Closed mcascone closed 5 months ago
@uk-bolly Can you help me understand the options here? Thanks!
hi @mcascone
You may have noticed we have been adding this function to other repositories, Will look to add tis rhel7-cis next.
kindest regards
uk-bolly
hi @mcascone
We have cut a new release in the main branch and the devel is updated. This works through as expected.
https://github.com/ansible-lockdown/RHEL7-CIS/releases/tag/1.3.0
I will therefore close this issue, please feel free to feedback if you are still seeing problems.
many thanks
uk-bolly
Question Is there a way to run this in Audit-Only mode? There is some confusing information in the readme.
The doc first states to use the
RHEL7-CIS-Audit role
, but that's not actually a role, it's a script, which makes running it different/more difficult than pointing a role at an inventory set.The docs also say
check mode
will work but isn't supported.Later in the doc, there's an
Auditing (new)
section that states auditing can be turned on/off with a param. But it's not clear if this param runs only the audits, making no changes to the target system(s), or runs audits in addition to the remediation.Additionally, the
rhel7cis_run_audit
parameter does not exist in thedefaults/main.yml
file. The closest match isrun_audit
. The comment on that param isenable audits to run - this runs the audit and get the latest content
. Like mentioned above, it's not clear if this runs only the audit or also the audit.For what it's worth, I have been testing running with an ansible extra var,
-e "audit_only=true"
, and I think it's working?Thanks in advance for any help!