Merge fe8c656c3c into 371a35d4bf

updated fetch default settings and tidy

defaults/main.yml

@@ -107,7 +107,9 @@ audit_conf_dest: "/opt"
 audit_log_dir: '/opt'
 
 # Method of getting,uploading the summary files
-## Ensure access and permissions are avaiable for these to occur.
+## Enable the collection of audit files
+fetch_audit_output: false
+## Ensure access and permissions are available for these to occur.
 ## options are
 # fetch - fetches from server and moves to location on the ansible controller (could be a mount point available to controller)
 # copy - copies file to a location available to the managed node

tasks/main.yml

@@ -202,6 +202,7 @@
   tags: always
   ansible.builtin.import_tasks:
     file: fetch_audit_output.yml
+
 - name: Show Audit Summary
   when: run_audit
   tags: run_audit

tasks/pre_remediation_audit.yml

@@ -12,6 +12,12 @@
     mode: 'go-w'
     state: directory
 
+- name: Pre Audit Setup | Ensure existence of {{ audit_log_dir }}
+  ansible.builtin.file:
+    path: "{{ audit_log_dir }}"
+    mode: 'go-w'
+    state: directory
+
 - name: Pre Audit Setup | If using git for content set up
   when: audit_content == 'git'
   block:

tasks/section_5/cis_5.4.3.x.yml

@@ -19,6 +19,21 @@
     regexp: nologin
     replace: ""
 
+- name: "5.4.3.2 | PATCH | Remove old content from {{ ubtu24cis_shell_session_file }} before adding new lines"
+  when:
+    - ubtu24cis_rule_5_4_3_2
+  tags:
+    - level1-server
+    - level1-workstation
+    - patch
+    - shell
+    - rule_5.4.3.2
+    - NIST800-53R5_NA
+  ansible.builtin.replace:
+    path: "{{ ubtu24cis_shell_session_file }}"
+    regexp: '# Logout Timeout\nexport TMOUT=0\nreadonly TMOUT\n'
+    replace: '# Logout Timeout\n'
+
 - name: "5.4.3.2 | PATCH | Ensure default user shell timeout is configured"
   when:
     - ubtu24cis_rule_5_4_3_2