|
 |
e33168 |
diff --git a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
|
|
|
e33168 |
index b2d79ef04..abd8a8002 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
|
|
|
e33168 |
@@ -18,5 +18,6 @@
|
|
|
e33168 |
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
|
|
|
e33168 |
regexp: '^/org/gnome/login-screen/banner-message-enable'
|
|
|
e33168 |
line: '/org/gnome/login-screen/banner-message-enable'
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
|
|
|
e33168 |
index 3f85b384c..20d2013c5 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
|
|
|
e33168 |
@@ -18,5 +18,6 @@
|
|
|
e33168 |
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
|
|
|
e33168 |
regexp: '^/org/gnome/desktop/screensaver/idle-activation-enabled'
|
|
|
e33168 |
line: '/org/gnome/desktop/screensaver/idle-activation-enabled'
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
|
|
|
e33168 |
index 79e48cf63..a69c86225 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
|
|
|
e33168 |
@@ -20,5 +20,6 @@
|
|
|
e33168 |
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
|
|
|
e33168 |
regexp: '^/org/gnome/desktop/screensaver/idle-delay'
|
|
|
e33168 |
line: '/org/gnome/desktop/screensaver/idle-delay'
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
|
|
|
e33168 |
index cf73fe111..f11b909b6 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
|
|
|
e33168 |
@@ -18,5 +18,6 @@
|
|
|
e33168 |
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
|
|
|
e33168 |
regexp: '^/org/gnome/desktop/screensaver/lock-delay'
|
|
|
e33168 |
line: '/org/gnome/desktop/screensaver/lock-delay'
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
|
|
|
e33168 |
index 4b203036b..be5ffc10e 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
|
|
|
e33168 |
@@ -18,5 +18,6 @@
|
|
|
e33168 |
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
|
|
|
e33168 |
regexp: '^/org/gnome/desktop/screensaver/lock-enabled'
|
|
|
e33168 |
line: '/org/gnome/desktop/screensaver/lock-enabled'
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/rsyslog_remote_loghost.yml b/shared/fixes/ansible/rsyslog_remote_loghost.yml
|
|
|
e33168 |
index 16a8e1ab5..b15dcca12 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/rsyslog_remote_loghost.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/rsyslog_remote_loghost.yml
|
|
|
e33168 |
@@ -10,6 +10,7 @@
|
|
|
e33168 |
dest: /etc/rsyslog.conf
|
|
|
e33168 |
regexp: "^\\*\\.\\*"
|
|
|
e33168 |
line: "*.* @@{{ rsyslog_remote_loghost_address }}"
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/selinux_policytype.yml b/shared/fixes/ansible/selinux_policytype.yml
|
|
|
e33168 |
index c68da2c46..57583f94e 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/selinux_policytype.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/selinux_policytype.yml
|
|
|
e33168 |
@@ -5,8 +5,11 @@
|
|
|
e33168 |
# disruption = low
|
|
|
e33168 |
- (xccdf-var var_selinux_policy_name)
|
|
|
e33168 |
|
|
|
e33168 |
-- name: "Configure SELinux Policy"
|
|
|
e33168 |
- selinux:
|
|
|
e33168 |
- policy: "{{ var_selinux_policy_name }}"
|
|
|
e33168 |
+- name: "@RULE_TITLE@"
|
|
|
e33168 |
+ lineinfile:
|
|
|
e33168 |
+ path: /etc/sysconfig/selinux
|
|
|
e33168 |
+ regexp: '^SELINUXTYPE='
|
|
|
e33168 |
+ line: "SELINUXTYPE={{ var_selinux_policy_name }}"
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|
|
|
e33168 |
diff --git a/shared/fixes/ansible/selinux_state.yml b/shared/fixes/ansible/selinux_state.yml
|
|
|
e33168 |
index 62889bd4e..3e5b9f1ff 100644
|
|
|
e33168 |
--- a/shared/fixes/ansible/selinux_state.yml
|
|
|
e33168 |
+++ b/shared/fixes/ansible/selinux_state.yml
|
|
|
e33168 |
@@ -6,7 +6,10 @@
|
|
|
e33168 |
- (xccdf-var var_selinux_state)
|
|
|
e33168 |
|
|
|
e33168 |
- name: "@RULE_TITLE@"
|
|
|
e33168 |
- selinux:
|
|
|
e33168 |
- state: "{{ var_selinux_state }}"
|
|
|
e33168 |
+ lineinfile:
|
|
|
e33168 |
+ path: /etc/sysconfig/selinux
|
|
|
e33168 |
+ regexp: '^SELINUX='
|
|
|
e33168 |
+ line: "SELINUX={{ var_selinux_state }}"
|
|
|
e33168 |
+ create: yes
|
|
|
e33168 |
tags:
|
|
|
e33168 |
@ANSIBLE_TAGS@
|