Skip to content

Commit

Permalink
conditional updated 021000 & 021010 #448 thanks @erosen03
Browse files Browse the repository at this point in the history 
Signed-off-by: Mark Bolwell <[email protected]>
  • Loading branch information
@uk-bolly
uk-bolly committed Jan 26, 2024
1 parent 594ece9 commit e401d83
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions tasks/fix-cat2.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2042,7 +2042,7 @@
removable_mount: "{{ ansible_mounts | json_query('[?mount == `/media`] | [0]') }}" # noqa: jinja[invalid]
when:
- ansible_mounts | selectattr('mount', 'match', '^/media$') | list | length != 0
- "'nosuid' not in home_mount.options"
- "'nosuid' not in removable_mount.options"

- name: "MEDIUM | RHEL-07-021010 | AUDIT | The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media."
ansible.posix.mount:
Expand All @@ -2055,7 +2055,7 @@
removable_mount2: "{{ ansible_mounts | json_query('[?mount == `/mnt`] | [0]') }}" # noqa: jinja[invalid]
when:
- ansible_mounts | selectattr('mount', 'match', '^/mnt$') | list | length != 0
- "'nosuid' not in home_mount.options"
- "'nosuid' not in removable_mount2.options"
when:
- rhel_07_021010
- not (rhel7stig_system_is_chroot and rhel7stig_system_is_container)
Expand Down

0 comments on commit e401d83

Please sign in to comment.