Merge pull request #89 from ansible-lockdown/devel

workflow check run
ansible-lockdown · Aug 10, 2023 · 00e6f19 · 00e6f19
2 parents 4567a0b + f683323
commit 00e6f19
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 8 deletions.
diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline
@@ -124,23 +124,23 @@
         "filename": "defaults/main.yml",
         "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
         "is_verified": false,
-        "line_number": 363,
+        "line_number": 364,
         "is_secret": false
       },
       {
         "type": "Secret Keyword",
         "filename": "defaults/main.yml",
         "hashed_secret": "fe96f7cfa2ab2224e7d015067a6f6cc713f7012e",
         "is_verified": false,
-        "line_number": 374,
+        "line_number": 375,
         "is_secret": false
       },
       {
         "type": "Secret Keyword",
         "filename": "defaults/main.yml",
         "hashed_secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4",
         "is_verified": false,
-        "line_number": 375,
+        "line_number": 376,
         "is_secret": false
       }
     ],
@@ -172,5 +172,5 @@
       }
     ]
   },
-  "generated_at": "2023-08-09T08:11:03Z"
+  "generated_at": "2023-08-10T12:54:13Z"
 }
diff --git a/README.md b/README.md
@@ -111,7 +111,7 @@ OracleLinux 9
 CentOS stream - while this will generally work it is not supported and requires the following variable setting
 
 ```sh
-check_os: false
+os_check: false
 ```
 
 **General:**

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -8,6 +8,7 @@ container_vars_file: is_container.yml
 system_is_ec2: false
 
 # Run the OS validation check
+# Supported OSs will not need for this to be changed - see README e.g. CentOS
 os_check: true
 
 rhel9cis_section1: true

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -44,14 +44,14 @@
       - user_passwd
       - rule_5.3.4
 
-- name: "Ensure root password is set"
+- name: Ensure root password is set
   block:
-      - name: "Ensure root password is set"
+      - name: Ensure root password is set
         ansible.builtin.shell: passwd -S root | grep "Password set, SHA512 crypt"
         changed_when: false
         register: root_passwd_set
 
-      - name: "Ensure root password is set"
+      - name: Ensure root password is set
         ansible.builtin.assert:
             that: root_passwd_set.rc == 0
             fail_msg: "You have rule 5.6.6 enabled this requires that you have a root password set"