search

ansible-lockdown / RHEL9-CIS

Ansible role for Red Hat 9 CIS Baseline
https://ansible-lockdown.readthedocs.io
MIT License
119 stars 91 forks source link

'authselect' does not use variable which contain many config-options, since for RH9 is not required anymore #155

Closed ipruteanu-sie closed 4 months ago

ipruteanu-sie commented 9 months ago

Describe the Issue In defaults/main.yml file:

rhel9cis_authselect:
    options: with-sudo with-faillock without-nullok

However, this value is not used in the actual rule(5.4.2 PATCH | Ensure authselect includes with-faillock )

      - name: "5.4.2 | PATCH | Ensure authselect includes with-faillock | Create custom profiles"
        ansible.builtin.shell: "authselect select custom/{{ rhel9cis_authselect['custom_profile_name'] }} with-faillock"
        when: rhel9cis_authselect_custom_profile_select

Expected Behavior Remove var from defaults/main.yml.

Actual Behavior Unused var exists in defaults/main.yml.

Control(s) Affected 5.4.2

Environment (please complete the following information):

Possible Solution PR will follow