Update skip-logic

plus3it · Jul 2, 2024 · 3788cf4 · 3788cf4
1 parent 3e00d16
commit 3788cf4
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/ash-linux/el9/RuleById/medium/content_rule_sudo_remove_nopasswd.sls b/ash-linux/el9/RuleById/medium/content_rule_sudo_remove_nopasswd.sls
@@ -91,14 +91,19 @@ notify_{{ stig_id }}-skipSet:
         Handler for {{ stig_id }} has been selected for skip.
 {%- else %}
   {%- for sudoer in sudoerFiles %}
-    {%- if sudoer != "/etc/sudoers.d/90-cloud-init-users" and salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
+    {%- if sudoer != "/etc/sudoers.d/90-cloud-init-users" and
+           sudoer != "/etc/sudoers.d/ssm-agent-users" %}
 Nuke NOPASSWD from sudoers ({{ stig_id }}) - {{ sudoer }}:
   file.replace:
     - name: '{{ sudoer }}'
     - pattern: '^([a-zA-Z0-9_-][a-zA-Z0-9._-]*)(\s\s*.*)(NOPASSWD:[A-Za-z/_-]*)'
     - repl: '# Set per STIG-ID {{ stig_id }}\n\1\2'
-    {%- elif sudoer == "/etc/sudoers.d/90-cloud-init-users" and salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
-Why Skip ({{ stig_id }}) - is {{ biosVendor }}:
+    {%- elif (
+               sudoer == "/etc/sudoers.d/90-cloud-init-users" or
+               sudoer == "/etc/sudoers.d/ssm-agent-users"
+             )
+             and salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
+Why Skip ({{ stig_id }}) - {{ sudoer }}:
   test.show_notification:
     - text: |
         --------------------------------------------------