Remove "FAILED" from custom fail messages

When failing with a custom message using the fail module the string
"FAILED" is already included in the output of Ansible. Adding "FAILED"
to the message itself is redundant.

This also fixes an inaccurrate fail message for an task of V-38476.

Change-Id: I10b8c6e2e661119fbdeb07a440a735b771e1e691

tasks/apt.yml

@@ -43,7 +43,7 @@
 
 - name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.
   fail:
-    msg: "FAILED: Missing Ubuntu 14.04 Archive signing keys"
+    msg: "Missing Ubuntu Archive signing keys"
   when: "'437D05B5' not in v38476_result.stdout or 'C0B21F32' not in v38476_result.stdout"
   tags:
     - package
@@ -71,7 +71,7 @@
 
 - name: V-38462 - Package management tool must verify authenticity of packages
   fail:
-    msg: "FAILED: Remove AllowUnauthenticated from files in /etc/apt/apt.conf.d/ to ensure packages are verified."
+    msg: "Remove AllowUnauthenticated from files in /etc/apt/apt.conf.d/ to ensure packages are verified."
   when: "v38462_result.rc == 0"
   tags:
     - package

tasks/auditd.yml

@@ -121,7 +121,7 @@
 
 - name: V-38637 - Contents of auditd package must be verified
   fail:
-    msg: "FAILED: Could not verify that files from auditd package are unaltered"
+    msg: "Could not verify that files from auditd package are unaltered"
   when:
     - not check_mode
     - ansible_pkg_mgr == 'apt'
@@ -142,7 +142,7 @@
 
 - name: V-38637 - Contents of auditd package must be verified
   fail:
-    msg: "FAILED: Could not verify that files from auditd package are unaltered"
+    msg: "Could not verify that files from auditd package are unaltered"
   when:
     - not check_mode
     - ansible_pkg_mgr == 'yum'

tasks/auth.yml

@@ -93,7 +93,7 @@
 # not locked.
 - name: V-38496 - Default operating system accounts (other than root) must be locked
   fail:
-    msg: "FAILED: System accounts are unlocked: {{ v38496_violations|trim|replace('\n',', ') }}"
+    msg: "System accounts are unlocked: {{ v38496_violations|trim|replace('\n',', ') }}"
   when: v38496_violations|length > 0
   tags:
     - auth
@@ -154,7 +154,7 @@
 
 - name: V-38491 - No .rhosts or hosts.equiv present on system
   fail:
-    msg: "FAILED: Remove all .rhosts and hosts.equiv files"
+    msg: "Remove all .rhosts and hosts.equiv files"
   when: v38491_equiv_check.stat.exists == True or v38491_rhosts_check.stat.exists == True
   tags:
     - auth
@@ -173,7 +173,7 @@
 
 - name: V-38500 - The root account must be the only account with UID 0
   fail:
-    msg: "FAILED: Another account besides root has UID 0"
+    msg: "Another account besides root has UID 0"
   when: v38500_result.stdout != '0'
   tags:
     - auth
@@ -267,7 +267,7 @@
 
 - name: V-38499 - The /etc/passwd file must not contain password hashes
   fail:
-    msg: "FAILED: Remove password hashes from /etc/password to remediate"
+    msg: "Remove password hashes from /etc/password to remediate"
   when: "v38499_result.stdout != '0'"
   tags:
     - auth
@@ -318,7 +318,7 @@
 # If SHA512 isn't in use for some reason, we should fail and display an error.
 - name: V-38574 - System must use FIPS 140-2 approved hashing algorithm for passwords (PAM)
   fail:
-    msg: "FAILED: Must use SHA512 for password hashing (via PAM)"
+    msg: "Must use SHA512 for password hashing (via PAM)"
   when: v38574_result.rc != 0
   tags:
     - auth
@@ -338,7 +338,7 @@
 # If SHA512 isn't in use for some reason, we should fail and display an error.
 - name: V-38576 - System must use FIPS 140-2 approved hashing algorithm for passwords (login.defs)
   fail:
-    msg: "FAILED: Must use SHA512 for password hashing (in /etc/login.defs)"
+    msg: "Must use SHA512 for password hashing (in /etc/login.defs)"
   when: v38576_result.rc != 0
   tags:
     - auth
@@ -374,7 +374,7 @@
 # algorithms, throw an error and a failure.
 - name: V-38577 - System must use FIPS 140-2 approved hashing algorithm for passwords (libuser)
   fail:
-    msg: "FAILED: libuser isn't configured to use SHA512 hashing for passwords"
+    msg: "libuser isn't configured to use SHA512 hashing for passwords"
   when: v38577_libuser_check.rc == 0 and v38577_result.rc != 0
   tags:
     - auth
@@ -394,7 +394,7 @@
 
 - name: V-38681 - All GID's in /etc/passwd must be defined in /etc/group
   fail:
-    msg: "FAILED: GID's in /etc/passwd aren't in /etc/group"
+    msg: "GID's in /etc/passwd aren't in /etc/group"
   when: v38681_result.rc != 1
   tags:
     - auth
@@ -424,7 +424,7 @@
 
 - name: V-38683 - All accounts on the system must have unique user/account names
   fail:
-    msg: "FAILED: Found accounts without unique usernames"
+    msg: "Found accounts without unique usernames"
   when: v38683_result.stdout != '0'
   tags:
     - auth

tasks/misc.yml

@@ -61,7 +61,7 @@
 
 - name: V-38670 - System must detect unauthorized changes to software and information
   fail:
-    msg: "FAILED: AIDE cron job is missing"
+    msg: "AIDE cron job is missing"
   when:
     - not check_mode
     - v38670_result.stat.exists == False
@@ -80,7 +80,7 @@
 
 - name: V-38619 - There must be no .netrc files on the system
   fail:
-    msg: "FAILED: .netrc files found -- they must be removed"
+    msg: ".netrc files found -- they must be removed"
   when: v38619_result.stdout != '0'
   tags:
     - cat2
@@ -165,7 +165,7 @@
 
 - name: V-38624 - System logs must be rotated daily (verify cron job)
   fail:
-    msg: "FAILED: Cron job for logrotate is missing"
+    msg: "Cron job for logrotate is missing"
   when:
     - not check_mode
     - not v38624_result.stat.exists | bool
@@ -241,7 +241,7 @@
 
 - name: V-38660 - The snmpd service must only use SNMPv3 or newer
   fail:
-    msg: "FAILED: Insecure SNMP configuration found -- use SNMPv3 only"
+    msg: "Insecure SNMP configuration found -- use SNMPv3 only"
   when:
     - not check_mode
     - snmpd_installed is defined
@@ -385,7 +385,7 @@
 
 - name: V-38674 - X Windows must not be enabled
   fail:
-    msg: "FAILED: Default runlevel should be 2 (no X windows)"
+    msg: "Default runlevel should be 2 (no X windows)"
   when:
     - not systemd_running | bool
     - v38674_result.rc != 0
@@ -405,7 +405,7 @@
 
 - name: V-38674 - X Windows must not be enabled
   fail:
-    msg: "FAILED: Graphical target must not be enabled in systemd."
+    msg: "Graphical target must not be enabled in systemd."
   when:
     - systemd_running | bool
     - v38674_result.rc == 0

tasks/nfsd.yml

@@ -38,7 +38,7 @@
 
 - name: V-38460 - The NFS server must not have the all_squash option enabled
   fail:
-    msg: "FAILED: Remove all_squash from /etc/exports"
+    msg: "Remove all_squash from /etc/exports"
   changed_when: v38460_result.rc == 0
   when: exports.stat.exists and v38460_result.rc == 0
   tags:
@@ -59,7 +59,7 @@
 
 - name: V-38677 - The NFS server must not have the insecure_locks option enabled
   fail:
-    msg: "FAILED: Remove insecure_locks from /etc/exports"
+    msg: "Remove insecure_locks from /etc/exports"
   changed_when: v38677_result.rc == 0
   when: exports.stat.exists and v38677_result.rc == 0
   tags:

tasks/rpm.yml

@@ -26,7 +26,7 @@
 
 - name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.
   fail:
-    msg: "FAILED: Missing CentOS 7 GPG keys"
+    msg: "Missing CentOS 7 GPG keys"
   when: "v38476_result.rc != 0"
   tags:
     - package
@@ -46,7 +46,7 @@
 
 - name: V-38462 - Package management tool must verify authenticity of packages
   fail:
-    msg: "FAILED: Ensure all repo files in /etc/yum.repos.d/ have 'gpgcheck=1' set."
+    msg: "Ensure all repo files in /etc/yum.repos.d/ have 'gpgcheck=1' set."
   when: "v38462_result.rc == 0"
   tags:
     - package