diff --git a/tasks/main.yml b/tasks/main.yml index 74db580b..e7091225 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,47 +13,47 @@ # See the License for the specific language governing permissions and # limitations under the License. - - name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - - "{{ ansible_distribution | lower }}.yml" - - "{{ ansible_os_family | lower }}.yml" - tags: - - always +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always - - name: Check for check/audit mode - command: /bin/true - register: noop_result - changed_when: False - tags: - - always +- name: Check for check/audit mode + command: /bin/true + register: noop_result + changed_when: False + tags: + - always - - name: Check to see if we are booting with EFI or UEFI - set_fact: - booted_with_efi: "{{ ansible_mounts | selectattr('mount', 'equalto', '/boot/efi') | list | length > 0 }}" - tags: - - always +- name: Check to see if we are booting with EFI or UEFI + set_fact: + booted_with_efi: "{{ ansible_mounts | selectattr('mount', 'equalto', '/boot/efi') | list | length > 0 }}" + tags: + - always - - name: Set facts - set_fact: - check_mode: "{{ noop_result is skipped }}" - linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}" - grub_config_file_boot: "{{ booted_with_efi | ternary(grub_conf_file_efi, grub_conf_file) }}" - tags: - - always +- name: Set facts + set_fact: + check_mode: "{{ noop_result is skipped }}" + linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}" + grub_config_file_boot: "{{ booted_with_efi | ternary(grub_conf_file_efi, grub_conf_file) }}" + tags: + - always - - name: Check if grub is present on the remote node - stat: - path: "{{ grub_update_cmd.split(' ')[0] }}" - register: grub_update_binary - tags: - - always +- name: Check if grub is present on the remote node + stat: + path: "{{ grub_update_cmd.split(' ')[0] }}" + register: grub_update_binary + tags: + - always - - include_tasks: "{{ stig_version }}stig/main.yml" +- import_tasks: "{{ stig_version }}stig/main.yml" - - include_tasks: contrib/main.yml - when: - - security_contrib_enabled | bool +- include_tasks: contrib/main.yml + when: + - security_contrib_enabled | bool diff --git a/tasks/rhel7stig/main.yml b/tasks/rhel7stig/main.yml index 7c4698bc..871d37c5 100644 --- a/tasks/rhel7stig/main.yml +++ b/tasks/rhel7stig/main.yml @@ -33,7 +33,7 @@ # Some of the tasks in the role may take a long time to run. Let's start them # as early as possible so they have time to finish. -- include_tasks: async_tasks.yml +- import_tasks: async_tasks.yml - name: Get user data for all users on the system get_users: @@ -66,7 +66,7 @@ # Package installations and removals must come first so that configuration # changes can be made later. -- include_tasks: packages.yml +- import_tasks: packages.yml tags: - always @@ -78,16 +78,16 @@ # each file are tagged with the same name (for example, tasks in `auth.yml` # are tagged with `auth`). Also, the tag name matches up with the "STIG # Controls by Tag" section of the role documentation. -- include_tasks: accounts.yml -- include_tasks: aide.yml -- include_tasks: auditd.yml -- include_tasks: auth.yml -- include_tasks: file_perms.yml -- include_tasks: graphical.yml -- include_tasks: kernel.yml -- include_tasks: lsm.yml -- include_tasks: misc.yml -- include_tasks: sshd.yml +- import_tasks: accounts.yml +- import_tasks: aide.yml +- import_tasks: auditd.yml +- import_tasks: auth.yml +- import_tasks: file_perms.yml +- import_tasks: graphical.yml +- import_tasks: kernel.yml +- import_tasks: lsm.yml +- import_tasks: misc.yml +- import_tasks: sshd.yml - name: Remove the temporary directory file: