scap-security-guide/scap-security-guide-0.1.65-realign_ansible_services_without_warn-PR_9819.patch

82 lines
2.6 KiB
Diff

From ddf34ef7c71b79ca12ccfcd00eada2c08c34d2c9 Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.om>
Date: Mon, 14 Nov 2022 17:16:53 +0100
Subject: [PATCH 1/2] Revert "Align service_disabled template to
service_enabled"
This reverts commit dc37d3c376cd3f2a2178d82a928629b231662cf9.
---
.../service_disabled/ansible.template | 32 ++++++++++++++-----
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template
index 752f6ac5099..5c70756b8af 100644
--- a/shared/templates/service_disabled/ansible.template
+++ b/shared/templates/service_disabled/ansible.template
@@ -3,17 +3,33 @@
# strategy = disable
# complexity = low
# disruption = low
+{{%- if init_system == "systemd" %}}
- name: Disable service {{{ SERVICENAME }}}
block:
- - name: Gather the package facts
- package_facts:
- manager: auto
-
- name: Disable service {{{ SERVICENAME }}}
- service:
- name: "{{{ DAEMONNAME }}}"
+ systemd:
+ name: "{{{ DAEMONNAME }}}.service"
enabled: "no"
state: "stopped"
masked: "yes"
- when:
- - '"{{{ PACKAGENAME }}}" in ansible_facts.packages'
+ ignore_errors: 'yes'
+
+- name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket"
+ command: systemctl list-unit-files {{{ DAEMONNAME }}}.socket
+ args:
+ warn: False
+ register: socket_file_exists
+ changed_when: False
+ ignore_errors: True
+ check_mode: False
+
+- name: Disable socket {{{ SERVICENAME }}}
+ systemd:
+ name: "{{{ DAEMONNAME }}}.socket"
+ enabled: "no"
+ state: "stopped"
+ masked: "yes"
+ when: '"{{{ DAEMONNAME }}}.socket" in socket_file_exists.stdout_lines[1]'
+{{%- else %}}
+JINJA TEMPLATE ERROR: Unknown init system '{{{ init_system }}}'
+{{%- endif %}}
From 8c20a2bc997c0a24eba2a9924d832954b9e91b6a Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.om>
Date: Mon, 14 Nov 2022 17:37:50 +0100
Subject: [PATCH 2/2] Make service_disabled template compatible with Ansible
2.14
---
shared/templates/service_disabled/ansible.template | 2 --
1 file changed, 2 deletions(-)
diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template
index 5c70756b8af..72678e050cf 100644
--- a/shared/templates/service_disabled/ansible.template
+++ b/shared/templates/service_disabled/ansible.template
@@ -16,8 +16,6 @@
- name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket"
command: systemctl list-unit-files {{{ DAEMONNAME }}}.socket
- args:
- warn: False
register: socket_file_exists
changed_when: False
ignore_errors: True