Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Boot part variable #214

Merged
merged 5 commits into from
Jul 18, 2023
Merged

Boot part variable #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
45be13d
removed yaml for ansible cli from config
uk-bolly Jul 11, 2023
d08f9d9
fixed 10020
uk-bolly Jul 11, 2023
2b57852
updated tags
uk-bolly Jul 11, 2023
7b6c015
fix boot_part var
uk-bolly Jul 11, 2023
4f8b3aa
updated layout
uk-bolly Jul 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ansible.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ nocows=1
retry_files_save_path=/dev/null

# Use the YAML callback plugin.
stdout_callback = yaml
# stdout_callback = yaml
# Use the stdout_callback when running ad-hoc commands.
bin_ansible_callbacks = True

Expand Down
8 changes: 4 additions & 4 deletions tasks/fix-cat1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,13 +93,13 @@
with_items:
- "{{ ansible_mounts | json_query(query) }}"
vars:
query: "[?mount=='{{ rhel8stig_boot_part }}'] | [0]"
query: "[?mount=='{{ rhel8stig_boot_part.stdout }}'] | [0]"
key: GRUB_CMDLINE_LINUX
param: boot
value: UUID={{ item.uuid }}
insert: true
when:
- rhel8stig_boot_part not in ['/', '']
- rhel8stig_boot_part.stdout not in ['/', '']
- not ansible_check_mode or
rhel_08_010020_default_grub_missing_audit is not changed
notify: confirm grub2 user cfg
Expand All @@ -112,12 +112,12 @@
- fips=1
- boot=UUID={{ ansible_mounts | json_query(query) }}
vars:
query: "[?mount=='{{ rhel8stig_boot_part }}'].uuid | [0]"
query: "[?mount=='{{ rhel8stig_boot_part.stdout }}'].uuid | [0]"
register: rhel_08_010020_audit
when:
- not ansible_check_mode or
rhel_08_010020_default_grub_missing_audit is not changed
- "rhel8stig_boot_part not in ['/', ''] or
- "rhel8stig_boot_part.stdout not in ['/', ''] or
'boot=' not in item"
changed_when:
- ansible_check_mode
Expand Down
8 changes: 2 additions & 6 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,9 +175,7 @@
- change_requires_reboot
- not rhel8stig_skip_reboot
tags:
- CAT1
- CAT2
- CAT3
- always

- name: Include post-remediation tasks
ansible.builtin.import_tasks: post_remediation_audit.yml
Expand All @@ -200,6 +198,4 @@
- change_requires_reboot
- rhel8stig_skip_reboot
tags:
- CAT1
- CAT2
- CAT3
- always
4 changes: 2 additions & 2 deletions tasks/prelim.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
- name: "PRELIM | RHEL-08-010020"
block:
- name: "PRELIM | RHEL-08-010020 | Check if /boot or /boot/efi reside on separate partitions"
ansible.builtin.shell: df --ouAtput=target /boot | tail -n 1
ansible.builtin.shell: df --output=target /boot | tail -n 1
changed_when: false
check_mode: false
register: rhel_08_boot_part
register: rhel8stig_boot_part

- name: "PRELIM | RHEL-08-010020 | crypto-policies-scripts package for FIPS"
ansible.builtin.package:
Expand Down