search

ansible-lockdown / RHEL9-CIS

Ansible role for Red Hat 9 CIS Baseline
https://ansible-lockdown.readthedocs.io
MIT License
113 stars 86 forks source link

Rsyslog redundant conditional #141

Closed ipruteanu-sie closed 2 months ago

ipruteanu-sie commented 9 months ago

Describe the Issue redundant conditional in 4.2.1.3

Expected Behavior

- name: "4.2.1.3 | PATCH | Ensure journald is configured to send logs to rsyslog"
  ansible.builtin.lineinfile:
      path: /etc/systemd/journald.conf
      regexp: "^#ForwardToSyslog=|^ForwardToSyslog="
      line: ForwardToSyslog=yes
  notify: Restart rsyslog
  when:
      - rhel9cis_rule_4_2_1_3
      - rhel9cis_syslog == "rsyslog"                           ** NOT NEEDED

since this import_tasks is already conditionally executing all tasks in 4.2.1.x file:

- name: "SECTION | 4.2.1 | Configure rsyslog"
  ansible.builtin.import_tasks:
      file: cis_4.2.1.x.yml
  when: rhel9cis_syslog == 'rsyslog'

Actual Behavior A clear and concise description of what's happening.

- name: "4.2.1.3 | PATCH | Ensure journald is configured to send logs to rsyslog"
  ansible.builtin.lineinfile:
      path: /etc/systemd/journald.conf
      regexp: "^#ForwardToSyslog=|^ForwardToSyslog="
      line: ForwardToSyslog=yes
  notify: Restart rsyslog
  when:
      - rhel9cis_rule_4_2_1_3
      - rhel9cis_syslog == "rsyslog"

Control(s) Affected 4.2.1.3

Possible Solution PR

uk-bolly commented 2 months ago

hi @ipruteanu-sie

This Issue has been merged to devel and into main branch. I will therefore close this issue. Please feel free to reopen if you feel its not as expected.

Many thanks again for your time

uk-bolly