From 57ca82678a2b272d1e989ff7559bca385ddd6323 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Wed, 4 Dec 2024 12:31:21 +0000 Subject: [PATCH] addressed #261 thanks to kbknapp Signed-off-by: Mark Bolwell --- tasks/section_1/cis_1.7.x.yml | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/tasks/section_1/cis_1.7.x.yml b/tasks/section_1/cis_1.7.x.yml index 0d42d18..441c7ea 100644 --- a/tasks/section_1/cis_1.7.x.yml +++ b/tasks/section_1/cis_1.7.x.yml @@ -33,7 +33,7 @@ block: - name: "1.7.2 | PATCH | Ensure GDM login banner is configured | make directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d" owner: root group: root mode: 'go-w' @@ -41,7 +41,7 @@ - name: "1.7.2 | PATCH | Ensure GDM login banner is configured | banner settings" ansible.builtin.lineinfile: # noqa: args[module] - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-login-screen" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-login-screen" regexp: "{{ item.regexp }}" line: "{{ item.line }}" insertafter: "{{ item.insertafter }}" @@ -79,12 +79,12 @@ mode: 'go-w' state: directory loop: - - /etc/dconf/db/{{ prelim_dconf_system_db }}.d + - /etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d - /etc/dconf/profile - name: "1.7.3 | PATCH | Ensure disable-user-list option is enabled | disable-user-list setting login-screen" ansible.builtin.lineinfile: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-login-screen" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-login-screen" regexp: "{{ item.regexp }}" line: "{{ item.line }}" insertafter: "{{ item.insertafter }}" @@ -99,7 +99,7 @@ - name: "1.7.3 | PATCH | Ensure disable-user-list option is enabled | disable-user-list setting profile" ansible.builtin.lineinfile: - path: "/etc/dconf/profile/{{ prelim_dconf_system_db }}" + path: "/etc/dconf/profile/{{ prelim_dconf_system_db.stdout }}" regexp: "{{ item.regexp }}" line: "{{ item.line }}" insertafter: "{{ item.insertafter }}" @@ -109,10 +109,10 @@ mode: 'u-x,go-wx' loop: - { regexp: "^user-db:user", line: "user-db:user", insertafter: EOF } - - { regexp: "^system-db:{{ prelim_dconf_system_db }}", line: "system-db:{{ prelim_dconf_system_db }}", insertafter: "user-db:user" } + - { regexp: "^system-db:{{ prelim_dconf_system_db.stdout }}", line: "system-db:{{ prelim_dconf_system_db.stdout }}", insertafter: "user-db:user" } - regexp: "^file-db:/usr/share/gdm/greeter-dconf-defaults" line: "file-db:/usr/share/gdm/greeter-dconf-defaults" - insertafter: "system-db:{{ prelim_dconf_system_db }}" + insertafter: "system-db:{{ prelim_dconf_system_db.stdout }}" notify: Update dconf - name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle" @@ -129,7 +129,7 @@ block: - name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle | session profile" ansible.builtin.lineinfile: - path: "/etc/dconf/profile/{{ prelim_dconf_system_db }}" + path: "/etc/dconf/profile/{{ prelim_dconf_system_db.stdout }}" regexp: "{{ item.regexp }}" line: "{{ item.line }}" insertafter: "{{ item.after | default(omit) }}" @@ -139,11 +139,11 @@ mode: 'u-x,go-wx' loop: - { regexp: "user-db:user", line: "user-db:user" } - - { regexp: "system-db:{{ prelim_dconf_system_db }}", line: "system-db:{{ prelim_dconf_system_db }}", after: "^user-db.*" } + - { regexp: "system-db:{{ prelim_dconf_system_db.stdout }}", line: "system-db:{{ prelim_dconf_system_db.stdout }}", after: "^user-db.*" } - name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle | make directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d" owner: root group: root mode: 'go-w' @@ -153,7 +153,7 @@ - name: "1.7.4 | PATCH | Ensure GDM screen locks when the user is idle | session script" ansible.builtin.template: src: etc/dconf/db/00-screensaver.j2 - dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-screensaver" + dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-screensaver" owner: root group: root mode: 'u-x,go-wx' @@ -173,7 +173,7 @@ block: - name: "1.7.5 | PATCH | Ensure GDM screen locks cannot be overridden | make lock directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks" owner: root group: root mode: 'go-w' @@ -183,7 +183,7 @@ - name: "1.7.5 | PATCH | Ensure GDM screen locks cannot be overridden | make lockfile" ansible.builtin.template: src: etc/dconf/db/00-screensaver_lock.j2 - dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks/00-screensaver" + dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks/00-screensaver" owner: root group: root mode: 'u-x,go-wx' @@ -207,7 +207,7 @@ block: - name: "1.7.6 | PATCH | Ensure GDM automatic mounting of removable media is disabled | make directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d" owner: root group: root mode: 'go-w' @@ -217,7 +217,7 @@ - name: "1.7.6 | PATCH | Ensure GDM automatic mounting of removable media is disabled | session script" ansible.builtin.template: src: etc/dconf/db/00-media-automount.j2 - dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-media-automount" + dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-media-automount" owner: root group: root mode: 'u-x,go-wx' @@ -241,7 +241,7 @@ block: - name: "1.7.7 | PATCH | Ensure GDM disabling automatic mounting of removable media is not overridden | make lock directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks" owner: root group: root mode: 'go-w' @@ -251,7 +251,7 @@ - name: "1.7.7 | PATCH | Ensure GDM disabling automatic mounting of removable media is not overridden | make lockfile" ansible.builtin.template: src: etc/dconf/db/00-automount_lock.j2 - dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks/00-automount_lock" + dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks/00-automount_lock" owner: root group: root mode: 'u-x,go-wx' @@ -275,7 +275,7 @@ block: - name: "1.7.8 | PATCH | Ensure GDM autorun-never is enabled | make directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d" owner: root group: root mode: 'go-w' @@ -285,7 +285,7 @@ - name: "1.7.8 | PATCH | Ensure GDM autorun-never is enabled | session script" ansible.builtin.template: src: etc/dconf/db/00-media-autorun.j2 - dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/00-media-autorun" + dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/00-media-autorun" owner: root group: root mode: 'u-x,go-wx' @@ -309,7 +309,7 @@ block: - name: "1.7.9 | PATCH | Ensure GDM autorun-never is not overridden | make lock directory" ansible.builtin.file: - path: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks" + path: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks" owner: root group: root mode: 'go-w' @@ -319,7 +319,7 @@ - name: "1.7.9 | PATCH | Ensure GDM autorun-never is not overridden | make lockfile" ansible.builtin.template: src: etc/dconf/db/00-autorun_lock.j2 - dest: "/etc/dconf/db/{{ prelim_dconf_system_db }}.d/locks/00-autorun_lock" + dest: "/etc/dconf/db/{{ prelim_dconf_system_db.stdout }}.d/locks/00-autorun_lock" owner: root group: root mode: 'u-x,go-wx'