Merge pull request #450 from ansible-lockdown/jan_24_updates

Jan 24 updates

tasks/fix-cat2.yml

@@ -2042,7 +2042,7 @@
             removable_mount: "{{ ansible_mounts | json_query('[?mount == `/media`] | [0]') }}"  # noqa: jinja[invalid]
         when:
             - ansible_mounts | selectattr('mount', 'match', '^/media$') | list | length != 0
-            - "'nosuid' not in home_mount.options"
+            - "'nosuid' not in removable_mount.options"
 
       - name: "MEDIUM | RHEL-07-021010 | AUDIT | The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media."
         ansible.posix.mount:
@@ -2055,7 +2055,7 @@
             removable_mount2: "{{ ansible_mounts | json_query('[?mount == `/mnt`] | [0]') }}"  # noqa: jinja[invalid]
         when:
             - ansible_mounts | selectattr('mount', 'match', '^/mnt$') | list | length != 0
-            - "'nosuid' not in home_mount.options"
+            - "'nosuid' not in removable_mount2.options"
   when:
       - rhel_07_021010
       - not (rhel7stig_system_is_chroot and rhel7stig_system_is_container)

tasks/prelim.yml

@@ -159,13 +159,7 @@
         rhel_07_010491 or
         rhel_07_021350
   tags:
-      - cat1
-      - high
-      - RHEL-07-010481
-      - RHEL-07-010482
-      - RHEL-07-010483
-      - RHEL-07-010491
-      - RHEL-07-021350
+      - always
 
 - name: "PRELIM | RHEL-07-010480 | RHEL-07-010490 | RHEL-07-021350 | RHEL-07-021700 | Check whether machine is UEFI-based"
   ansible.builtin.stat: