Merge pull request #224 from Normo/master

rndmh3ro · web-flow · commit f7eac8d3af25 · 2019-06-06T16:15:06.000+02:00
Fix deprecation warnings in Ansible 2.8
diff --git a/tasks/apt.yml b/tasks/apt.yml
@@ -3,4 +3,4 @@
   apt:
     name: '{{ os_security_packages_list }}'
     state: 'absent'
-  when: 'os_security_packages_clean'
+  when: os_security_packages_clean | bool
diff --git a/tasks/hardening.yml b/tasks/hardening.yml
@@ -15,7 +15,7 @@
 
 - import_tasks: auditd.yml
   tags: auditd
-  when: os_auditd_enabled
+  when: os_auditd_enabled | bool
 
 - import_tasks: limits.yml
   tags: limits
@@ -39,7 +39,7 @@
   tags: securetty
 
 - import_tasks: suid_sgid.yml
-  when: os_security_suid_sgid_enforce
+  when: os_security_suid_sgid_enforce  | bool
   tags: suid_sgid
 
 - import_tasks: sysctl.yml
diff --git a/tasks/limits.yml b/tasks/limits.yml
@@ -15,7 +15,7 @@
       domain: '*'
       limit_type: hard
       limit_item: core
-      value: 0
+      value: '0'
       comment: Prevent core dumps for all users. These are usually not needed and may contain sensitive information
 
   - name: set 10.hardcore.conf perms to 0400 and root ownership
@@ -25,10 +25,10 @@
       group: 'root'
       mode: '0440'
 
-  when: 'not os_security_kernel_enable_core_dump'
+  when: not os_security_kernel_enable_core_dump | bool
 
 - name: remove 10.hardcore.conf config file
   file:
     path: /etc/security/limits.d/10.hardcore.conf
     state: absent
-  when: 'os_security_kernel_enable_core_dump'
+  when: os_security_kernel_enable_core_dump | bool
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,4 +1,4 @@
 ---
 
 - import_tasks: hardening.yml
-  when: os_hardening_enabled
+  when: os_hardening_enabled | bool
diff --git a/tasks/profile.yml b/tasks/profile.yml
@@ -6,10 +6,10 @@
     owner: 'root'
     group: 'root'
     mode: '0750'
-  when: not os_security_kernel_enable_core_dump
+  when: not os_security_kernel_enable_core_dump | bool
 
 - name: remove pinerolo_profile.sh from profile.d
   file:
     path: /etc/profile.d/pinerolo_profile.sh
     state: absent
-  when: os_security_kernel_enable_core_dump
+  when: os_security_kernel_enable_core_dump | bool
diff --git a/tasks/suid_sgid.yml b/tasks/suid_sgid.yml
@@ -13,13 +13,13 @@
 - name: find binaries with suid/sgid set | os-06
   shell: find / -xdev \( -perm -4000 -o -perm -2000 \) -type f ! -path '/proc/*' -print 2>/dev/null
   register: sbit_binaries
-  when: os_security_suid_sgid_remove_from_unknown
+  when: os_security_suid_sgid_remove_from_unknown | bool
   changed_when: False
 
 - name: gather files from which to remove suids/sgids and remove system white-listed files | os-06
   set_fact:
     suid: '{{ sbit_binaries.stdout_lines | difference(os_security_suid_sgid_system_whitelist) }}'
-  when: os_security_suid_sgid_remove_from_unknown
+  when: os_security_suid_sgid_remove_from_unknown | bool
 
 - name: remove suid/sgid bit from all binaries except in system and user whitelist | os-06
   file:
@@ -29,4 +29,4 @@
     follow: 'yes'
   with_flattened:
     - '{{ suid | default([]) | difference(os_security_suid_sgid_whitelist) }}'
-  when: os_security_suid_sgid_remove_from_unknown
+  when: os_security_suid_sgid_remove_from_unknown | bool
diff --git a/tasks/yum.yml b/tasks/yum.yml
@@ -7,7 +7,7 @@
     - 'CentOS-Debuginfo'
     - 'CentOS-Media'
     - 'CentOS-Vault'
-  when: os_security_packages_clean
+  when: os_security_packages_clean | bool
 
 - name: get yum-repository-files
   shell: 'find /etc/yum.repos.d/ -type f -name *.repo'
@@ -38,4 +38,4 @@
   yum:
     name: '{{ os_security_packages_list }}'
     state: 'absent'
-  when: os_security_packages_clean
+  when: os_security_packages_clean | bool
