--- - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured" when: - ubtu24cis_rule_1_2_1_1 tags: - level1-server - level1-workstation - audit - rule_1.2.1.1 - NIST800-53R5_SI-2 - gpg - keys vars: warn_control_id: '1.2.1.1' block: - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Get apt gpg keys" ansible.builtin.command: apt-key list changed_when: false failed_when: false check_mode: false register: discovered_apt_gpgkeys - name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Message out apt gpg keys" ansible.builtin.debug: msg: - "Warning!! Below are the apt gpg keys configured" - "Please review to make sure they are configured" - "in accordance with site policy" - "{{ discovered_apt_gpgkeys.stdout_lines }}" - name: "1.2.1.1 | WARN | Ensure GPG keys are configured | warn_count" ansible.builtin.import_tasks: file: warning_facts.yml - name: "1.2.1.2 | AUDIT | Ensure package manager repositories are configured" when: - ubtu24cis_rule_1_2_1_2 tags: - level1-server - level1-workstation - audit - rule_1.2.1.2 - NIST800-53R5_SI-2 - apt vars: warn_control_id: '1.2.1.2' block: - name: "1.2.1.2 | AUDIT | Ensure package manager repositories are configured | Get repositories" ansible.builtin.command: apt-cache policy changed_when: false failed_when: false check_mode: false register: discovered_apt_policy - name: "1.2.1.2 | AUDIT | Ensure package manager repositories are configured | Message out repository configs" ansible.builtin.debug: msg: - "Warning!! Below are the apt package repositories" - "Please review to make sure they conform to your sites policies" - "{{ discovered_apt_policy.stdout_lines }}" - name: "1.2.1.2 | WARN | Ensure package manager repositories are configured | warn_count" ansible.builtin.import_tasks: file: warning_facts.yml