diff --git a/tasks/rhel7stig/apt.yml b/tasks/rhel7stig/apt.yml index fa328f8f..94b8cab0 100644 --- a/tasks/rhel7stig/apt.yml +++ b/tasks/rhel7stig/apt.yml @@ -28,7 +28,7 @@ - not check_mode | bool - name: V-71855 - Get files with invalid checksums (apt) - shell: "grep -v OK$ {{ temp_dir }}/debsums.txt | awk '{ print $1 }'" + shell: "grep -v OK$ {{ temp_dir }}/debsums.txt | awk '{ print $1 }'" # noqa risky-shell-pipe register: invalid_checksum_files changed_when: False when: diff --git a/tasks/rhel7stig/auth.yml b/tasks/rhel7stig/auth.yml index cfe3812c..21660d58 100644 --- a/tasks/rhel7stig/auth.yml +++ b/tasks/rhel7stig/auth.yml @@ -106,7 +106,7 @@ # those lines that have a '#' as the first character or '#' as the first # character following a space (or series of spaces). - name: Check for 'nopasswd' in sudoers files - shell: 'grep -ir nopasswd /etc/sudoers /etc/sudoers.d/ | egrep -v "^([[:space:]]*)?(#|$)" || echo "not found"' + shell: 'grep -ir nopasswd /etc/sudoers /etc/sudoers.d/ | egrep -v "^([[:space:]]*)?(#|$)" || echo "not found"' # noqa risky-shell-pipe register: sudoers_nopasswd_check changed_when: False when: diff --git a/tasks/rhel7stig/file_perms.yml b/tasks/rhel7stig/file_perms.yml index cd7bc807..6dc9f160 100644 --- a/tasks/rhel7stig/file_perms.yml +++ b/tasks/rhel7stig/file_perms.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: V-71849 - Get packages with incorrect file permissions or ownership - shell: "grep '^.M' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" + shell: "grep '^.M' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe args: warn: no register: rpmverify_package_list @@ -119,7 +119,7 @@ - V-72021 - name: Find all world-writable directories - shell: "find / -perm -002 -type d -exec ls -lLd {} \\; | tr -s ' ' | cut -d' ' -f 4,9 | grep -v ^root" + shell: "find / -perm -002 -type d -exec ls -lLd {} \\; | tr -s ' ' | cut -d' ' -f 4,9 | grep -v ^root" # noqa risky-shell-pipe register: world_writable_dirs changed_when: False failed_when: False diff --git a/tasks/rhel7stig/misc.yml b/tasks/rhel7stig/misc.yml index 005158bb..98a00453 100644 --- a/tasks/rhel7stig/misc.yml +++ b/tasks/rhel7stig/misc.yml @@ -203,7 +203,7 @@ - V-72213 - name: Check if ClamAV update process is already running - shell: "ps -ef | egrep [f]reshclam -q" + shell: "set -o pipefail; ps -ef | egrep [f]reshclam -q" register: freshclam_proc changed_when: False failed_when: False @@ -364,7 +364,7 @@ - V-72281 - name: Check for interfaces in promiscuous mode - shell: "ip link | grep -i promisc" + shell: "set -o pipefail; ip link | grep -i promisc" register: promiscuous_interface_check changed_when: False failed_when: False @@ -435,7 +435,7 @@ - V-72305 - name: Check to see if snmpd config contains public/private - shell: 'egrep "^[^#].*(public|private)" /etc/snmp/snmpd.conf' + command: 'egrep "^[^#].*(public|private)" /etc/snmp/snmpd.conf' register: snmp_public_private_check changed_when: False failed_when: False diff --git a/tasks/rhel7stig/rpm.yml b/tasks/rhel7stig/rpm.yml index 8bbafa95..d5b3322b 100644 --- a/tasks/rhel7stig/rpm.yml +++ b/tasks/rhel7stig/rpm.yml @@ -30,7 +30,7 @@ - V-71855 - name: V-71855 - Get files with invalid checksums (rpm) - shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" + shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe register: invalid_checksum_files changed_when: False when: diff --git a/tasks/rhel7stig/zypper.yml b/tasks/rhel7stig/zypper.yml index a74d627a..68655356 100644 --- a/tasks/rhel7stig/zypper.yml +++ b/tasks/rhel7stig/zypper.yml @@ -31,7 +31,7 @@ - V-71855 - name: V-71855 - Get files with invalid checksums (rpm) - shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" + shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe register: invalid_checksum_files changed_when: False when: