search

ansible-lockdown / UBUNTU22-CIS

Ansible role for Ubuntu22 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
160 stars 70 forks source link

1.1.2.2, 1.1.2.3, 1.1.2.4 conditional statement uses also 1.1.2.1 var #105

Closed ipruteanu-sie closed 9 months ago

ipruteanu-sie commented 10 months ago

Question Is there a good reason for having an Ansible conditional which uses rule_1.1.2.1's variable for rules 1.1.2.2, 1.1.2.3, 1.1.2.4 ? :

  when:
      - ubtu22cis_rule_1_1_2_1 or                                                    # Purpose of this ?
        ubtu22cis_rule_1_1_2_2 or
        ubtu22cis_rule_1_1_2_3 or
        ubtu22cis_rule_1_1_2_4

I imagined that this would ensure the 1.1.2.2, 1.1.2.3, 1.1.2.4 task-block will never be executed if rule 1.1.2.1 is inactive, respectively when: ubtu22cis_rule_1_1_2_1 is set to false, but I did not detect in the role other similar approaches.

Was this the initial idea behind it or it's just a super-small inaccuracy related to variables in conditionals?

Environment (please complete the following information): N/A

uk-bolly commented 10 months ago

hi @ipruteanu-sie

This is a great catch, the first conditional was based on a other baselines where it was classified as level2. This is not the case on this and you PR is spot on.

Thank you

uk-bolly

uk-bolly commented 9 months ago

hi @ipruteanu-sie

This issue was merged to devel a couple of weeks ago. I will close this Issue, if this does not resolve your issue please reopen.

Many thanks as always

uk-bolly