Update linux/compliance.yaml

2025-04-10 02:29:39 -05:00 · 2025-04-10 02:29:39 -05:00 · 6511cddca7
commit 6511cddca7
parent dcf2589c11
1 changed files with 11 additions and 5 deletions
--- a/linux/compliance.yaml
+++ b/linux/compliance.yaml
@ -7,6 +7,12 @@

  tasks:

+    # Gather system groups
+    - name: Gather all system groups
+      ansible.builtin.getent:
+        database: group
+        split: ':'
+
    # Check for package managers
    - name: Check for APT installation
      stat:
@ -49,7 +55,7 @@
        name: ansible
        groups: wheel
        append: yes
-      when: "'wheel' in groups"
+      when: wheel in ansible_facts.getent_group

    # Ansible user SSH pub key
    # This is a really stupid way to do it, but alas.
@ -106,21 +112,21 @@
        name: nhadmin
        groups: wheel
        append: yes
-      when: "'wheel' in groups"
+      when: wheel in ansible_facts.getent_group

    - name: Add nhadmin to sudo group.
      user:
        name: nhadmin
        groups: sudo
        append: yes
-      when: "'sudo' in groups"
+      when: wheel in ansible_facts.getent_group

    - name: Add nhadmin to systemd-journal group.
      user:
        name: nhadmin
        groups: systemd-journal
        append: yes
-      when: "'systemd-journal' in groups"
+      when: wheel in ansible_facts.getent_group

      
    # Sysadmin user SSH pub key
@ -155,7 +161,7 @@
          line: "PubkeyAuthentication yes"
    - name: Restart SSH service.
      service:
-        name: ssh
+        name: sshd
        state: restarted

    # Delete our network ansible key from the root user.