florianutz / Ubuntu1804-CIS

Ubuntu CIS Hardening Ansible Role
MIT License
212 stars 127 forks source link

`when` conditions missing for many tasks in section3.yml #26

Closed sbarrick closed 4 years ago

sbarrick commented 5 years ago

Conditionals like when: - ubuntu1804cis_rule_ are missing in many of section3 tasks causing vars to not be applied:

https://github.com/florianutz/Ubuntu1804-CIS/blob/4d32a138650afb3814a58966efb596069c2a6b62/tasks/section3.yml#L278-L284

MartyFox commented 5 years ago

Hi,

Similar issue with section 1.8, there appears to be a missing when statement in section 1.8 | PATCH | Ensure updates, patches, and additional security software are installed

It is a desirable option to be able to disable this as most organisations will want to regulate the updates to their systems:

Before

- name: "NOTSCORED | 1.8 | PATCH | Ensure updates, patches, and additional security software are installed"
  apt:
      upgrade: dist
  tags:
      - level1
      - notscored
      - patch
      - rule_1.8
      - skip_ansible_lint

After

- name: "NOTSCORED | 1.8 | PATCH | Ensure updates, patches, and additional security software are installed"
  apt:
      upgrade: dist
  when:
      - ubuntu1804cis_rule_1_8
  tags:
      - level1
      - notscored
      - patch
      - rule_1.8
      - skip_ansible_lint