search

ansible-lockdown / UBUNTU22-CIS

Ansible role for Ubuntu22 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
155 stars 68 forks source link

fix: #172 checks if ipv6.disable is present in GRUB_CMDLINE_LINUX bef… #173

Closed Jason-Hendry closed 7 months ago

Jason-Hendry commented 7 months ago

Checks if ipv6.disable is present in GRUB_CMDLINE_LINUX before appending it to prevent duplication

Overall Review of Changes: Adds a task to get the current value before appending Adds a second condition to only append it wasn't changed by the previous task and doesn't already exist in the file

Issue Fixes: 172

Enhancements: none

How has this been tested?: A physical server, running Ubuntu 22.04 minimal installation, was already provisioned then ran the playbook multiple times.

With existing different value image

With no existing value image

When the current value matches the expected value image

uk-bolly commented 7 months ago

hi @Jason-Hendry

Thank you for the PR nice little tidy up. I was considering using the ansible facts for the GRUB_CMDLINE as a way to test also. I have noted that it has failed pre-commit for lint layout on yaml. If you could amended that am happy to merge this PR.

Many thanks again

uk-bolly