fix ansible lint remarks

dev-sec · Nov 21, 2018 · 820a15a · 820a15a
1 parent 9a57c6e
commit 820a15a
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 12 deletions.
diff --git a/meta/main.yml b/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: "Sebastian Gumprich"
-  description: 'This Ansible role provides numerous security-related configurations, providing all-round base protection.'
+  description: 'This role provides numerous security-related configurations, providing all-round base protection.'
   company: Hardening Framework Team
   license: Apache License 2.0
   min_ansible_version: '2.5'

diff --git a/tasks/limits.yml b/tasks/limits.yml
@@ -16,7 +16,7 @@
       limit_type: hard
       limit_item: core
       value: 0
-      comment: Prevent core dumps for all users. These are usually only needed by developers and may contain sensitive information
+      comment: Prevent core dumps for all users. These are usually not needed and may contain sensitive information
 
   - name: set 10.hardcore.conf perms to 0400 and root ownership
     file:

diff --git a/tasks/login_defs.yml b/tasks/login_defs.yml
@@ -6,4 +6,3 @@
     owner: 'root'
     group: 'root'
     mode: '0444'
-
diff --git a/tasks/modprobe.yml b/tasks/modprobe.yml
@@ -1,7 +1,7 @@
 ---
 - name: install modprobe to disable filesystems | os-10
   package:
-    name: '{{modprobe_package}}'
+    name: '{{ modprobe_package }}'
     state: 'present'
 
 - name: check if efi is installed
@@ -21,4 +21,3 @@
     owner: 'root'
     group: 'root'
     mode: '0640'
-
diff --git a/tasks/pam.yml b/tasks/pam.yml
@@ -47,7 +47,8 @@
   apt:
     name: 'libpam-modules'
     state: 'present'
-  when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and not os_auth_pam_passwdqc_enable and os_auth_retries > 0
+  when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and
+        not os_auth_pam_passwdqc_enable and os_auth_retries > 0
 
 - name: configure tally2
   template:
@@ -56,25 +57,29 @@
     mode: '0644'
     owner: 'root'
     group: 'root'
-  when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and not os_auth_pam_passwdqc_enable and os_auth_retries > 0
+  when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and
+        not os_auth_pam_passwdqc_enable and os_auth_retries > 0
 
 - name: delete tally2 when retries is 0
   file:
     path: '{{ tally2_path }}'
     state: 'absent'
-  when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and not os_auth_pam_passwdqc_enable and os_auth_retries == 0
+  when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and
+        not os_auth_pam_passwdqc_enable and os_auth_retries == 0
 
 - name: remove pam_cracklib, because it does not play nice with passwdqc
   yum:
     name: '{{ os_packages_pam_cracklib }}'
     state: 'absent'
-  when: (ansible_os_family == 'RedHat' and ansible_distribution_version < '7' and not ansible_distribution == 'Amazon') and os_auth_pam_passwdqc_enable
+  when: (ansible_os_family == 'RedHat' and ansible_distribution_version < '7' and not ansible_distribution == 'Amazon')
+        and os_auth_pam_passwdqc_enable
 
 - name: install the package for strong password checking
   yum:
     name: '{{ os_packages_pam_passwdqc }}'
     state: 'present'
-  when: (ansible_os_family == 'RedHat' and ansible_distribution_version < '7' and not ansible_distribution == 'Amazon') and os_auth_pam_passwdqc_enable
+  when: (ansible_os_family == 'RedHat' and ansible_distribution_version < '7' and not ansible_distribution == 'Amazon')
+        and os_auth_pam_passwdqc_enable
 
 - name: remove passwdqc
   yum:

diff --git a/tasks/sysctl.yml b/tasks/sysctl.yml
@@ -13,7 +13,8 @@
     owner: 'root'
     group: 'root'
     mode: '0544'
-  when: ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora' or ansible_distribution == 'CentOS' or ansible_distribution == 'Amazon'
+  when: ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora' or
+        ansible_distribution == 'CentOS' or ansible_distribution == 'Amazon'
 
 - name: install initramfs-tools
   apt:
@@ -59,7 +60,8 @@
     reload: yes
     ignoreerrors: yes
   with_dict: '{{ sysctl_rhel_config }}'
-  when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora' or ansible_distribution == 'CentOS') and ansible_distribution_major_version < '7') or ansible_distribution == 'Amazon'
+  when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora' or ansible_distribution == 'CentOS') and
+        ansible_distribution_major_version < '7') or ansible_distribution == 'Amazon'
 
 - name: Apply ufw defaults
   template: