Blame SOURCES/scap-security-guide-0.1.37-fix-rhel7-ansible-role.patch

e33168
diff --git a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
e33168
index b2d79ef04..abd8a8002 100644
e33168
--- a/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
e33168
+++ b/shared/fixes/ansible/dconf_gnome_banner_enabled.yml
e33168
@@ -18,5 +18,6 @@
e33168
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
e33168
     regexp: '^/org/gnome/login-screen/banner-message-enable'
e33168
     line: '/org/gnome/login-screen/banner-message-enable'
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
e33168
index 3f85b384c..20d2013c5 100644
e33168
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
e33168
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_activation_enabled.yml
e33168
@@ -18,5 +18,6 @@
e33168
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
e33168
     regexp: '^/org/gnome/desktop/screensaver/idle-activation-enabled'
e33168
     line: '/org/gnome/desktop/screensaver/idle-activation-enabled'
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
e33168
index 79e48cf63..a69c86225 100644
e33168
--- a/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
e33168
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_idle_delay.yml
e33168
@@ -20,5 +20,6 @@
e33168
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
e33168
     regexp: '^/org/gnome/desktop/screensaver/idle-delay'
e33168
     line: '/org/gnome/desktop/screensaver/idle-delay'
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
e33168
index cf73fe111..f11b909b6 100644
e33168
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
e33168
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_delay.yml
e33168
@@ -18,5 +18,6 @@
e33168
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
e33168
     regexp: '^/org/gnome/desktop/screensaver/lock-delay'
e33168
     line: '/org/gnome/desktop/screensaver/lock-delay'
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
diff --git a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
e33168
index 4b203036b..be5ffc10e 100644
e33168
--- a/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
e33168
+++ b/shared/fixes/ansible/dconf_gnome_screensaver_lock_enabled.yml
e33168
@@ -18,5 +18,6 @@
e33168
     path: /etc/dconf/db/local.d/locks/00-security-settings-lock
e33168
     regexp: '^/org/gnome/desktop/screensaver/lock-enabled'
e33168
     line: '/org/gnome/desktop/screensaver/lock-enabled'
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
diff --git a/shared/fixes/ansible/rsyslog_remote_loghost.yml b/shared/fixes/ansible/rsyslog_remote_loghost.yml
e33168
index 16a8e1ab5..b15dcca12 100644
e33168
--- a/shared/fixes/ansible/rsyslog_remote_loghost.yml
e33168
+++ b/shared/fixes/ansible/rsyslog_remote_loghost.yml
e33168
@@ -10,6 +10,7 @@
e33168
     dest: /etc/rsyslog.conf
e33168
     regexp: "^\\*\\.\\*"
e33168
     line: "*.* @@{{ rsyslog_remote_loghost_address }}"
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
 
e33168
diff --git a/shared/fixes/ansible/selinux_policytype.yml b/shared/fixes/ansible/selinux_policytype.yml
e33168
index c68da2c46..57583f94e 100644
e33168
--- a/shared/fixes/ansible/selinux_policytype.yml
e33168
+++ b/shared/fixes/ansible/selinux_policytype.yml
e33168
@@ -5,8 +5,11 @@
e33168
 # disruption = low
e33168
 - (xccdf-var var_selinux_policy_name)
e33168
 
e33168
-- name: "Configure SELinux Policy"
e33168
-  selinux:
e33168
-    policy: "{{ var_selinux_policy_name }}"
e33168
+- name: "@RULE_TITLE@"
e33168
+  lineinfile:
e33168
+    path: /etc/sysconfig/selinux
e33168
+    regexp: '^SELINUXTYPE='
e33168
+    line: "SELINUXTYPE={{ var_selinux_policy_name }}"
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@
e33168
diff --git a/shared/fixes/ansible/selinux_state.yml b/shared/fixes/ansible/selinux_state.yml
e33168
index 62889bd4e..3e5b9f1ff 100644
e33168
--- a/shared/fixes/ansible/selinux_state.yml
e33168
+++ b/shared/fixes/ansible/selinux_state.yml
e33168
@@ -6,7 +6,10 @@
e33168
 - (xccdf-var var_selinux_state)
e33168
 
e33168
 - name: "@RULE_TITLE@"
e33168
-  selinux:
e33168
-    state: "{{ var_selinux_state }}"
e33168
+  lineinfile:
e33168
+    path: /etc/sysconfig/selinux
e33168
+    regexp: '^SELINUX='
e33168
+    line: "SELINUX={{ var_selinux_state }}"
e33168
+    create: yes
e33168
   tags:
e33168
     @ANSIBLE_TAGS@