Closed sbarrick closed 4 years ago
Hi,
Similar issue with section 1.8, there appears to be a missing when statement in section
1.8 | PATCH | Ensure updates, patches, and additional security software are installed
It is a desirable option to be able to disable this as most organisations will want to regulate the updates to their systems:
Before
- name: "NOTSCORED | 1.8 | PATCH | Ensure updates, patches, and additional security software are installed"
apt:
upgrade: dist
tags:
- level1
- notscored
- patch
- rule_1.8
- skip_ansible_lint
After
- name: "NOTSCORED | 1.8 | PATCH | Ensure updates, patches, and additional security software are installed"
apt:
upgrade: dist
when:
- ubuntu1804cis_rule_1_8
tags:
- level1
- notscored
- patch
- rule_1.8
- skip_ansible_lint
Conditionals like
when: - ubuntu1804cis_rule_
are missing in many of section3 tasks causing vars to not be applied:https://github.com/florianutz/Ubuntu1804-CIS/blob/4d32a138650afb3814a58966efb596069c2a6b62/tasks/section3.yml#L278-L284