Merge pull request #453 from ansible-lockdown/devel

uk-bolly · web-flow · commit 013be1998781 · 2025-02-20T16:35:50.000Z
New release to main
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -35,12 +35,12 @@ repos:
   - id: detect-secrets
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.21.2
+  rev: v8.23.3
   hooks:
   - id: gitleaks
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v24.10.0
+  rev: v25.1.2
   hooks:
   - id: ansible-lint
     name: Ansible-lint
diff --git a/tasks/section_5/cis_5.1.1.x.yml b/tasks/section_5/cis_5.1.1.x.yml
@@ -176,7 +176,7 @@
       - set_remote_syslog is failed
       - set_remote_syslog.rc != 257
 
-- name: "5.1.1.7 | PATCH | Ensure rsyslog is not configured to recieve logs from a remote client"
+- name: "5.1.1.7 | PATCH | Ensure rsyslog is not configured to receive logs from a remote client"
   when:
       - rhel8cis_rule_5_1_1_7
   tags:
@@ -187,7 +187,7 @@
       - rule_5.1.1.7
   notify: Restart_rsyslog
   block:
-      - name: "5.1.1.7 | PATCH | Ensure rsyslog is not configured to recieve logs from a remote client. | When not log host"
+      - name: "5.1.1.7 | PATCH | Ensure rsyslog is not configured to receive logs from a remote client. | When not log host"
         when: not rhel8cis_system_is_log_server
         ansible.builtin.replace:
             path: /etc/rsyslog.conf
@@ -199,7 +199,7 @@
             - '^(module\(load="imtcp"\))'
             - '^(input\(type="imtcp")'
 
-      - name: "5.1.1.7 | PATCH | Ensure rsyslog is not configured to recieve logs from a remote clients. | When log host"
+      - name: "5.1.1.7 | PATCH | Ensure rsyslog is not configured to receive logs from a remote clients. | When log host"
         when: rhel8cis_system_is_log_server
         ansible.builtin.replace:
             path: /etc/rsyslog.conf
diff --git a/tasks/section_5/cis_5.1.2.x.yml b/tasks/section_5/cis_5.1.2.x.yml
@@ -63,7 +63,7 @@
       state: started
       enabled: true
 
-- name: "5.1.2.1.4 | PATCH | Ensure journald is not configured to recieve logs from a remote client"
+- name: "5.1.2.1.4 | PATCH | Ensure journald is not configured to receive logs from a remote client"
   when:
       - not rhel8cis_system_is_log_server
       - rhel8cis_rule_5_1_2_1_4
diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
@@ -302,7 +302,7 @@
 
 - name: "6.2.9 | PATCH | Ensure root is the only UID 0 account"
   when:
-      - prelim_uid_zero_accounts_except_root.rc
+      - prelim_uid_zero_accounts_except_root.stdout | length > 0
       - rhel8cis_rule_6_2_9
   tags:
       - level1-server
@@ -421,8 +421,8 @@
             - name: "6.2.11 | PATCH | Ensure local interactive user dot files access is configured | Changes files ownerships"
               ansible.builtin.file:
                   path: "{{ item.path }}"
-                  owner: "{{ rhel8cis_passwd | selectattr('dir', 'in', item.path) | map(attribute='uid') | last }}"
-                  group: "{{ rhel8cis_passwd | selectattr('dir', 'in', item.path) | map(attribute='gid') | last }}"
+                  owner: "{{ rhel8cis_passwd | selectattr('dir', 'in', prelim_interactive_users_home.stdout_lines) | selectattr('dir', 'in', item.path) | map(attribute='uid') | last }}"
+                  group: "{{ rhel8cis_passwd | selectattr('dir', 'in', prelim_interactive_users_home.stdout_lines) | selectattr('dir', 'in', item.path) | map(attribute='gid') | last }}"
               with_items: "{{ discovered_hidden_files.files }}"
 
             - name: "6.2.11 | PATCH | Ensure local interactive user dot files access is configured | rename .forward or .netrc files"
