cleanup: use updated conditionals
This role made use of conditionals that still used filters, this patch removes them all and switches them to the new system. Change-Id: I7c68f4e5f7248aedd3cdae734aac6d97a8ce058b
This commit is contained in:
Mohammed Naser
parent
4648d7576d
commit
b792753b34
|
|
@ -39,7 +39,7 @@
|
|||
|
||||
- name: Set facts
|
||||
set_fact:
|
||||
check_mode: "{{ noop_result | skipped }}"
|
||||
check_mode: "{{ noop_result is skipped }}"
|
||||
linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}"
|
||||
grub_config_file_boot: "{{ booted_with_efi | ternary(grub_conf_file_efi, grub_conf_file) }}"
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@
|
|||
command: "mv {{ aide_database_out_file }} {{ aide_database_file }}"
|
||||
changed_when: false
|
||||
when:
|
||||
- not aide_init | skipped
|
||||
- aide_init is not skipped
|
||||
- ansible_pkg_mgr in ['yum', 'zypper']
|
||||
tags:
|
||||
- medium
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@
|
|||
Remove the directive to ensure that all users must provide a password to
|
||||
run commands as the root user.
|
||||
when:
|
||||
- not sudoers_nopasswd_check | skipped
|
||||
- sudoers_nopasswd_check is not skipped
|
||||
- sudoers_nopasswd_check.stdout != 'not found'
|
||||
tags:
|
||||
- auth
|
||||
|
|
@ -149,7 +149,7 @@
|
|||
files. Remove the directive to ensure that all users must provide a
|
||||
password to run commands as the root user each time they use sudo.
|
||||
when:
|
||||
- not sudoers_authenticate_check | skipped
|
||||
- sudoers_authenticate_check is not skipped
|
||||
- sudoers_authenticate_check.stdout != 'not found'
|
||||
tags:
|
||||
- auth
|
||||
|
|
@ -249,7 +249,7 @@
|
|||
until: job_result.finished | bool
|
||||
retries: 30
|
||||
when:
|
||||
- not shosts_find | skipped
|
||||
- shosts_find is not skipped
|
||||
tags:
|
||||
- high
|
||||
- auth
|
||||
|
|
@ -262,7 +262,7 @@
|
|||
state: absent
|
||||
with_items: "{{ job_result.files }}"
|
||||
when:
|
||||
- not job_result | skipped
|
||||
- job_result is not skipped
|
||||
- security_rhel7_remove_shosts_files | bool
|
||||
tags:
|
||||
- high
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@
|
|||
{{ world_writable_dirs.stdout }}
|
||||
when:
|
||||
- world_writable_dirs is defined
|
||||
- not world_writable_dirs | skipped
|
||||
- world_writable_dirs is not skipped
|
||||
tags:
|
||||
- medium
|
||||
- file_perms
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@
|
|||
state: enforcing
|
||||
policy: targeted
|
||||
register: selinux_status_change
|
||||
changed_when: selinux_status_change | changed and ansible_selinux.status != 'disabled'
|
||||
changed_when: selinux_status_change is changed and ansible_selinux.status != 'disabled'
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- security_rhel7_enable_linux_security_module | bool
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
until: job_result.finished
|
||||
retries: 30
|
||||
when:
|
||||
- not rpmverify_task | skipped
|
||||
- rpmverify_task is not skipped
|
||||
tags:
|
||||
- rpm
|
||||
- high
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
until: job_result.finished
|
||||
retries: 30
|
||||
when:
|
||||
- not rpmverify_task | skipped
|
||||
- rpmverify_task is not skipped
|
||||
tags:
|
||||
- rpm
|
||||
- high
|
||||
|
|
|
|||
Loading…
Reference in New Issue