#243 thanks to @fnschroeder

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
ansible-lockdown · Feb 1, 2023 · 4a27601 · 4a27601
1 parent 807b6f0
commit 4a27601
Show file tree

Hide file tree

Showing 9 changed files with 0 additions and 34 deletions.
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -39,8 +39,6 @@
 
 - name: remount tmp
   command: mount -o remount /tmp
-  args:
-      warn: false
 
 - name: restart firewalld
   service:
@@ -79,8 +77,6 @@
   changed_when: false
   check_mode: false
   failed_when: false
-  args:
-      warn: false
   when:
       - not rhel8cis_skip_for_travis
   tags:
@@ -128,8 +124,6 @@
 
 - name: restart auditd
   shell: service auditd restart
-  args:
-      warn: false
   tags:
       - skip_ansible_lint
 

diff --git a/tasks/check_prereqs.yml b/tasks/check_prereqs.yml
@@ -6,8 +6,6 @@
         command: rpm -q python36-rpm
         failed_when: ( python36_rpm_present.rc not in [ 0, 1 ] )
         changed_when: false
-        args:
-            warn: false
         register: python36_rpm_present
 
       - name: Add the EPEL repository required for the python36-rpm pkg

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
@@ -3,8 +3,6 @@
 # List users in order to look files inside each home directory
 - name: "PRELIM | List users accounts"
   command: "awk -F: '{print $1}' /etc/passwd"
-  args:
-      warn: false
   changed_when: false
   check_mode: false
   register: users
@@ -32,24 +30,18 @@
 
 - name: "PRELIM | Gather accounts with empty password fields"
   shell: "cat /etc/shadow | awk -F: '($2 == \"\" ) {j++;print $1; } END {exit j}'"
-  args:
-      warn: false
   changed_when: false
   check_mode: false
   register: empty_password_accounts
 
 - name: "PRELIM | Gather UID 0 accounts other than root"
   shell: "cat /etc/passwd | awk -F: '($3 == 0 && $1 != \"root\") {i++;print $1 } END {exit i}'"
-  args:
-      warn: false
   changed_when: false
   check_mode: false
   register: rhel8cis_uid_zero_accounts_except_root
 
 - name: "PRELIM | Gather system-wide crypto-policy"
   shell: update-crypto-policies --show
-  args:
-      warn: false
   changed_when: false
   check_mode: false
   register: system_wide_crypto_policy

diff --git a/tasks/section_1/cis_1.2.x.yml b/tasks/section_1/cis_1.2.x.yml
@@ -69,8 +69,6 @@
         failed_when: false
         register: dnf_configured
         check_mode: false
-        args:
-            warn: false
 
       - name: "1.2.4 | AUDIT | Ensure package manager repositories are configured | Display repo list"
         debug:

diff --git a/tasks/section_3/cis_3.1.x.yml b/tasks/section_3/cis_3.1.x.yml
@@ -86,8 +86,6 @@
         changed_when: false
         failed_when: false
         check_mode: false
-        args:
-            warn: false
         register: rhel_08_nmcli_available
 
       - name: "3.1.4 | AUDIT | Ensure wireless interfaces are disabled | Check if wifi is enabled"

diff --git a/tasks/section_3/cis_3.4.2.x.yml b/tasks/section_3/cis_3.4.2.x.yml
@@ -158,8 +158,6 @@
 
       - name: "3.4.2.6 | PATCH | Ensure nftables base chains exist | Create chains if needed"
         shell: "{{ item }}"
-        args:
-            warn: false
         failed_when: false
         with_items:
             - nft create chain inet "{{ rhel8cis_nft_tables_tablename }}" input { type filter hook input priority 0 \; }

diff --git a/tasks/section_5/cis_5.2.x.yml b/tasks/section_5/cis_5.2.x.yml
@@ -261,15 +261,11 @@
       - name: "5.2.14 | AUDIT | Ensure system-wide crypto policy is not over-ridden"
         shell: grep -i '^\s*CRYPTO_POLICY=' /etc/sysconfig/sshd
         failed_when: ( crypto_policy_override.rc not in [ 0, 1 ] )
-        args:
-            warn: false
         changed_when: false
         register: crypto_policy_override
 
       - name: "5.2.14 | PATCH | Ensure system-wide crypto policy is not over-ridden"
         shell: sed -ri "s/^\s*(CRYPTO_POLICY\s*=.*)$/# \1/" /etc/sysconfig/sshd
-        args:
-            warn: false
         notify: restart sshd
         when:
             - crypto_policy_override.stdout | length > 0

diff --git a/tasks/section_5/cis_5.4.x.yml b/tasks/section_5/cis_5.4.x.yml
@@ -17,8 +17,6 @@
 
       - name: "5.4.1 | PATCH | Ensure custom authselect profile is used | Create custom profiles"
         shell: authselect create-profile {{ rhel8cis_authselect['custom_profile_name'] }} -b {{ rhel8cis_authselect['default_file_to_copy'] }}
-        args:
-            warn: false
         when: rhel8cis_authselect_custom_profile_create
   when:
       - rhel8cis_rule_5_4_1
@@ -47,8 +45,6 @@
 
       - name: "5.4.2 | PATCH | Ensure authselect includes with-faillock | Create custom profiles"
         shell: "authselect select custom/{{ rhel8cis_authselect['custom_profile_name'] }} with-faillock"
-        args:
-            warn: false
         when: rhel8cis_authselect_custom_profile_select
   when:
       - rhel8cis_rule_5_4_2

diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml
@@ -4,8 +4,6 @@
   block:
       - name: "6.1.1 | AUDIT | Audit system file permissions | Audit the packages"
         shell: rpm -Va --nomtime --nosize --nomd5 --nolinkto
-        args:
-            warn: false
         changed_when: false
         failed_when: false
         register: rhel8cis_6_1_1_packages_rpm
@@ -48,8 +46,6 @@
 
 - name: "6.1.2 | PATCH | Ensure sticky bit is set on all world-writable directories"
   shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002 2>/dev/null | xargs chmod a+t
-  args:
-      warn: false
   changed_when: false
   failed_when: false
   when: