Merge fe8c656c3c into b631e9e2d6

[pre-commit.ci] pre-commit autoupdate

.pre-commit-config.yaml

@@ -41,12 +41,12 @@ repos:
   - id: detect-secrets
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.24.3
+  rev: v8.25.1
   hooks:
   - id: gitleaks
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v25.2.1
+  rev: v25.4.0
   hooks:
   - id: ansible-lint
     name: Ansible-lint
@@ -65,7 +65,7 @@ repos:
     # - ansible-core>=2.10.1
 
 - repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.37.0  # or higher tag
+  rev: v1.37.1  # or higher tag
   hooks:
   - id: yamllint
     name: Check YAML Lint

tasks/pre_remediation_audit.yml

@@ -12,6 +12,12 @@
     mode: 'go-w'
     state: directory
 
+- name: Pre Audit Setup | Ensure existence of {{ audit_log_dir }}
+  ansible.builtin.file:
+    path: "{{ audit_log_dir }}"
+    mode: 'go-w'
+    state: directory
+
 - name: Pre Audit Setup | If using git for content set up
   when: audit_content == 'git'
   block:

tasks/section_5/cis_5.4.3.x.yml

@@ -19,6 +19,21 @@
     regexp: nologin
     replace: ""
 
+- name: "5.4.3.2 | PATCH | Remove old content from {{ ubtu24cis_shell_session_file }} before adding new lines"
+  when:
+    - ubtu24cis_rule_5_4_3_2
+  tags:
+    - level1-server
+    - level1-workstation
+    - patch
+    - shell
+    - rule_5.4.3.2
+    - NIST800-53R5_NA
+  ansible.builtin.replace:
+    path: "{{ ubtu24cis_shell_session_file }}"
+    regexp: '# Logout Timeout\nexport TMOUT=0\nreadonly TMOUT\n'
+    replace: '# Logout Timeout\n'
+
 - name: "5.4.3.2 | PATCH | Ensure default user shell timeout is configured"
   when:
     - ubtu24cis_rule_5_4_3_2