diff --git a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
index b2d79ef04..abd8a8002 100644
--- a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
+++ b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
@@ -18,5 +18,6 @@
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
regexp: '^/org/gnome/login-screen/banner-message-enable'
line: '/org/gnome/login-screen/banner-message-enable'
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
index 3f85b384c..20d2013c5 100644
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
@@ -18,5 +18,6 @@
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
regexp: '^/org/gnome/desktop/screensaver/idle-activation-enabled'
line: '/org/gnome/desktop/screensaver/idle-activation-enabled'
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
index 79e48cf63..a69c86225 100644
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
@@ -20,5 +20,6 @@
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
regexp: '^/org/gnome/desktop/screensaver/idle-delay'
line: '/org/gnome/desktop/screensaver/idle-delay'
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
index cf73fe111..f11b909b6 100644
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
@@ -18,5 +18,6 @@
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
regexp: '^/org/gnome/desktop/screensaver/lock-delay'
line: '/org/gnome/desktop/screensaver/lock-delay'
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
index 4b203036b..be5ffc10e 100644
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
@@ -18,5 +18,6 @@
path: /etc/dconf/db/local.d/locks/00-security-settings-lock
regexp: '^/org/gnome/desktop/screensaver/lock-enabled'
line: '/org/gnome/desktop/screensaver/lock-enabled'
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/rsyslog_remote_loghost.yml b/shared/fixes/ansible/rsyslog_remote_loghost.yml
index 16a8e1ab5..b15dcca12 100644
--- a/shared/fixes/ansible/rsyslog_remote_loghost.yml
+++ b/shared/fixes/ansible/rsyslog_remote_loghost.yml
@@ -10,6 +10,7 @@
dest: /etc/rsyslog.conf
regexp: "^\\*\\.\\*"
line: "*.* @@{{ rsyslog_remote_loghost_address }}"
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/selinux_policytype.yml b/shared/fixes/ansible/selinux_policytype.yml
index c68da2c46..57583f94e 100644
--- a/shared/fixes/ansible/selinux_policytype.yml
+++ b/shared/fixes/ansible/selinux_policytype.yml
@@ -5,8 +5,11 @@
# disruption = low
- (xccdf-var var_selinux_policy_name)
-- name: "Configure SELinux Policy"
- selinux:
- policy: "{{ var_selinux_policy_name }}"
+- name: "@RULE_TITLE@"
+ lineinfile:
+ path: /etc/sysconfig/selinux
+ regexp: '^SELINUXTYPE='
+ line: "SELINUXTYPE={{ var_selinux_policy_name }}"
+ create: yes
tags:
@ANSIBLE_TAGS@
diff --git a/shared/fixes/ansible/selinux_state.yml b/shared/fixes/ansible/selinux_state.yml
index 62889bd4e..3e5b9f1ff 100644
--- a/shared/fixes/ansible/selinux_state.yml
+++ b/shared/fixes/ansible/selinux_state.yml
@@ -6,7 +6,10 @@
- (xccdf-var var_selinux_state)
- name: "@RULE_TITLE@"
- selinux:
- state: "{{ var_selinux_state }}"
+ lineinfile:
+ path: /etc/sysconfig/selinux
+ regexp: '^SELINUX='
+ line: "SELINUX={{ var_selinux_state }}"
+ create: yes
tags:
@ANSIBLE_TAGS@