From e00e54b4ccc70900a9c88303704bb4302ccef697 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Thu, 18 Jul 2024 10:55:54 +0100
Subject: [PATCH] added update repo url for centos option

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 defaults/main.yml                             |  5 +++
 tasks/main.yml                                | 16 +++++++--
 templates/etc/yum.repos.d/CentOS-Base.repo.j2 | 34 +++++++++++++++++++
 3 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100644 templates/etc/yum.repos.d/CentOS-Base.repo.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index da941427..f4841b9f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -18,6 +18,11 @@ benchmark_version: 'v3r13'
 # Whether to skip the reboot
 rhel7stig_skip_reboot: true
 
+# With CentOS being EoL many mirrors no longer exist and fail for updates
+# setting to true will replace the default /etc/yum.repos.d/CentOS-Base.repo
+# It will add the new vaulted location where it is possible to get updates and package
+rhel7stig_add_updated_repo: false
+
 ###
 ### Settings for associated Audit role using Goss
 ###
diff --git a/tasks/main.yml b/tasks/main.yml
index 2f15a2c7..e2ca6494 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -72,7 +72,19 @@
   tags:
       - always
 
-- name: include prelim tasks
+- name: Update CentOS repo for packages - Use vaulted/archive URL - backup original
+  ansible.builtin.template:
+      src: etc/yum.repos.d/CentOS-Base.repo.j2
+      dest: /etc/yum.repos.d/CentOS-Base.repo
+      owner: root
+      group: root
+      mode: '0644'
+      backup: true
+  when:
+      - rhel7stig_add_updated_repo
+      - ansible_distribution == "CentOS"
+
+- name: Include prelim tasks
   ansible.builtin.import_tasks:
       file: prelim.yml
   tags:
@@ -103,7 +115,7 @@
       - cat3
       - low
 
-- name: update auditd
+- name: Update auditd
   ansible.builtin.template:
       src: audit/99_auditd.rules.j2
       dest: /etc/audit/rules.d/99_auditd.rules
diff --git a/templates/etc/yum.repos.d/CentOS-Base.repo.j2 b/templates/etc/yum.repos.d/CentOS-Base.repo.j2
new file mode 100644
index 00000000..f2a66f9b
--- /dev/null
+++ b/templates/etc/yum.repos.d/CentOS-Base.repo.j2
@@ -0,0 +1,34 @@
+# Note the BaseUrl Changes
+## This is due to CentOS being End Of Life
+# This will now use the legacy archived path
+# Original paths
+# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+# #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
+
+[base]
+name=CentOS-$releasever - Base
+baseurl=https://vault.centos.org/7.9.2009/os/$basearch
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+baseurl=https://vault.centos.org/7.9.2009/updates/$basearch
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+baseurl=https://vault.centos.org/7.9.2009/extras/$basearch
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+baseurl=https://vault.centos.org/7.9.2009/centosplus/$basearch
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7