some improvements #7
Description
first of all I need to say it is great job, thank you!
do you know if there is a quick way to check what changed between CIS benchmarks for Redhat/Centos 8.2 (supported by your scripts now) and Redhat/Centos 8.4 - to change/add/remove needed stuff?
Btw. to speedup some tasks execution it would be worth to tune some of them, for example in 1.1.18.yml I recommend changing task:
- name: 1.1.18 - Ensure sticky bit is set on all world-writable directories - changed_when false
shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d -perm -0002
register: shell_output
changed_when: false
with
- name: 1.1.18 - Ensure sticky bit is set on all world-writable directories - changed_when false
shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \)
register: shell_output
changed_when: shell_output.stdout_lines | length > 0