From 03d436f86403d5635759ed4dcfc2d36567aeca20 Mon Sep 17 00:00:00 2001
From: Mark Hooper <hoopernet@gmail.com>
Date: Tue, 7 Jun 2016 14:03:04 -0500
Subject: [PATCH] Fix grub configuration file path in RHEL/CentOS 7

CentOS and RHEL 7 both use /boot/grub2/grub.cfg, but the tasks in the
security role expect it to be in /boot/grub/grub.cfg. This patch
adds a variable for the grub configuration file path.

Closes-bug: 1590102

Change-Id: I724d6eb3b716bd9b0006d0d2e5ad201481d52e59
---
 tasks/boot.yml  | 8 ++++----
 vars/redhat.yml | 1 +
 vars/ubuntu.yml | 1 +
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/tasks/boot.yml b/tasks/boot.yml
index 3b0ee0ce..57d8b2ae 100644
--- a/tasks/boot.yml
+++ b/tasks/boot.yml
@@ -15,13 +15,13 @@
 
 - name: Check to see if grub.cfg exists
   stat:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
   register: grub_cfg
   always_run: True
 
 - name: V-38579 - Bootloader configuration files must be owned by root
   file:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
     owner: root
   tags:
     - boot
@@ -31,7 +31,7 @@
 
 - name: V-38581 - Bootloader configuration files must be group-owned by root
   file:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
     group: root
   tags:
     - boot
@@ -41,7 +41,7 @@
 
 - name: V-38582 - Bootloader configuration files must have mode 0644 or less
   file:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
     mode: 0644
   tags:
     - boot
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 2db5a1b4..3b8ba6c2 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -17,6 +17,7 @@
 pam_auth_file: /etc/pam.d/system-auth
 pam_password_file: /etc/pam.d/password-auth
 vsftpd_conf_file: /etc/vsftpd/vsftpd.conf
+grub_conf_file: /boot/grub2/grub.cfg
 
 # Package names
 auditd_pkg: audit
diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml
index 0ce42281..984dc412 100644
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@@ -20,6 +20,7 @@ cache_timeout: 600
 pam_auth_file: /etc/pam.d/common-auth
 pam_password_file: /etc/pam.d/common-password
 vsftpd_conf_file: /etc/vsftpd.conf
+grub_conf_file: /boot/grub/grub.cfg
 
 # Package names
 auditd_pkg: auditd