From 88f4f17786c8de13045dacdd40ad931cbe689bbb Mon Sep 17 00:00:00 2001
From: Sebastian Gumprich <sebastian.gumprich@38.de>
Date: Tue, 23 Jun 2015 17:49:37 +0000
Subject: [PATCH] Added condition to suid/sgid-execution

---
 roles/ansible-os-hardening/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/ansible-os-hardening/tasks/main.yml b/roles/ansible-os-hardening/tasks/main.yml
index 84234fcc..bb226317 100644
--- a/roles/ansible-os-hardening/tasks/main.yml
+++ b/roles/ansible-os-hardening/tasks/main.yml
@@ -10,6 +10,8 @@
 - include: profile.yml tags=profile
 - include: securetty.yml tags=securetty
 - include: suid_sgid.yml tags=suid_sgid
+  when: os_security_suid_sgid_enforce
+
 - include: sysctl.yml tags=sysctl
 - include: user_accounts.yml tags=user_accounts
 - include: rhosts.yml tags=rhosts