diff --git a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml index b2d79ef04..abd8a8002 100644 --- a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml +++ b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml @@ -18,5 +18,6 @@ path: /etc/dconf/db/local.d/locks/00-security-settings-lock regexp: '^/org/gnome/login-screen/banner-message-enable' line: '/org/gnome/login-screen/banner-message-enable' + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml index 3f85b384c..20d2013c5 100644 --- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml +++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml @@ -18,5 +18,6 @@ path: /etc/dconf/db/local.d/locks/00-security-settings-lock regexp: '^/org/gnome/desktop/screensaver/idle-activation-enabled' line: '/org/gnome/desktop/screensaver/idle-activation-enabled' + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml index 79e48cf63..a69c86225 100644 --- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml +++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml @@ -20,5 +20,6 @@ path: /etc/dconf/db/local.d/locks/00-security-settings-lock regexp: '^/org/gnome/desktop/screensaver/idle-delay' line: '/org/gnome/desktop/screensaver/idle-delay' + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml index cf73fe111..f11b909b6 100644 --- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml +++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml @@ -18,5 +18,6 @@ path: /etc/dconf/db/local.d/locks/00-security-settings-lock regexp: '^/org/gnome/desktop/screensaver/lock-delay' line: '/org/gnome/desktop/screensaver/lock-delay' + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml index 4b203036b..be5ffc10e 100644 --- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml +++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml @@ -18,5 +18,6 @@ path: /etc/dconf/db/local.d/locks/00-security-settings-lock regexp: '^/org/gnome/desktop/screensaver/lock-enabled' line: '/org/gnome/desktop/screensaver/lock-enabled' + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/rsyslog_remote_loghost.yml b/shared/fixes/ansible/rsyslog_remote_loghost.yml index 16a8e1ab5..b15dcca12 100644 --- a/shared/fixes/ansible/rsyslog_remote_loghost.yml +++ b/shared/fixes/ansible/rsyslog_remote_loghost.yml @@ -10,6 +10,7 @@ dest: /etc/rsyslog.conf regexp: "^\\*\\.\\*" line: "*.* @@{{ rsyslog_remote_loghost_address }}" + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/selinux_policytype.yml b/shared/fixes/ansible/selinux_policytype.yml index c68da2c46..57583f94e 100644 --- a/shared/fixes/ansible/selinux_policytype.yml +++ b/shared/fixes/ansible/selinux_policytype.yml @@ -5,8 +5,11 @@ # disruption = low - (xccdf-var var_selinux_policy_name) -- name: "Configure SELinux Policy" - selinux: - policy: "{{ var_selinux_policy_name }}" +- name: "@RULE_TITLE@" + lineinfile: + path: /etc/sysconfig/selinux + regexp: '^SELINUXTYPE=' + line: "SELINUXTYPE={{ var_selinux_policy_name }}" + create: yes tags: @ANSIBLE_TAGS@ diff --git a/shared/fixes/ansible/selinux_state.yml b/shared/fixes/ansible/selinux_state.yml index 62889bd4e..3e5b9f1ff 100644 --- a/shared/fixes/ansible/selinux_state.yml +++ b/shared/fixes/ansible/selinux_state.yml @@ -6,7 +6,10 @@ - (xccdf-var var_selinux_state) - name: "@RULE_TITLE@" - selinux: - state: "{{ var_selinux_state }}" + lineinfile: + path: /etc/sysconfig/selinux + regexp: '^SELINUX=' + line: "SELINUX={{ var_selinux_state }}" + create: yes tags: @ANSIBLE_TAGS@