diff --git a/.ansible-sign/sha256sum.txt b/.ansible-sign/sha256sum.txt index c552f31..ed02ecb 100644 --- a/.ansible-sign/sha256sum.txt +++ b/.ansible-sign/sha256sum.txt @@ -129,9 +129,9 @@ cd0afde232202f841343fdc189753c8efb94ba682cfbfc3ae2ea19f1fe9c316a roles/shadowma 12444b2e3f249d91abcb49c43aa0e1ef9af3cb614379fb918773c7190cfc8959 roles/shadowman_cert_check/defaults/main.yml 3eb42491c05ebfcc1ea34d290271eb63a07692857a63eb8a97861ddfd3f4924b roles/shadowman_cert_check/tasks/main.yml 617df1f779c43d5c56e58a256bf9c786e4a65dd3e24f54a0bd7b800d8103d0ad roles/shadowman_cis_rhel7/defaults/main.yml -c9eb70a00a7332b577c25abd477cad66c92da4de3a533899714eb2d80fb586b1 roles/shadowman_cis_rhel7/tasks/main.yml +a99ff87007e9f1d3525bfd76f701f02242c5647da48c38573803a7c7a8ec324b roles/shadowman_cis_rhel7/tasks/main.yml 4504575f0cb9f0c1045dce0aaae5b219d9153402932070b4fe7ed97321ff0077 roles/shadowman_cis_rhel8/defaults/main.yml -7cc9223e76c3a5cb044d3a2933dd14696bc6592d1c15c8b3467e227f012af823 roles/shadowman_cis_rhel8/tasks/main.yml +e7d5069d71b4c2236367a7b4ec8542315fa68f085645224becaa9ec86292a825 roles/shadowman_cis_rhel8/tasks/main.yml c361d40d67d813ec856d864f31a7e6a0c1fbe07fcbf0d4bdf4608337da2344e7 roles/shadowman_cis_windows_2016/.ansible-lint 55a8888c150b02fa5ca03fd8800f53fb490495c3a3d93225163fe2f3f055b45c roles/shadowman_cis_windows_2016/.gitignore 3875bf9ec799dd4d2982f0ed06e03223e78ede73b9fb7164baa07f070715a402 roles/shadowman_cis_windows_2016/.yamllint @@ -170,18 +170,18 @@ ad98f41d95c06eea56a68dbe4a509120cb7cb0cdab1a29ce67cb504f160da6b6 roles/shadowma b3a7d36c8c7cd652d8af85089fd2f949d09aa2598e25a627f18b68d14bac486b roles/shadowman_mesh/defaults/main.yml a70e2c03e3e948b99aed83c87ada57b2c2ba9b0f4fdd564ae2b24f182a7ec65f roles/shadowman_mesh/tasks/main.yml 372317da1ac47146387fc7e58e0740a1d8dc9ea5dbbe8e58ee68d15dabddda07 roles/shadowman_nist_rhel7/defaults/main.yml -923eedec37aeed484e6151600e49e8ae3089b4c3e9ab52a25e8b1c8f9516bf85 roles/shadowman_nist_rhel7/tasks/main.yml +f45be76c47abd65b76f9dac5a629bbdd3a93ddf7f059906d50397bc162dd8d87 roles/shadowman_nist_rhel7/tasks/main.yml 7fb6e8152302903653382e0be64a1d33288fa43261b9d18fbe946e00d82de17a roles/shadowman_nist_rhel8/defaults/main.yml -7df757b881210f2e23fa19fed62a4e32b8255ec9d79a2de9c26cf0011b696e57 roles/shadowman_nist_rhel8/tasks/main.yml +8819359443ce0a061da510530979cb908ac63473fff4a8abf8ca7f19174ecc37 roles/shadowman_nist_rhel8/tasks/main.yml ab867f64b1f6535a51fe597204ed2913d302ecdaede5c3c9e78191d5fe50a18d roles/shadowman_patching/defaults/main.yml 0185694686e916a73a2e99d597f606ce19e4c0edd05e31eeec4a5bc39ba6382c roles/shadowman_patching/tasks/main.yml 90a6cc2821b827917469cb3a331b8310ff9bb08ea738597be6604fb06d176313 roles/shadowman_patching/tasks/patch_rhel.yml 6ca79c3b5e714ab665ef9c360c2697d50b4b2444a057af8f3dc130fd20803be2 roles/shadowman_patching/tasks/patch_windows.yml fbc5f0fe25e88569c9085b55ba16f2ab60e527b5fc913310e20b0c902710cd87 roles/shadowman_patching_async/tasks/main.yml 1ffb84f359149ba2aa6eb7cfec9ed8af9a48cd75883d4b68869207f6cd8ddb7e roles/shadowman_pci_rhel7/defaults/main.yml -aed5fb878d8a66455d32b5497ae3815e68b9e86a33ac84d96b0bf06bf95cca22 roles/shadowman_pci_rhel7/tasks/main.yml +a0ca3262f451f9dc89ea2be9e0cd8b1b6705757bd9d3d5fd845faf22afaa9b09 roles/shadowman_pci_rhel7/tasks/main.yml 58536416f3de78d1d3ce54931e8173476046cb6bc5fee13819d76029cb5e7bd7 roles/shadowman_pci_rhel8/defaults/main.yml -d36f8a36ebc7c9f81902994be23679bfdf60fb8fbae0e7389e9de43b41d00ca2 roles/shadowman_pci_rhel8/tasks/main.yml +66b12bcaffae3123dc5968ebfa633253341bf8034d9d116e3869cae9347abb1c roles/shadowman_pci_rhel8/tasks/main.yml 917225fe276fa56612c2344f1c160cfd16d47da2e755a49473f128dd166fa717 roles/shadowman_reboot/tasks/linux.yml 98103ffdb0aad63a76c4ebc385515036bafd16020481e5d858f9c85b495c05ac roles/shadowman_reboot/tasks/main.yml f49ba9e3f15e9e61ba4b031f8fa69529fc212bfd570d375df4ddab352bec329a roles/shadowman_reboot/tasks/windows.yml diff --git a/.ansible-sign/sha256sum.txt.sig b/.ansible-sign/sha256sum.txt.sig index 5255963..140cb90 100644 --- a/.ansible-sign/sha256sum.txt.sig +++ b/.ansible-sign/sha256sum.txt.sig @@ -1,14 +1,14 @@ -----BEGIN PGP SIGNATURE----- -iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmV59JcACgkQTiIiIXrU -DNFUqgwAvu5vmSYvqjFgf1Ib/qJaCMtdLPvDrXGVOm5ppx8MLBiji2NDh35aBp9X -QD5tHVJoun04lJaX5gFdgaSXbT3H0zkEnt5/pKfNyX57+nXK0VGvxifY/xmF+xPj -BWae47PzEGmyKMbv9foZrvxYhqkR99eYS9P5nTi1LHVuKshhqRS0QKv0PL++65dC -9mtfCumhxWP2Bv+2uUjkzu8fJo1hVaXGKgepswZUg4F22UaU5UbVBr9UHlY/OBu1 -9rP3Sfym4R8LMZMMhwRYGE2W78kBtCsEPwtpkTTtRaKTX0PHbX25X/FpK+tFl56L -BB1Ig17NnVPdQUghOrZZh8hjlJcAd+gImiDPyDOIDmEJ86upwedpOvFRrqcv+ChF -rEUe2MzI97pq5noz8QIRuHbYlq2vBXoxkYHQeacompyB5XIB3Ct/ziGmlskVgIsb -wPjYOWD1rMZIX3YlkO+LZOyAlkSDHdt/nlGQD6bBOxq5EYOB/QjrnGCfgsaEbK7U -HouvbXWr -=sSXS +iQGyBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmV8XXoACgkQTiIiIXrU +DNEweAv49ipw+b3SMl2eq7oMvej1mik6FWPkxNdEvXyXadtiHdfIkmyCGWO/rwbd +wW/MkanAYLsJsAX3VLXGhcBRNBnfNnKJLxnQUNq1MAarEkGIm2VeuDUZcCNbaiFR +1xEzrvL2vwznNhKic43IhdtZSbnVgWt1kYF0R42M4b2sMsheLSX5iPGd92lZT8nr +7ENJmqnzgvYQQO32shOqEZ88vwyD2yMjt0sKGQpa21YnYsnVb7vc8NQJAoJz3Ynv +OFMFgSgGBVyXJuoxxfJFx0kD+ljFe1+SK0MNK0voiGZKqjdB3WsNIAElonCfOlrJ +56vWJYoeLN2WBEPMZEzDsJTrmr1ADii2fXLyTpNe0lPFpCYbnChc5mvqTS4phCfu +5fyQmYruM6fFbMaRjnGXJbxwfX9ey7ujg+kNgn3zX5UQKwXEnlFWOj80J0PIXhXn +JHmJF8hHH+OqMX8rQocBPiCzf0NOvQpP/qFAR8WO07eRcn3zE+ujLIFnyw/tnQp9 +AJhVFIg= +=C4+k -----END PGP SIGNATURE----- diff --git a/roles/shadowman_cis_rhel7/tasks/main.yml b/roles/shadowman_cis_rhel7/tasks/main.yml index b6ba32e..afb5b37 100644 --- a/roles/shadowman_cis_rhel7/tasks/main.yml +++ b/roles/shadowman_cis_rhel7/tasks/main.yml @@ -18474,8 +18474,6 @@ - name: Unit Socket Exists - autofs.socket command: systemctl list-unit-files autofs.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -20177,8 +20175,6 @@ - name: Unit Socket Exists - avahi-daemon.socket command: systemctl list-unit-files avahi-daemon.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21118,8 +21114,6 @@ - name: Unit Socket Exists - rpcbind.socket command: systemctl list-unit-files rpcbind.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21489,8 +21483,6 @@ - name: Unit Socket Exists - rsyncd.socket command: systemctl list-unit-files rsyncd.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true diff --git a/roles/shadowman_cis_rhel8/tasks/main.yml b/roles/shadowman_cis_rhel8/tasks/main.yml index 57e76f5..06a9ce8 100644 --- a/roles/shadowman_cis_rhel8/tasks/main.yml +++ b/roles/shadowman_cis_rhel8/tasks/main.yml @@ -19302,8 +19302,6 @@ - name: Unit Socket Exists - autofs.socket command: systemctl list-unit-files autofs.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -20967,8 +20965,6 @@ - name: Unit Socket Exists - avahi-daemon.socket command: systemctl list-unit-files avahi-daemon.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21673,8 +21669,6 @@ - name: Unit Socket Exists - dhcpd.socket command: systemctl list-unit-files dhcpd.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21741,8 +21735,6 @@ - name: Unit Socket Exists - named.socket command: systemctl list-unit-files named.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21809,8 +21801,6 @@ - name: Unit Socket Exists - vsftpd.socket command: systemctl list-unit-files vsftpd.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21877,8 +21867,6 @@ - name: Unit Socket Exists - httpd.socket command: systemctl list-unit-files httpd.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -21942,8 +21930,6 @@ - name: Unit Socket Exists - dovecot.socket command: systemctl list-unit-files dovecot.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22056,8 +22042,6 @@ - name: Unit Socket Exists - rpcbind.socket command: systemctl list-unit-files rpcbind.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22118,8 +22102,6 @@ - name: Unit Socket Exists - nfs-server.socket command: systemctl list-unit-files nfs-server.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22331,8 +22313,6 @@ - name: Unit Socket Exists - rsyncd.socket command: systemctl list-unit-files rsyncd.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22474,8 +22454,6 @@ - name: Unit Socket Exists - cups.socket command: systemctl list-unit-files cups.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22539,8 +22517,6 @@ - name: Unit Socket Exists - squid.socket command: systemctl list-unit-files squid.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22598,8 +22574,6 @@ - name: Unit Socket Exists - smb.socket command: systemctl list-unit-files smb.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -22657,8 +22631,6 @@ - name: Unit Socket Exists - snmpd.socket command: systemctl list-unit-files snmpd.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true diff --git a/roles/shadowman_nist_rhel7/tasks/main.yml b/roles/shadowman_nist_rhel7/tasks/main.yml index d973b0e..22e6aa4 100644 --- a/roles/shadowman_nist_rhel7/tasks/main.yml +++ b/roles/shadowman_nist_rhel7/tasks/main.yml @@ -745,8 +745,6 @@ - name: Read signatures in GPG key command: gpg --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - args: - warn: false changed_when: false register: gpg_fingerprints check_mode: false @@ -1724,8 +1722,6 @@ - name: Unit Socket Exists - debug-shell.socket command: systemctl list-unit-files debug-shell.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -3225,8 +3221,6 @@ - name: Unit Socket Exists - autofs.socket command: systemctl list-unit-files autofs.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -5002,8 +4996,6 @@ - name: Unit Socket Exists - kdump.socket command: systemctl list-unit-files kdump.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -5069,8 +5061,6 @@ - name: Unit Socket Exists - rpcbind.socket command: systemctl list-unit-files rpcbind.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true diff --git a/roles/shadowman_nist_rhel8/tasks/main.yml b/roles/shadowman_nist_rhel8/tasks/main.yml index 2212e59..9d17938 100644 --- a/roles/shadowman_nist_rhel8/tasks/main.yml +++ b/roles/shadowman_nist_rhel8/tasks/main.yml @@ -877,8 +877,6 @@ - name: Read signatures in GPG key command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - args: - warn: false changed_when: false register: gpg_fingerprints check_mode: false @@ -1880,8 +1878,6 @@ - name: Unit Socket Exists - debug-shell.socket command: systemctl list-unit-files debug-shell.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -7575,8 +7571,6 @@ - name: Unit Socket Exists - systemd-coredump.socket command: systemctl list-unit-files systemd-coredump.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true @@ -8016,8 +8010,6 @@ - name: Unit Socket Exists - kdump.socket command: systemctl list-unit-files kdump.socket - args: - warn: false register: socket_file_exists changed_when: false ignore_errors: true diff --git a/roles/shadowman_pci_rhel7/tasks/main.yml b/roles/shadowman_pci_rhel7/tasks/main.yml index 6497338..0c30b82 100644 --- a/roles/shadowman_pci_rhel7/tasks/main.yml +++ b/roles/shadowman_pci_rhel7/tasks/main.yml @@ -110,8 +110,6 @@ - name: Read files with incorrect hash command: rpm -Va --nodeps --nosize --nomtime --nordev --nocaps --nolinkto --nouser --nogroup --nomode --noghost --noconfig - args: - warn: false register: files_with_incorrect_hash changed_when: false failed_when: files_with_incorrect_hash.rc > 1 @@ -139,8 +137,6 @@ - name: Create list of packages command: rpm -qf "{{ item }}" - args: - warn: false with_items: '{{ files_with_incorrect_hash.stdout_lines | map(''regex_findall'', ''^[.]+[5]+.* (\/.*)'', ''\1'') | map(''join'') | select(''match'', ''(\/.*)'') | list | unique }}' @@ -172,8 +168,6 @@ - name: Reinstall packages of files with incorrect hash command: '{{ package_manager_reinstall_cmd }} ''{{ item }}''' - args: - warn: false with_items: '{{ list_of_packages.results | map(attribute=''stdout_lines'') | list | unique }}' when: @@ -203,8 +197,6 @@ - name: Read list of files with incorrect permissions command: rpm -Va --nodeps --nosignature --nofiledigest --nosize --nomtime --nordev --nocaps --nolinkto --nouser --nogroup - args: - warn: false register: files_with_incorrect_permissions failed_when: files_with_incorrect_permissions.rc > 1 changed_when: false @@ -232,8 +224,6 @@ - name: Create list of packages command: rpm -qf "{{ item }}" - args: - warn: false with_items: '{{ files_with_incorrect_permissions.stdout_lines | map(''regex_findall'', ''^[.]+[M]+.* (\/.*)'', ''\1'') | map(''join'') | select(''match'', ''(\/.*)'') | list | unique }}' @@ -264,8 +254,6 @@ - name: Correct file permissions with RPM command: rpm --setperms '{{ item }}' - args: - warn: false with_items: '{{ list_of_packages.results | map(attribute=''stdout_lines'') | list | unique }}' when: (files_with_incorrect_permissions.stdout_lines | length > 0) @@ -1104,8 +1092,6 @@ - name: Read signatures in GPG key command: gpg --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - args: - warn: false changed_when: false register: gpg_fingerprints check_mode: false @@ -9328,7 +9314,6 @@ set -o pipefail find / -not \( -fstype afs -o -fstype ceph -o -fstype cifs -o -fstype smb3 -o -fstype smbfs -o -fstype sshfs -o -fstype ncpfs -o -fstype ncp -o -fstype nfs -o -fstype nfs4 -o -fstype gfs -o -fstype gfs2 -o -fstype glusterfs -o -fstype gpfs -o -fstype pvfs2 -o -fstype ocfs2 -o -fstype lustre -o -fstype davfs -o -fstype fuse.sshfs \) -type f \( -perm -4000 -o -perm -2000 \) 2> /dev/null args: - warn: false executable: /bin/bash check_mode: false register: find_result diff --git a/roles/shadowman_pci_rhel8/tasks/main.yml b/roles/shadowman_pci_rhel8/tasks/main.yml index c455cf8..71c2648 100644 --- a/roles/shadowman_pci_rhel8/tasks/main.yml +++ b/roles/shadowman_pci_rhel8/tasks/main.yml @@ -70,8 +70,6 @@ - name: Read files with incorrect hash command: rpm -Va --nodeps --nosize --nomtime --nordev --nocaps --nolinkto --nouser --nogroup --nomode --noghost --noconfig - args: - warn: false register: files_with_incorrect_hash changed_when: false failed_when: files_with_incorrect_hash.rc > 1 @@ -98,8 +96,6 @@ - name: Create list of packages command: rpm -qf "{{ item }}" - args: - warn: false with_items: '{{ files_with_incorrect_hash.stdout_lines | map(''regex_findall'', ''^[.]+[5]+.* (\/.*)'', ''\1'') | map(''join'') | select(''match'', ''(\/.*)'') | list | unique }}' @@ -130,8 +126,6 @@ - name: Reinstall packages of files with incorrect hash command: '{{ package_manager_reinstall_cmd }} ''{{ item }}''' - args: - warn: false with_items: '{{ list_of_packages.results | map(attribute=''stdout_lines'') | list | unique }}' when: @@ -160,8 +154,6 @@ - name: Read list of files with incorrect permissions command: rpm -Va --nodeps --nosignature --nofiledigest --nosize --nomtime --nordev --nocaps --nolinkto --nouser --nogroup - args: - warn: false register: files_with_incorrect_permissions failed_when: files_with_incorrect_permissions.rc > 1 changed_when: false @@ -188,8 +180,6 @@ - name: Create list of packages command: rpm -qf "{{ item }}" - args: - warn: false with_items: '{{ files_with_incorrect_permissions.stdout_lines | map(''regex_findall'', ''^[.]+[M]+.* (\/.*)'', ''\1'') | map(''join'') | select(''match'', ''(\/.*)'') | list | unique }}' @@ -219,8 +209,6 @@ - name: Correct file permissions with RPM command: rpm --setperms '{{ item }}' - args: - warn: false with_items: '{{ list_of_packages.results | map(attribute=''stdout_lines'') | list | unique }}' when: (files_with_incorrect_permissions.stdout_lines | length > 0) @@ -1223,8 +1211,6 @@ - name: Read signatures in GPG key command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - args: - warn: false changed_when: false register: gpg_fingerprints check_mode: false @@ -18076,7 +18062,6 @@ set -o pipefail find / -not \( -fstype afs -o -fstype ceph -o -fstype cifs -o -fstype smb3 -o -fstype smbfs -o -fstype sshfs -o -fstype ncpfs -o -fstype ncp -o -fstype nfs -o -fstype nfs4 -o -fstype gfs -o -fstype gfs2 -o -fstype glusterfs -o -fstype gpfs -o -fstype pvfs2 -o -fstype ocfs2 -o -fstype lustre -o -fstype davfs -o -fstype fuse.sshfs \) -type f \( -perm -4000 -o -perm -2000 \) 2> /dev/null args: - warn: false executable: /bin/bash check_mode: false register: find_result