Skip to content

Commit

Permalink
addressed #261 thanks to kbknapp
Browse files Browse the repository at this point in the history 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
  • Loading branch information
@uk-bolly
uk-bolly committed Dec 4, 2024
1 parent 34dd800 commit 57ca826
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions tasks/section_1/cis_1.7.x.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@
block:
- name: "1.7.2 | PATCH | Ensure GDM login banner is configured | make directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d"
owner: root
group: root
mode: 'go-w'
state: directory

- name: "1.7.2 | PATCH | Ensure GDM login banner is configured | banner settings"
ansible.builtin.lineinfile: # noqa: args[module]
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-login-screen"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-login-screen"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
insertafter: "{{ item.insertafter }}"
Expand Down Expand Up @@ -79,12 +79,12 @@
mode: 'go-w'
state: directory
loop:
- /etc/dconf/db/{{ prelim_dconf_system_db }}.d
- /etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d
- /etc/dconf/profile

- name: "1.7.3 | PATCH | Ensure disable-user-list option is enabled | disable-user-list setting login-screen"
ansible.builtin.lineinfile:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-login-screen"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-login-screen"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
insertafter: "{{ item.insertafter }}"
Expand All @@ -99,7 +99,7 @@

- name: "1.7.3 | PATCH | Ensure disable-user-list option is enabled | disable-user-list setting profile"
ansible.builtin.lineinfile:
path: "/etc/dconf/profile/{{ prelim_dconf_system_db }}"
path: "/etc/dconf/profile/{{ prelim_dconf_system_db.stdout }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
insertafter: "{{ item.insertafter }}"
Expand All @@ -109,10 +109,10 @@
mode: 'u-x,go-wx'
loop:
- { regexp: "^user-db:user", line: "user-db:user", insertafter: EOF }
- { regexp: "^system-db:{{ prelim_dconf_system_db }}", line: "system-db:{{ prelim_dconf_system_db }}", insertafter: "user-db:user" }
- { regexp: "^system-db:{{ prelim_dconf_system_db.stdout }}", line: "system-db:{{ prelim_dconf_system_db.stdout }}", insertafter: "user-db:user" }
- regexp: "^file-db:/usr/share/gdm/greeter-dconf-defaults"
line: "file-db:/usr/share/gdm/greeter-dconf-defaults"
insertafter: "system-db:{{ prelim_dconf_system_db }}"
insertafter: "system-db:{{ prelim_dconf_system_db.stdout }}"
notify: Update dconf

- name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle"
Expand All @@ -129,7 +129,7 @@
block:
- name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle | session profile"
ansible.builtin.lineinfile:
path: "/etc/dconf/profile/{{ prelim_dconf_system_db }}"
path: "/etc/dconf/profile/{{ prelim_dconf_system_db.stdout }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
insertafter: "{{ item.after | default(omit) }}"
Expand All @@ -139,11 +139,11 @@
mode: 'u-x,go-wx'
loop:
- { regexp: "user-db:user", line: "user-db:user" }
- { regexp: "system-db:{{ prelim_dconf_system_db }}", line: "system-db:{{ prelim_dconf_system_db }}", after: "^user-db.*" }
- { regexp: "system-db:{{ prelim_dconf_system_db.stdout }}", line: "system-db:{{ prelim_dconf_system_db.stdout }}", after: "^user-db.*" }

- name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle | make directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d"
owner: root
group: root
mode: 'go-w'
Expand All @@ -153,7 +153,7 @@
- name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle | session script"
ansible.builtin.template:
src: etc/dconf/db/00-screensaver.j2
dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-screensaver"
dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-screensaver"
owner: root
group: root
mode: 'u-x,go-wx'
Expand All @@ -173,7 +173,7 @@
block:
- name: "1.7.5 | PATCH | Ensure GDM screen locks cannot be overridden | make lock directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks"
owner: root
group: root
mode: 'go-w'
Expand All @@ -183,7 +183,7 @@
- name: "1.7.5 | PATCH | Ensure GDM screen locks cannot be overridden | make lockfile"
ansible.builtin.template:
src: etc/dconf/db/00-screensaver_lock.j2
dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks/00-screensaver"
dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks/00-screensaver"
owner: root
group: root
mode: 'u-x,go-wx'
Expand All @@ -207,7 +207,7 @@
block:
- name: "1.7.6 | PATCH | Ensure GDM automatic mounting of removable media is disabled | make directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d"
owner: root
group: root
mode: 'go-w'
Expand All @@ -217,7 +217,7 @@
- name: "1.7.6 | PATCH | Ensure GDM automatic mounting of removable media is disabled | session script"
ansible.builtin.template:
src: etc/dconf/db/00-media-automount.j2
dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-media-automount"
dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-media-automount"
owner: root
group: root
mode: 'u-x,go-wx'
Expand All @@ -241,7 +241,7 @@
block:
- name: "1.7.7 | PATCH | Ensure GDM disabling automatic mounting of removable media is not overridden | make lock directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks"
owner: root
group: root
mode: 'go-w'
Expand All @@ -251,7 +251,7 @@
- name: "1.7.7 | PATCH | Ensure GDM disabling automatic mounting of removable media is not overridden | make lockfile"
ansible.builtin.template:
src: etc/dconf/db/00-automount_lock.j2
dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks/00-automount_lock"
dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks/00-automount_lock"
owner: root
group: root
mode: 'u-x,go-wx'
Expand All @@ -275,7 +275,7 @@
block:
- name: "1.7.8 | PATCH | Ensure GDM autorun-never is enabled | make directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d"
owner: root
group: root
mode: 'go-w'
Expand All @@ -285,7 +285,7 @@
- name: "1.7.8 | PATCH | Ensure GDM autorun-never is enabled | session script"
ansible.builtin.template:
src: etc/dconf/db/00-media-autorun.j2
dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-media-autorun"
dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-media-autorun"
owner: root
group: root
mode: 'u-x,go-wx'
Expand All @@ -309,7 +309,7 @@
block:
- name: "1.7.9 | PATCH | Ensure GDM autorun-never is not overridden | make lock directory"
ansible.builtin.file:
path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks"
path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks"
owner: root
group: root
mode: 'go-w'
Expand All @@ -319,7 +319,7 @@
- name: "1.7.9 | PATCH | Ensure GDM autorun-never is not overridden | make lockfile"
ansible.builtin.template:
src: etc/dconf/db/00-autorun_lock.j2
dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks/00-autorun_lock"
dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks/00-autorun_lock"
owner: root
group: root
mode: 'u-x,go-wx'
Expand Down

0 comments on commit 57ca826

Please sign in to comment.