Sept issues

.ansible-lint

@@ -6,12 +6,10 @@ skip_list:
     - 'schema'
     - 'no-changed-when'
     - 'var-spacing'
-    - 'fqcn-builtins'
     - 'experimental'
     - 'name[play]'
     - 'name[casing]'
     - 'name[template]'
-    - 'fqcn[action]'
     - 'key-order[task]'
     - '204'
     - '305'

.yamllint

@@ -30,4 +30,4 @@ rules:
     trailing-spaces: enable
     truthy:
         allowed-values: ['true', 'false']
-        check-keys: false
+        check-keys: true

ChangeLog.md

@@ -1,14 +1,34 @@
 # Changelog
 
+## Release 0.9.1
+
+- yamllint update
+- ansible-lint updated
+- linting
+- workflow
+- readme layout
+- discord link
+- precommit added
+
+Issues
+
+- thanks to @kfiresmith
+  - #11
+  - #12
+- thanks to €aelx-rowe
+  - #13
+
 ## Release 0.9.0
 
 ## April 2023 Updates
-  - Ansible-lint Check
-  - Yamllint Updated File
-  - Yamllint Check
-  - Updated Module Names To Full
-  - Updated License
-  - Updated Readme To New Format
+
+- Ansible-lint Check
+- Yamllint Updated File
+- Yamllint Check
+- Updated Module Names To Full
+- Updated License
+- Updated Readme To New Format
 
 ## Initial Release
+
 - Updated to release V1R7

README.md

@@ -14,6 +14,7 @@
 
 ![Ansible Galaxy Quality](https://img.shields.io/ansible/quality/61237?label=Quality&&logo=ansible)
 ![Discord Badge](https://img.shields.io/discord/925818806838919229?logo=discord)
+
 ![Release Branch](https://img.shields.io/badge/Release%20Branch-Main-brightgreen)
 ![Release Tag](https://img.shields.io/github/v/release/ansible-lockdown/UBUNTU20-STIG)
 ![Release Date](https://img.shields.io/github/release-date/ansible-lockdown/UBUNTU20-STIG)

handlers/main.yml

@@ -56,7 +56,7 @@
   ansible.builtin.shell: augenrules --load
 
 - name: restart auditd
-  service:
+  ansible.builtin.service:
       name: auditd
       state: restarted
 

tasks/fix-cat1.yml

@@ -191,7 +191,7 @@
 - name: "HIGH | UBTU-20-010048 | PATCH | The Ubuntu operating system must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements."
   ansible.builtin.lineinfile:
       path: /etc/ssh/sshd_config
-      regexp: '^#?\s*X11Forwarding'
+      regexp: '^#?(\s+|)X11Forwarding'
       line: "X11Forwarding no"
   notify: restart sshd
   when:

tasks/fix-cat3.yml

@@ -373,7 +373,7 @@
             - ubtu20stig_auditd_action_mail_acct != "root"
 
       - name: "LOW | UBTU-20-010217 | PATCH | The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | Warning Message No Email Set."
-        debug:
+        ansible.builtin.debug:
             msg:
                 - "Warning!! You have not set the email address of the SA(s) and/or ISSO"
                 - "Please set variable ubtu20stig_auditd_action_mail_acct in defaults/main to correct email addres."

templates/audit/99_stig_auditd.rules.j2

@@ -109,8 +109,8 @@
 -a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>={{ ubtu20stig_int_gid }} -F auid!=4294967295 -k privileged-pam_timestamp_check
 {% endif %}
 {% if ubtu_20_010179 %}
--a always,exit -F arch=b32 -S finit_module -F auid>={{ ubtu20stig_int_gid }} -F auid!=4294967295 -k module_chng
--a always,exit -F arch=b64 -S finit_module -F auid>={{ ubtu20stig_int_gid }} -F auid!=4294967295 -k module_chng
+-a always,exit -F arch=b32 -S init_module,finit_module -F auid>={{ ubtu20stig_int_gid }} -F auid!=4294967295 -k module_chng
+-a always,exit -F arch=b64 -S init_module,finit_module -F auid>={{ ubtu20stig_int_gid }} -F auid!=4294967295 -k module_chng
 {% endif %}
 {% if ubtu_20_010181 %}
 -a always,exit -F arch=b32 -S delete_module -F auid>={{ ubtu20stig_int_gid }} -F auid!=4294967295 -k module_chng
@@ -145,5 +145,5 @@
 -w /bin/kmod -p x -k modules
 {% endif %}
 {% if ubtu_20_010298 %}
--w /bin/fdisk -p x -k fdisk
+-w /sbin/fdisk -p x -k fdisk
 {% endif %}