skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.37-fix-rhel7-ansible-role.patch

c7 c7-alt c7-beta c8 c8-beta c8s
  1.   5b3ad71d57f79f63642d9d7405c55bc1c401979d
  2.   SOURCES
  3.   scap-security-guide-0.1.37-fix-rhel7-ansible-role.patch
Blob History Raw
5b3ad7 
diff --git a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
5b3ad7 
index b2d79ef04..abd8a8002 100644
5b3ad7 
--- a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
5b3ad7 
+++ b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
5b3ad7 
@@ -18,5 +18,6 @@
5b3ad7 
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
5b3ad7 
     regexp: '^/org/gnome/login-screen/banner-message-enable'
5b3ad7 
     line: '/org/gnome/login-screen/banner-message-enable'
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7 
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
5b3ad7 
index 3f85b384c..20d2013c5 100644
5b3ad7 
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
5b3ad7 
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
5b3ad7 
@@ -18,5 +18,6 @@
5b3ad7 
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
5b3ad7 
     regexp: '^/org/gnome/desktop/screensaver/idle-activation-enabled'
5b3ad7 
     line: '/org/gnome/desktop/screensaver/idle-activation-enabled'
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7 
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
5b3ad7 
index 79e48cf63..a69c86225 100644
5b3ad7 
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
5b3ad7 
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
5b3ad7 
@@ -20,5 +20,6 @@
5b3ad7 
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
5b3ad7 
     regexp: '^/org/gnome/desktop/screensaver/idle-delay'
5b3ad7 
     line: '/org/gnome/desktop/screensaver/idle-delay'
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7 
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
5b3ad7 
index cf73fe111..f11b909b6 100644
5b3ad7 
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
5b3ad7 
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
5b3ad7 
@@ -18,5 +18,6 @@
5b3ad7 
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
5b3ad7 
     regexp: '^/org/gnome/desktop/screensaver/lock-delay'
5b3ad7 
     line: '/org/gnome/desktop/screensaver/lock-delay'
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7 
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
5b3ad7 
index 4b203036b..be5ffc10e 100644
5b3ad7 
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
5b3ad7 
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
5b3ad7 
@@ -18,5 +18,6 @@
5b3ad7 
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
5b3ad7 
     regexp: '^/org/gnome/desktop/screensaver/lock-enabled'
5b3ad7 
     line: '/org/gnome/desktop/screensaver/lock-enabled'
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7 
diff --git a/shared/fixes/ansible/rsyslog_remote_loghost.yml b/shared/fixes/ansible/rsyslog_remote_loghost.yml
5b3ad7 
index 16a8e1ab5..b15dcca12 100644
5b3ad7 
--- a/shared/fixes/ansible/rsyslog_remote_loghost.yml
5b3ad7 
+++ b/shared/fixes/ansible/rsyslog_remote_loghost.yml
5b3ad7 
@@ -10,6 +10,7 @@
5b3ad7 
     dest: /etc/rsyslog.conf
5b3ad7 
     regexp: "^\\*\\.\\*"
5b3ad7 
     line: "*.* @@{{ rsyslog_remote_loghost_address }}"
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7
5b3ad7 
diff --git a/shared/fixes/ansible/selinux_policytype.yml b/shared/fixes/ansible/selinux_policytype.yml
5b3ad7 
index c68da2c46..57583f94e 100644
5b3ad7 
--- a/shared/fixes/ansible/selinux_policytype.yml
5b3ad7 
+++ b/shared/fixes/ansible/selinux_policytype.yml
5b3ad7 
@@ -5,8 +5,11 @@
5b3ad7 
 # disruption = low
5b3ad7 
 - (xccdf-var var_selinux_policy_name)
5b3ad7
5b3ad7 
-- name: "Configure SELinux Policy"
5b3ad7 
-  selinux:
5b3ad7 
-    policy: "{{ var_selinux_policy_name }}"
5b3ad7 
+- name: "@RULE_TITLE@"
5b3ad7 
+  lineinfile:
5b3ad7 
+    path: /etc/sysconfig/selinux
5b3ad7 
+    regexp: '^SELINUXTYPE='
5b3ad7 
+    line: "SELINUXTYPE={{ var_selinux_policy_name }}"
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@
5b3ad7 
diff --git a/shared/fixes/ansible/selinux_state.yml b/shared/fixes/ansible/selinux_state.yml
5b3ad7 
index 62889bd4e..3e5b9f1ff 100644
5b3ad7 
--- a/shared/fixes/ansible/selinux_state.yml
5b3ad7 
+++ b/shared/fixes/ansible/selinux_state.yml
5b3ad7 
@@ -6,7 +6,10 @@
5b3ad7 
 - (xccdf-var var_selinux_state)
5b3ad7
5b3ad7 
 - name: "@RULE_TITLE@"
5b3ad7 
-  selinux:
5b3ad7 
-    state: "{{ var_selinux_state }}"
5b3ad7 
+  lineinfile:
5b3ad7 
+    path: /etc/sysconfig/selinux
5b3ad7 
+    regexp: '^SELINUX='
5b3ad7 
+    line: "SELINUX={{ var_selinux_state }}"
5b3ad7 
+    create: yes
5b3ad7 
   tags:
5b3ad7 
     @ANSIBLE_TAGS@

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation