[pre-commit.ci] pre-commit autoupdate

updates:
- [github.com/ansible-community/ansible-lint: v25.1.3 → v25.2.1](https://github.com/ansible-community/ansible-lint/compare/v25.1.3...v25.2.1)

.github/workflows/devel_pipeline_validation.yml

@@ -7,6 +7,7 @@
         types: [opened, reopened, synchronize]
         branches:
             - devel
+            - benchmark*
         paths:
             - '**.yml'
             - '**.sh'
@@ -70,7 +71,6 @@
                  echo IAC_BRANCH=main >> $GITHUB_ENV
               fi
 
-
           # Pull in terraform code for linux servers
           - name: Clone GitHub IaC plan
             uses: actions/checkout@v4

.github/workflows/main_pipeline_validation.yml

@@ -7,6 +7,7 @@
         types: [opened, reopened, synchronize]
         branches:
             - main
+            - latest
         paths:
             - '**.yml'
             - '**.sh'
@@ -23,17 +24,6 @@
   # A workflow run is made up of one or more jobs
   # that can run sequentially or in parallel
   jobs:
-    # This will create messages for first time contributers and direct them to the Discord server
-      welcome:
-        runs-on: self-hosted
-
-        steps:
-            - uses: actions/first-interaction@main
-              with:
-                repo-token: ${{ secrets.GITHUB_TOKEN }}
-                pr-message: |-
-                    Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
-                    Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.
 
       # This workflow contains a single job that tests the playbook
       playbook-test:

.gitignore

@@ -44,5 +44,5 @@ benchparse/
 # GitHub Action/Workflow files
 .github/
 
-# Precommit
+# ansible-lint cache
 .ansible/

.pre-commit-config.yaml

@@ -46,7 +46,7 @@ repos:
   - id: gitleaks
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v25.1.3
+  rev: v25.2.1
   hooks:
   - id: ansible-lint
     name: Ansible-lint

templates/audit/99_auditd.rules.j2

@@ -43,8 +43,8 @@
 {{ arch_syscalls.append( syscall) }}
 {% endif %}
 {% endfor %}
--a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }}  -k system-locale
--a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }}  -k system-locale
+-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -k system-locale
+-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -k system-locale
 -w /etc/issue -p wa -k system-locale
 -w /etc/issue.net -p wa -k system-locale
 -w /etc/hosts -p wa -k system-locale
@@ -99,7 +99,7 @@
 {% endif %}
 {% endfor %}
 -a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -F auid>=1000 -F auid!=unset -k perm_mod
-{% set syscalls = ["etxattr","lsetxattr","fsetxattr","removexattr","lremovexattr","fremovexattr"] %}
+{% set syscalls = ["setxattr","lsetxattr","fsetxattr","removexattr","lremovexattr","fremovexattr"] %}
 {% set arch_syscalls = [] %}
 {% for syscall in syscalls  %}
 {% if syscall in supported_syscalls %}