Skip to content

Commit

Permalink
Updated tasks/main.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmc5179
ComplianceAsCode development team authored and dmc5179 committed Aug 7, 2023
1 parent af9cfd1 commit 6eb716f
Showing 1 changed file with 86 additions and 3 deletions.
89 changes: 86 additions & 3 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,10 +436,10 @@

- name: Ensure AIDE is installed
package:
name:
- aide
- crontabs
name: '{{ item }}'
state: present
with_items:
- aide
when:
- aide_periodic_cron_checking | bool
- low_complexity | bool
Expand Down Expand Up @@ -663,6 +663,50 @@
- medium_severity | bool
- reboot_required | bool

- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-81003-6
- PCI-DSS-Req-6.2
- PCI-DSSv4-6.3.3
- dconf_db_up_to_date
- high_severity
- low_complexity
- medium_disruption
- no_reboot_needed
- unknown_strategy
when:
- dconf_db_up_to_date | bool
- high_severity | bool
- low_complexity | bool
- medium_disruption | bool
- no_reboot_needed | bool
- unknown_strategy | bool

- name: Run dconf update
ansible.builtin.command:
cmd: dconf update
when:
- dconf_db_up_to_date | bool
- high_severity | bool
- low_complexity | bool
- medium_disruption | bool
- no_reboot_needed | bool
- unknown_strategy | bool
- '"gdm" in ansible_facts.packages'
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- CCE-81003-6
- PCI-DSS-Req-6.2
- PCI-DSSv4-6.3.3
- dconf_db_up_to_date
- high_severity
- low_complexity
- medium_disruption
- no_reboot_needed
- unknown_strategy

- name: Gather the package facts
package_facts:
manager: auto
Expand Down Expand Up @@ -1494,6 +1538,7 @@
tags:
- CCE-80795-8
- CJIS-5.10.4.1
- DISA-STIG-RHEL-08-010019
- NIST-800-171-3.4.8
- NIST-800-53-CM-5(3)
- NIST-800-53-CM-6(a)
Expand All @@ -1508,6 +1553,7 @@
- no_reboot_needed
- restrict_strategy
when:
- DISA_STIG_RHEL_08_010019 | bool
- ensure_redhat_gpgkey_installed | bool
- high_severity | bool
- medium_complexity | bool
Expand All @@ -1523,6 +1569,7 @@
tags:
- CCE-80795-8
- CJIS-5.10.4.1
- DISA-STIG-RHEL-08-010019
- NIST-800-171-3.4.8
- NIST-800-53-CM-5(3)
- NIST-800-53-CM-6(a)
Expand All @@ -1537,6 +1584,7 @@
- no_reboot_needed
- restrict_strategy
when:
- DISA_STIG_RHEL_08_010019 | bool
- ensure_redhat_gpgkey_installed | bool
- high_severity | bool
- medium_complexity | bool
Expand All @@ -1552,6 +1600,7 @@
tags:
- CCE-80795-8
- CJIS-5.10.4.1
- DISA-STIG-RHEL-08-010019
- NIST-800-171-3.4.8
- NIST-800-53-CM-5(3)
- NIST-800-53-CM-6(a)
Expand All @@ -1566,6 +1615,7 @@
- no_reboot_needed
- restrict_strategy
when:
- DISA_STIG_RHEL_08_010019 | bool
- ensure_redhat_gpgkey_installed | bool
- high_severity | bool
- medium_complexity | bool
Expand All @@ -1579,6 +1629,7 @@
tags:
- CCE-80795-8
- CJIS-5.10.4.1
- DISA-STIG-RHEL-08-010019
- NIST-800-171-3.4.8
- NIST-800-53-CM-5(3)
- NIST-800-53-CM-6(a)
Expand All @@ -1593,6 +1644,7 @@
- no_reboot_needed
- restrict_strategy
when:
- DISA_STIG_RHEL_08_010019 | bool
- ensure_redhat_gpgkey_installed | bool
- high_severity | bool
- medium_complexity | bool
Expand All @@ -1605,6 +1657,7 @@
state: present
key: /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
when:
- DISA_STIG_RHEL_08_010019 | bool
- ensure_redhat_gpgkey_installed | bool
- high_severity | bool
- medium_complexity | bool
Expand All @@ -1618,6 +1671,7 @@
tags:
- CCE-80795-8
- CJIS-5.10.4.1
- DISA-STIG-RHEL-08-010019
- NIST-800-171-3.4.8
- NIST-800-53-CM-5(3)
- NIST-800-53-CM-6(a)
Expand Down Expand Up @@ -14408,6 +14462,34 @@
- medium_severity
- no_reboot_needed

- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-80877-4
- DISA-STIG-RHEL-08-040101
- NIST-800-171-3.1.3
- NIST-800-171-3.4.7
- NIST-800-53-AC-4
- NIST-800-53-CA-3(5)
- NIST-800-53-CM-6(a)
- NIST-800-53-CM-7(b)
- NIST-800-53-SC-7(21)
- enable_strategy
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- service_firewalld_enabled
when:
- DISA_STIG_RHEL_08_040101 | bool
- enable_strategy | bool
- low_complexity | bool
- low_disruption | bool
- medium_severity | bool
- no_reboot_needed | bool
- service_firewalld_enabled | bool

- name: Enable service firewalld
block:
- name: Gather the package facts
Expand All @@ -14430,6 +14512,7 @@
- no_reboot_needed | bool
- service_firewalld_enabled | bool
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- '"firewalld" in ansible_facts.packages'
tags:
- CCE-80877-4
- DISA-STIG-RHEL-08-040101
Expand Down

0 comments on commit 6eb716f

Please sign in to comment.