Giters

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats

Home Page:https://complianceascode.readthedocs.io/en/latest/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

rhel8-playbook-stig.yml and rhel9-playbook-stig.yml using stale ansible_facts

msakhwand opened this issue · comments

commented

Share the context

The ansible_facts.mounts used on in the task "Ensure non-root local partitions are mounted with nodev option" is using a stale copy of ansible_facts and As this overwrites the changes made in the previous taks to add noexec and nosuid to the mount options.

Description of problem:

This is only impacts if both nodev and nosuid/noexec are missing. this i not an issue if any one of them is present

Proposed change:

A new call to builtin.setup should be made before the task "Ensure non-root local partitions are mounted with nodev option"

References:

  1. rhel8-playbook-stig.yml
  2. rhel9-playbook-stig.yml