From fe8c656c3cb070dd11773333158d802e2951ee15 Mon Sep 17 00:00:00 2001 From: Ralf Ronneburger Date: Fri, 28 Feb 2025 18:09:13 +0100 Subject: [PATCH] make sure audit_log_dir exists, make sure shell_session_file does not contain readonly twice (leading to error messages upon login) --- tasks/pre_remediation_audit.yml | 6 ++++++ tasks/section_5/cis_5.4.3.x.yml | 15 +++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml index 91cc9b7..f873355 100644 --- a/tasks/pre_remediation_audit.yml +++ b/tasks/pre_remediation_audit.yml @@ -12,6 +12,12 @@ mode: 'go-w' state: directory +- name: Pre Audit Setup | Ensure existence of {{ audit_log_dir }} + ansible.builtin.file: + path: "{{ audit_log_dir }}" + mode: 'go-w' + state: directory + - name: Pre Audit Setup | If using git for content set up when: audit_content == 'git' block: diff --git a/tasks/section_5/cis_5.4.3.x.yml b/tasks/section_5/cis_5.4.3.x.yml index bac9c32..d612658 100644 --- a/tasks/section_5/cis_5.4.3.x.yml +++ b/tasks/section_5/cis_5.4.3.x.yml @@ -19,6 +19,21 @@ regexp: nologin replace: "" +- name: "5.4.3.2 | PATCH | Remove old content from {{ ubtu24cis_shell_session_file }} before adding new lines" + when: + - ubtu24cis_rule_5_4_3_2 + tags: + - level1-server + - level1-workstation + - patch + - shell + - rule_5.4.3.2 + - NIST800-53R5_NA + ansible.builtin.replace: + path: "{{ ubtu24cis_shell_session_file }}" + regexp: '# Logout Timeout\nexport TMOUT=0\nreadonly TMOUT\n' + replace: '# Logout Timeout\n' + - name: "5.4.3.2 | PATCH | Ensure default user shell timeout is configured" when: - ubtu24cis_rule_5_4_3_2