tasks: rhel7stig: aide: Fix conditionals for Ubuntu exclusions
The ansible_os_family returns 'Debian' instead of 'Ubuntu' on Ubuntu
distributions so the conditional was never true and as such the task was
never executed. We fix the conditional to include the correct family and
also check on whether the configuration directory exists which is
similar to what the other tasks are doing. Finally, we fix the 'dest'
option in the 'blockinfile' module since {{ aide_conf }} is a directory
but we should use the configuration file instead.
Change-Id: I6b8101db57d27dd3ae38dd36cd9875d165e1afa5
This commit is contained in:
Markos Chandras
parent
d996c60ca7
commit
93d05c5024
|
|
@ -36,7 +36,7 @@
|
|||
# is borrowed for Ubuntu 16.04 here.
|
||||
- name: Configure AIDE to verify additional properties
|
||||
blockinfile:
|
||||
dest: "{{ aide_conf }}"
|
||||
dest: "/etc/aide/aide.conf"
|
||||
insertbefore: EOF
|
||||
marker: "# {mark} MANAGED BY ANSIBLE-HARDENING"
|
||||
block: |
|
||||
|
|
@ -54,7 +54,8 @@
|
|||
/bin NORMAL
|
||||
/sbin NORMAL
|
||||
when:
|
||||
- ansible_os_family | lower == 'ubuntu'
|
||||
- aide_conf.stat.exists | bool
|
||||
- ansible_os_family | lower == 'debian'
|
||||
tags:
|
||||
- low
|
||||
- aide
|
||||
|
|
|
|||
Loading…
Reference in New Issue