From 8d8fa948c01aa25fbdefff4c10698fdce60614e9 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Thu, 7 Mar 2024 17:33:35 +0000
Subject: [PATCH] Lint updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/main.yml           | 56 ++++++++++++++++++++++++++++------------
 tasks/section_1/main.yml | 30 ++++++++++++++-------
 tasks/section_2/main.yml | 15 +++++++----
 tasks/section_3/main.yml | 27 ++++++++++++-------
 tasks/section_4/main.yml | 15 +++++++----
 tasks/section_5/main.yml | 24 +++++++++++------
 tasks/section_6/main.yml |  6 +++--
 7 files changed, 117 insertions(+), 56 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index bdbf9fa5..159110d4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -47,7 +47,8 @@
       - rule_5.6
 
 - name: Import prereq checks
-  ansible.builtin.import_tasks: check_prereqs.yml
+  ansible.builtin.import_tasks:
+      file: check_prereqs.yml
   tags:
       - always
       - prereqs
@@ -75,15 +76,28 @@
       - always
 
 - name: Import preliminary tasks
-  ansible.builtin.import_tasks: prelim.yml
+  ansible.builtin.import_tasks:
+      file: prelim.yml
   tags:
       - prelim_tasks
       - always
 
-- name: Import pre remediation audit
-  ansible.builtin.import_tasks: pre_remediation_audit.yml
+- name: Include audit specific variables
+  ansible.builtin.include_vars:
+      file: audit.yml
   when:
+      - run_audit or audit_only
+      - setup_audit
+  tags:
+      - setup_audit
       - run_audit
+
+- name: Include pre-remediation audit tasks
+  ansible.builtin.import_tasks:
+      file: pre_remediation_audit.yml
+  when:
+      - run_audit or audit_only
+      - setup_audit
   tags:
       - run_audit
 
@@ -94,48 +108,56 @@
       - always
 
 - name: Include OS specific variables
-  ansible.builtin.include_vars: "{{ ansible_distribution }}.yml"
+  ansible.builtin.include_vars:
+      file: "{{ ansible_distribution }}.yml"
   tags:
       - always
 
 - name: Run parse etc password for user variables
-  ansible.builtin.import_tasks: parse_etc_password.yml
+  ansible.builtin.import_tasks:
+      file: parse_etc_password.yml
   when:
       - rhel7cis_section5 or
         rhel7cis_section6
 
 - name: Import section 1 tasks
-  ansible.builtin.import_tasks: section_1/main.yml
+  ansible.builtin.import_tasks:
+      file: section_1/main.yml
   when: rhel7cis_section1
   tags:
       - rhel7cis_section1
 
 - name: Import section 2 tasks
-  ansible.builtin.import_tasks: section_2/main.yml
+  ansible.builtin.import_tasks:
+      file: section_2/main.yml
   tags:
       - rhel7cis_section2
   when: rhel7cis_section2
 
 - name: Import section 3 tasks
-  ansible.builtin.import_tasks: section_3/main.yml
+  ansible.builtin.import_tasks:
+      file: section_3/main.yml
   when: rhel7cis_section3
   tags:
       - rhel7cis_section3
 
 - name: Import section 4 tasks
-  ansible.builtin.import_tasks: section_4/main.yml
+  ansible.builtin.import_tasks:
+      file: section_4/main.yml
   when: rhel7cis_section4
   tags:
       - rhel7cis_section4
 
 - name: Import section 5 tasks
-  ansible.builtin.import_tasks: section_5/main.yml
+  ansible.builtin.import_tasks:
+      file: section_5/main.yml
   when: rhel7cis_section5
   tags:
       - rhel7cis_section5
 
 - name: Import section 6 tasks
-  ansible.builtin.import_tasks: section_6/main.yml
+  ansible.builtin.import_tasks:
+      file: section_6/main.yml
   when: rhel7cis_section6
   tags:
       - rhel7cis_section6
@@ -144,17 +166,17 @@
   ansible.builtin.meta: flush_handlers
 
 - name: Post Task
-  ansible.builtin.import_tasks: post.yml
+  ansible.builtin.import_tasks:
+      file: post.yml
   tags:
       - post_tasks
       - always
 
-- name: Import post remediation task
-  ansible.builtin.import_tasks: post_remediation_audit.yml
+- name: Run post audit
+  ansible.builtin.import_tasks:
+      file: post_remediation_audit.yml
   when:
       - run_audit
-  tags:
-      - run_audit
 
 - name: Show Audit Summary
   ansible.builtin.debug:
diff --git a/tasks/section_1/main.yml b/tasks/section_1/main.yml
index 32bd6d88..4851f703 100644
--- a/tasks/section_1/main.yml
+++ b/tasks/section_1/main.yml
@@ -1,33 +1,43 @@
 ---
 
 - name: "SECTION | 1.1.1 | FileSystem Configurations"
-  ansible.builtin.import_tasks: cis_1.1.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.1.1.x.yml
 
 - name: "SECTION | 1.1 | Partition Configurations"
-  ansible.builtin.import_tasks: cis_1.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.1.x.yml
 
 - name: "SECTION | 1.2 | Configure Software Updates"
-  ansible.builtin.import_tasks: cis_1.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.2.x.yml
 
 - name: "SECTION | 1.3 | Filesystem Integrity"
-  ansible.builtin.import_tasks: cis_1.3.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.3.x.yml
   when: rhel7cis_config_aide
 
 - name: "SECTION | 1.4 | Secure Boot Settings"
-  ansible.builtin.import_tasks: cis_1.4.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.4.x.yml
 
 - name: "SECTION | 1.5 | Additional Process Hardening"
-  ansible.builtin.import_tasks: cis_1.5.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.5.x.yml
 
 - name: "SECTION | 1.6 | Mandatory Access Control"
-  ansible.builtin.import_tasks: cis_1.6.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.6.x.yml
   when: not rhel7cis_selinux_disable
 
 - name: "SECTION | 1.7 | Warning Banners"
-  ansible.builtin.import_tasks: cis_1.7.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.7.x.yml
 
 - name: "SECTION | 1.8 | GDM Login"
-  ansible.builtin.import_tasks: cis_1.8.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.8.x.yml
 
 - name: "SECTION | 1.9 | Updated and Patches"
-  ansible.builtin.import_tasks: cis_1.9.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_1.9.x.yml
diff --git a/tasks/section_2/main.yml b/tasks/section_2/main.yml
index 7c208c68..196c5502 100644
--- a/tasks/section_2/main.yml
+++ b/tasks/section_2/main.yml
@@ -1,16 +1,21 @@
 ---
 
 - name: "SECTION | 2.1 | inetd Services"
-  ansible.builtin.import_tasks: cis_2.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_2.1.x.yml
 
 - name: "SECTION | 2.2.1 | Time Synchronization"
-  ansible.builtin.import_tasks: cis_2.2.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_2.2.1.x.yml
 
 - name: "SECTION | 2.2 | Special Purpose Services"
-  ansible.builtin.import_tasks: cis_2.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_2.2.x.yml
 
 - name: "SECTION | 2.3 | Service Clients"
-  ansible.builtin.import_tasks: cis_2.3.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_2.3.x.yml
 
 - name: "SECTION | 2.4 | Nonessential Services"
-  ansible.builtin.import_tasks: cis_2.4.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_2.4.x.yml
diff --git a/tasks/section_3/main.yml b/tasks/section_3/main.yml
index 8fff24c3..9f073ae1 100644
--- a/tasks/section_3/main.yml
+++ b/tasks/section_3/main.yml
@@ -1,26 +1,32 @@
 ---
 
 - name: "SECTION | 3.1 | Disable unused network protocols and devices"
-  ansible.builtin.import_tasks: cis_3.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.1.x.yml
 
 - name: "SECTION | 3.2 | Network Parameters (Host Only)"
-  ansible.builtin.import_tasks: cis_3.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.2.x.yml
 
 - name: "SECTION | 3.3 | Network Parameters (Host and Router)"
-  ansible.builtin.import_tasks: cis_3.3.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.3.x.yml
 
 - name: "SECTION | 3.4 | Uncommon Network Protocols"
-  ansible.builtin.import_tasks: cis_3.4.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.4.x.yml
 
 - name: "SECTION | 3.5.1 | Configure firewalld"
-  ansible.builtin.import_tasks: cis_3.5.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.5.1.x.yml
   when:
       - rhel7cis_firewall == "firewalld"
   tags:
       - firewalld
 
 - name: "SECTION | 3.5.2 | Configure nftables"
-  ansible.builtin.import_tasks: cis_3.5.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.5.2.x.yml
   when:
       - rhel7cis_firewall == "nftables"
   tags:
@@ -29,16 +35,19 @@
 - name: "SECTION | 3.5.3.x.x | Configure iptables"
   block:
       - name: "SECTION | 3.5.3.1.x | Configure iptables"
-        ansible.builtin.import_tasks: cis_3.5.3.1.x.yml
+        ansible.builtin.import_tasks:
+            file: cis_3.5.3.1.x.yml
       - name: "SECTION | 3.5.3.2.x | Configure iptables"
-        ansible.builtin.import_tasks: cis_3.5.3.2.x.yml
+        ansible.builtin.import_tasks:
+            file: cis_3.5.3.2.x.yml
   when:
       - rhel7cis_firewall == "iptables"
   tags:
       - iptables
 
 - name: "SECTION | 3.5.3.3.x | Configure ip6tables"
-  ansible.builtin.import_tasks: cis_3.5.3.3.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_3.5.3.3.x.yml
   when:
       - not rhel7cis_ipv6_required
       - rhel7cis_firewall == "iptables"
diff --git a/tasks/section_4/main.yml b/tasks/section_4/main.yml
index d0da9e9c..354361be 100644
--- a/tasks/section_4/main.yml
+++ b/tasks/section_4/main.yml
@@ -1,16 +1,21 @@
 ---
 
 - name: "SECTION | 4.1| Configure System Accounting (auditd)"
-  ansible.builtin.import_tasks: cis_4.1.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_4.1.1.x.yml
 
 - name: "SECTION | 4.1.2.x| Configure Data Retention"
-  ansible.builtin.import_tasks: cis_4.1.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_4.1.2.x.yml
 
 - name: "SECTION | 4.2.x| Configure Logging"
-  ansible.builtin.import_tasks: cis_4.2.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_4.2.1.x.yml
 
 - name: "SECTION | 4.2.2.x| Configure journald"
-  ansible.builtin.import_tasks: cis_4.2.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_4.2.2.x.yml
 
 - name: "SECTION | 4.2.x | logfile configuration"
-  ansible.builtin.import_tasks: cis_4.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_4.2.x.yml
diff --git a/tasks/section_5/main.yml b/tasks/section_5/main.yml
index dd373019..190bf4e9 100644
--- a/tasks/section_5/main.yml
+++ b/tasks/section_5/main.yml
@@ -1,25 +1,33 @@
 ---
 
 - name: "SECTION | 5.1 | Configure time-based job schedulers"
-  ansible.builtin.import_tasks: cis_5.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.1.x.yml
 
 - name: "SECTION | 5.2 | Configure Sudo"
-  ansible.builtin.import_tasks: cis_5.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.2.x.yml
 
 - name: "SECTION | 5.3 | Configure SSH Server"
-  ansible.builtin.import_tasks: cis_5.3.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.3.x.yml
 
 - name: "SECTION | 5.4 | Configure PAM"
-  ansible.builtin.import_tasks: cis_5.4.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.4.x.yml
 
 - name: "SECTION | 5.5.1 | Set Shadow Password Suite Parameters"
-  ansible.builtin.import_tasks: cis_5.5.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.5.1.x.yml
 
 - name: "SECTION | 5.5 | User Accounts and Environment"
-  ansible.builtin.import_tasks: cis_5.5.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.5.x.yml
 
 - name: "SECTION | 5.6 | User Accounts and Environment"
-  ansible.builtin.import_tasks: cis_5.6.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.6.yml
 
 - name: "SECTION | 5.7 | User Accounts and Environment"
-  ansible.builtin.import_tasks: cis_5.7.yml
+  ansible.builtin.import_tasks:
+      file: cis_5.7.yml
diff --git a/tasks/section_6/main.yml b/tasks/section_6/main.yml
index 35328e5f..b194fdc8 100644
--- a/tasks/section_6/main.yml
+++ b/tasks/section_6/main.yml
@@ -1,7 +1,9 @@
 ---
 
 - name: "SECTION | 6.1 | System File Permissions"
-  ansible.builtin.import_tasks: cis_6.1.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_6.1.x.yml
 
 - name: "SECTION | 6.2 | User and Group Settings"
-  ansible.builtin.import_tasks: cis_6.2.x.yml
+  ansible.builtin.import_tasks:
+      file: cis_6.2.x.yml