Skip to content

Commit

Permalink
adds superusers and fixes issue #88
Browse files Browse the repository at this point in the history
Signed-off-by: Dan D <[email protected]>
  • Loading branch information
dderemiah committed Sep 25, 2023
1 parent ccfca16 commit b3908b6
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions tasks/section_1/cis_1.4.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,20 @@

- name: "1.4.1 | PATCH | Ensure bootloader password is set"
block:
- name: "1.4.1 | PATCH | Ensure bootloader password is set"
- name: "1.4.1 | PATCH | Ensure bootloader password is set | superusers line"
ansible.builtin.lineinfile:
path: "{{ ubtu20cis_grub_user_file }}"
regexp: '^(password_pbkdf2 {{ ubtu20cis_grub_user }}) grub.pbkdf2.*'
line: '\1 {{ ubtu20cis_bootloader_password_hash }}'
regexp: '^set superusers'
line: 'set superusers="{{ ubtu20cis_grub_user }}"'
state: present
create: true
notify: Grub update

- name: "1.4.1 | PATCH | Ensure bootloader password is set | set password"
ansible.builtin.lineinfile:
path: "{{ ubtu20cis_grub_user_file }}"
regexp: '^password_pbkdf2 {{ ubtu20cis_grub_user }} grub.pbkdf2.*'
line: 'password_pbkdf2 {{ ubtu20cis_grub_user }} {{ ubtu20cis_bootloader_password_hash }}'
insertafter: set superusers="{{ ubtu20cis_grub_user }}"
state: present
create: true
Expand Down

0 comments on commit b3908b6

Please sign in to comment.