Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

replace sed with replace-module

Browse source
This commit is contained in:
Sebastian Gumprich 2015-05-31 20:57:28 +00:00 committed by Christoph Hartmann
parent c9252b167f
commit e6f2253c49
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
roles/ansible-os-hardening/tasks/yum.yml
View file

@ -7,14 +7,23 @@
- 'CentOS-Vault'
when: os_security_packages_clean
- name: get yum-repository-files
shell: 'find /etc/yum.repos.d/ -type f -name *.repo'
register: yum_repos
- name: check if rhnplugin.conf exists
stat: path='/etc/yum/pluginconf.d/rhnplugin.conf'
register: rhnplugin_file
- name: activate gpg-check for yum-repos
shell: "sed -i 's/gpgcheck=0/gpgcheck=1/g' {{item}}"
replace: dest='{{item}}' regexp='^\s*gpgcheck=0' replace='gpgcheck=1'
with_items:
- '{{ yum_repos.stdout_lines }}'
- '/etc/yum.conf'
- '/etc/yum.repos.d/*.repo'
- name: activate gpg-check for yum rhn if it exists
shell: sed -i 's/gpgcheck=0/gpgcheck=1/g' /etc/yum/pluginconf.d/rhnplugin.conf removes='/etc/yum/pluginconf.d/rhnplugin.conf'
replace: dest='/etc/yum/pluginconf.d/rhnplugin.conf' regexp='^\s*gpgcheck=0' replace='gpgcheck=1'
when: rhnplugin_file.stat.exists
- name: remove packages
yum: name='{{item}}' state=removed