2023 15:26:49 +0100 Subject: [PATCH 5/5] updated layout Signed-off-by: Mark Bolwell --- ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index fe93a962..dbe143da 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -7,7 +7,7 @@ nocows=1 retry_files_save_path=/dev/null # Use the YAML callback plugin. -#stdout_callback = yaml +# stdout_callback = yaml # Use the stdout_callback when running ad-hoc commands. bin_ansible_callbacks = True