diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline index aedca92e..6edc2849 100644 --- a/.config/.secrets.baseline +++ b/.config/.secrets.baseline @@ -124,7 +124,7 @@ "filename": "defaults/main.yml", "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", "is_verified": false, - "line_number": 363, + "line_number": 364, "is_secret": false }, { @@ -132,7 +132,7 @@ "filename": "defaults/main.yml", "hashed_secret": "fe96f7cfa2ab2224e7d015067a6f6cc713f7012e", "is_verified": false, - "line_number": 374, + "line_number": 375, "is_secret": false }, { @@ -140,7 +140,7 @@ "filename": "defaults/main.yml", "hashed_secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4", "is_verified": false, - "line_number": 375, + "line_number": 376, "is_secret": false } ], @@ -172,5 +172,5 @@ } ] }, - "generated_at": "2023-08-09T08:11:03Z" + "generated_at": "2023-08-10T12:54:13Z" } diff --git a/README.md b/README.md index fe6352dc..8d752175 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ OracleLinux 9 CentOS stream - while this will generally work it is not supported and requires the following variable setting ```sh -check_os: false +os_check: false ``` **General:** diff --git a/defaults/main.yml b/defaults/main.yml index 2cc47003..f7cef1c7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,6 +8,7 @@ container_vars_file: is_container.yml system_is_ec2: false # Run the OS validation check +# Supported OSs will not need for this to be changed - see README e.g. CentOS os_check: true rhel9cis_section1: true diff --git a/tasks/main.yml b/tasks/main.yml index 277e43fc..e8f72f4c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -44,14 +44,14 @@ - user_passwd - rule_5.3.4 -- name: "Ensure root password is set" +- name: Ensure root password is set block: - - name: "Ensure root password is set" + - name: Ensure root password is set ansible.builtin.shell: passwd -S root | grep "Password set, SHA512 crypt" changed_when: false register: root_passwd_set - - name: "Ensure root password is set" + - name: Ensure root password is set ansible.builtin.assert: that: root_passwd_set.rc == 0 fail_msg: "You have rule 5.6.6 enabled this requires that you have a root password set"