1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# platform = multi_platform_all
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low
- name: "{{{ rule_title }}} - Search for a section in files"
ansible.builtin.find:
paths: "{{item.path}}"
patterns: "{{item.pattern}}"
contains: '^\s*\[{{{ SECTION }}}\]'
read_whole_file: true
use_regex: true
register: systemd_dropin_files_with_section
loop:
- path: "{{ '{{{ MASTER_CFG_FILE }}}' | dirname }}"
pattern: "{{ '{{{ MASTER_CFG_FILE }}}' | basename | regex_escape }}"
- path: "{{{ DROPIN_DIR }}}"
pattern: '.*\.conf'
- name: "{{{ rule_title }}} - Count number of files which contain the correct section"
ansible.builtin.set_fact:
count_of_systemd_dropin_files_with_section: "{{systemd_dropin_files_with_section.results | map(attribute='matched') | list | map('int') | sum}}"
- name: "{{{ rule_title }}} - Add missing configuration to correct section"
ini_file:
path: "{{item}}"
section: {{{ SECTION }}}
option: {{{ PARAM }}}
{{% if NO_QUOTES %}}
value: "{{{ VALUE }}}"
{{% else %}}
value: '"{{{ VALUE }}}"'
{{% endif %}}
state: present
no_extra_spaces: true
when: count_of_systemd_dropin_files_with_section | int > 0
loop: "{{systemd_dropin_files_with_section.results | sum(attribute='files', start=[]) | map(attribute='path') | list }}"
- name: "{{{ rule_title }}} - Add configuration to new remediation file"
ini_file:
path: "{{{ DROPIN_DIR }}}/complianceascode_hardening.conf"
section: {{{ SECTION }}}
option: {{{ PARAM }}}
{{% if NO_QUOTES %}}
value: "{{{ VALUE }}}"
{{% else %}}
value: '"{{{ VALUE }}}"'
{{% endif %}}
state: present
no_extra_spaces: true
create: true
when: count_of_systemd_dropin_files_with_section | int == 0
|
