Merge pull request #17 from QLPD/mounts-partitions

Maciej Drozdzowski · web-flow · commit 29fd2d71509f · 2020-08-21T16:17:09.000+10:00
Improvements around partitions &amp; mount
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -36,18 +36,22 @@ cis_sshd_config_filename: "/etc/ssh/sshd_config"
 # Check specific values which can be overridden
 ###############################################
 # Section 1
-cis_partition_dev_val_log: "/dev/xvda2"
-cis_partition_mnt_val_log: "/var/log"
-cis_partition_fs_val_log: "ext4"
+cis_partition_dev_var_log: "/dev/xvda2"
+cis_partition_mnt_var_log: "/var/log"
+cis_partition_fs_var_log: "ext4"
 
-cis_partition_dev_val_log_audit: "/dev/xvda3"
-cis_partition_mnt_val_log_audit: "/var/log/audit"
-cis_partition_fs_val_log_audit: "ext4"
+cis_partition_dev_var_log_audit: "/dev/xvda3"
+cis_partition_mnt_var_log_audit: "/var/log/audit"
+cis_partition_fs_var_log_audit: "ext4"
 
 cis_partition_dev_home: "/dev/xvda4"
 cis_partition_mnt_home: "/home"
 cis_partition_fs_home: "ext4"
 
+cis_partition_dev_var: "/dev/xvda5"
+cis_partition_mnt_var: "/var"
+cis_partition_fs_var: "ext4"
+
 cis_aide_database_filename: "/var/lib/aide/aide.db.gz"
 cis_aide_src_database_filename: "/var/lib/aide/aide.db.new.gz"
 
diff --git a/tasks/level-1/1.1.11.yml b/tasks/level-1/1.1.11.yml
@@ -10,7 +10,7 @@
     fstype: "{{item.fstype}}"
     src: "{{item.device}}"
   with_items:
-    - { mountpoint: "{{cis_partition_mnt_val_log}}", device: "{{cis_partition_dev_val_log}}", fstype: "{{cis_partition_fs_val_log}}" }
+    - { mountpoint: "{{cis_partition_mnt_var_log}}", device: "{{cis_partition_dev_var_log}}", fstype: "{{cis_partition_fs_var_log}}" }
   tags:
       - level-1
       - section-1
diff --git a/tasks/level-1/1.1.12.yml b/tasks/level-1/1.1.12.yml
@@ -10,7 +10,7 @@
     fstype: "{{item.fstype}}"
     src: "{{item.device}}"
   with_items:
-    - { mountpoint: "{{cis_partition_mnt_val_log_audit}}", device: "{{cis_partition_dev_val_log_audit}}", fstype: "{{cis_partition_fs_val_log_audit}}" }
+    - { mountpoint: "{{cis_partition_mnt_var_log_audit}}", device: "{{cis_partition_dev_var_log_audit}}", fstype: "{{cis_partition_fs_var_log_audit}}" }
   tags:
       - level-1
       - section-1
diff --git a/tasks/level-1/1.1.13.yml b/tasks/level-1/1.1.13.yml
@@ -1,9 +1,9 @@
 # Standards: 0.11
 ---
 
-# 1.1.12 Ensure separate partition exists for /home (Scored)
+# 1.1.13 Ensure separate partition exists for /home (Scored)
 
-- name: 1.1.12 Ensure separate partition exists for /home (Scored)
+- name: 1.1.13 Ensure separate partition exists for /home (Scored)
   mount:
     name: "{{ item.mountpoint }}"
     state: present
diff --git a/tasks/level-1/1.1.6.yml b/tasks/level-1/1.1.6.yml
@@ -9,9 +9,8 @@
     state: present
     fstype: "{{item.fstype}}"
     src: "{{item.device}}"
-    opts: "{{item.opts}}"
   with_items:
-    - "{{ fs_mounts | selectattr('mountpoint', 'equalto', '/var') | list }}"
+    - { mountpoint: "{{cis_partition_mnt_var}}", device: "{{cis_partition_dev_var}}", fstype: "{{cis_partition_fs_var}}" }
   tags:
       - level-1
       - section-1
