Add insensitive option to ansible_lineinfile macro

linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml

@@ -9,4 +9,4 @@
   package_facts:
     manager: auto
 
-{{{ ansible_lineinfile(msg='Make changes to Postfix configuration file', path='/etc/postfix/main.cf', regex='^inet_interfaces\s*=\s.*', new_line='inet_interfaces = {{ var_postfix_inet_interfaces }}', create='no', state='present', insert_after='^inet_interfaces\s*=\s.*', when='"postfix" in ansible_facts.packages') }}}
+{{{ ansible_lineinfile(msg='Make changes to Postfix configuration file', path='/etc/postfix/main.cf', regex='^inet_interfaces\s*=\s.*', insensitive='false', new_line='inet_interfaces = {{ var_postfix_inet_interfaces }}', create='no', state='present', insert_after='^inet_interfaces\s*=\s.*', when='"postfix" in ansible_facts.packages') }}}

linux_os/guide/services/ntp/ntpd_configure_restrictions/ansible/shared.yml

@@ -4,5 +4,5 @@
 # strategy = configure
 # disruption = low
 
-{{{ ansible_lineinfile(msg='Configure ipv4 restrictions for ntpd', path='/etc/ntp.conf', regex='', new_line='restrict -4 default kod nomodify notrap nopeer noquery', create='yes', state='present') }}}
-{{{ ansible_lineinfile(msg='Configure ipv6 restrictions for ntpd', path='/etc/ntp.conf', regex='', new_line='restrict -6 default kod nomodify notrap nopeer noquery', create='yes', state='present') }}}
+{{{ ansible_lineinfile(msg='Configure ipv4 restrictions for ntpd', path='/etc/ntp.conf', regex='', insensitive=false, new_line='restrict -4 default kod nomodify notrap nopeer noquery', create='yes', state='present') }}}
+{{{ ansible_lineinfile(msg='Configure ipv6 restrictions for ntpd', path='/etc/ntp.conf', regex='', insensitive=false, new_line='restrict -6 default kod nomodify notrap nopeer noquery', create='yes', state='present') }}}

linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/ansible/shared.yml

@@ -5,7 +5,7 @@
 # disruption = low
 {{{ ansible_instantiate_variables("var_ssh_client_rekey_limit_size", "var_ssh_client_rekey_limit_time") }}}
 
-{{{ ansible_lineinfile(msg='Ensure RekeyLimit is not configured in /etc/ssh/ssh_config', path='/etc/ssh/ssh_config', regex='^\s*RekeyLimit.*$', create='no', state='absent') }}}
+{{{ ansible_lineinfile(msg='Ensure RekeyLimit is not configured in /etc/ssh/ssh_config', path='/etc/ssh/ssh_config', regex='^\s*RekeyLimit.*$', insensitive=false, create='no', state='absent') }}}
 
 - name: Collect all include config files for ssh client which configure RekeyLimit
   find:
@@ -21,4 +21,4 @@
     state: "absent"
   loop: "{{ ssh_config_include_files.files }}"
 
-{{{ ansible_lineinfile(msg='Ensure that rekey limit is set to {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }} in /etc/ssh/ssh_config.d/02-rekey-limit.conf', path='/etc/ssh/ssh_config.d/02-rekey-limit.conf', regex='^\s*RekeyLimit.*$', new_line='RekeyLimit {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }}', create='yes', state='present') }}}
+{{{ ansible_lineinfile(msg='Ensure that rekey limit is set to {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }} in /etc/ssh/ssh_config.d/02-rekey-limit.conf', path='/etc/ssh/ssh_config.d/02-rekey-limit.conf', regex='^\s*RekeyLimit.*$', insensitive=false, new_line='RekeyLimit {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }}', create='yes', state='present') }}}

linux_os/guide/services/usbguard/usbguard_allow_hid/ansible/shared.yml

@@ -4,4 +4,4 @@
 # strategy = configure
 # disruption = low
 
-{{{ ansible_lineinfile(msg='Allow HID devices', path='/etc/usbguard/rules.conf', regex='', new_line='allow with-interface match-all { 03:*:* }', create='yes', state='present') }}}
+{{{ ansible_lineinfile(msg='Allow HID devices', path='/etc/usbguard/rules.conf', regex='', insensitive=false, new_line='allow with-interface match-all { 03:*:* }', create='yes', state='present') }}}

linux_os/guide/services/usbguard/usbguard_allow_hub/ansible/shared.yml

@@ -4,4 +4,4 @@
 # strategy = configure
 # disruption = low
 
-{{{ ansible_lineinfile(msg='Allow hubs', path='/etc/usbguard/rules.conf', regex='', new_line='allow with-interface match-all { 09:00:* }', create='yes', state='present') }}}
+{{{ ansible_lineinfile(msg='Allow hubs', path='/etc/usbguard/rules.conf', regex='', insensitive=false, new_line='allow with-interface match-all { 09:00:* }', create='yes', state='present') }}}

linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml

@@ -8,5 +8,6 @@
   msg="Make changes to /etc/pam.d/login",
   path="/etc/pam.d/login",
   regex="^\s*session\s+required\s+pam_namespace.so\s*$",
+  insensitive=false,
   new_line="session    required     pam_namespace.so"
 ) }}}

linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/ansible/shared.yml

@@ -3,4 +3,4 @@
 # strategy = configure
 # complexity = low
 # disruption = low
-{{{ ansible_only_lineinfile(None, "/etc/tmux.conf", "\s*bind\s+\w\s+lock-session.*$", "bind X lock-session", create="true", mode="0644") }}}
+{{{ ansible_only_lineinfile(None, "/etc/tmux.conf", "\s*bind\s+\w\s+lock-session.*$", "bind X lock-session", insensitive="false", create="true", mode="0644") }}}

linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml

@@ -17,5 +17,6 @@
   msg="Make changes to /etc/security/namespace.conf",
   path="/etc/security/namespace.conf",
   regex="^\s*/tmp\s+/tmp/tmp-inst/\s+level\s+root,adm$",
+  insensitive=false,
   new_line="/tmp     /tmp/tmp-inst/        level      root,adm"
 ) }}}

linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml

@@ -17,5 +17,6 @@
   msg="Make changes to /etc/security/namespace.conf",
   path="/etc/security/namespace.conf",
   regex="^\s*/var/tmp\s+/var/tmp/tmp-inst/\s+level\s+root,adm$",
+  insensitive=false,
   new_line="/var/tmp /var/tmp/tmp-inst/    level      root,adm"
 ) }}}

linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml

@@ -27,5 +27,5 @@
     replace: typeset -xr TMOUT={{ var_accounts_tmout }}
   register: profile_replaced
 
-{{{ ansible_lineinfile("", "/etc/profile.d/tmout.sh", regex='TMOUT=', new_line='typeset -xr TMOUT={{ var_accounts_tmout }}',
+{{{ ansible_lineinfile("", "/etc/profile.d/tmout.sh", regex='TMOUT=', insensitive=false, new_line='typeset -xr TMOUT={{ var_accounts_tmout }}',
     create='yes', state='present', when="profile_replaced is defined and not profile_replaced.changed" + " and bashrc_replaced is defined and not bashrc_replaced.changed" if product in ["ol7"]) }}}

linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/ansible/shared.yml

@@ -4,7 +4,7 @@
 # strategy = configure
 # disruption = low
 
-{{{ ansible_lineinfile(msg='Configure permission for /var/log/messages', path='/etc/permissions.local', regex='^\/var\/log\/messages\s+root.*', new_line='/var/log/messages root:root 640', create='yes', state='present', register='update_permissions_local_result') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /var/log/messages', path='/etc/permissions.local', regex='^\/var\/log\/messages\s+root.*', insensitive=false, new_line='/var/log/messages root:root 640', create='yes', state='present', register='update_permissions_local_result') }}}
 
 - name: "Correct file permissions after update /etc/permissions.local"
   shell: >

linux_os/guide/system/permissions/permissions_local/permissions_local_audit_binaries/ansible/shared.yml

@@ -4,55 +4,55 @@
 # strategy = configure
 # disruption = low
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/audispd', path='/etc/permissions.local', regex='^\/usr\/sbin\/audispd\s+root.*', new_line='/usr/sbin/audispd root:root 0750', create='yes', state='present', register='update_permissions_local_result_audispd') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/audispd', path='/etc/permissions.local', regex='^\/usr\/sbin\/audispd\s+root.*', insensitive=false, new_line='/usr/sbin/audispd root:root 0750', create='yes', state='present', register='update_permissions_local_result_audispd') }}}
 
 - name: "Correct file permissions after update /usr/sbin/audispd"
   shell: >
     set -o pipefail
     chkstat --set --system
   when: update_permissions_local_result_audispd.changed
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/auditctl', path='/etc/permissions.local', regex='^\/usr\/sbin\/auditctl\s+root.*', new_line='/usr/sbin/auditctl root:root 0750', create='yes', state='present', register='update_permissions_local_result_auditctl') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/auditctl', path='/etc/permissions.local', regex='^\/usr\/sbin\/auditctl\s+root.*', insensitive=false, new_line='/usr/sbin/auditctl root:root 0750', create='yes', state='present', register='update_permissions_local_result_auditctl') }}}
 
 - name: "Correct file permissions after update /usr/sbin/auditctl"
   shell: >
     set -o pipefail
     chkstat --set --system
   when: update_permissions_local_result_auditctl.changed
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/auditd', path='/etc/permissions.local', regex='^\/usr\/sbin\/auditd\s+root.*', new_line='/usr/sbin/auditd root:root 0750', create='yes', state='present', register='update_permissions_local_result_auditd') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/auditd', path='/etc/permissions.local', regex='^\/usr\/sbin\/auditd\s+root.*', insensitive=false, new_line='/usr/sbin/auditd root:root 0750', create='yes', state='present', register='update_permissions_local_result_auditd') }}}
 
 - name: "Correct file permissions after update /usr/sbin/auditd"
   shell: >
     set -o pipefail
     chkstat --set --system
   when: update_permissions_local_result_auditd.changed
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/ausearch', path='/etc/permissions.local', regex='^\/usr\/sbin\/ausearch\s+root.*', new_line='/usr/sbin/ausearch root:root 0755', create='yes', state='present', register='update_permissions_local_result_ausearch') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/ausearch', path='/etc/permissions.local', regex='^\/usr\/sbin\/ausearch\s+root.*', insensitive=false, new_line='/usr/sbin/ausearch root:root 0755', create='yes', state='present', register='update_permissions_local_result_ausearch') }}}
 
 - name: "Correct file permissions after update /usr/sbin/ausearch"
   shell: >
     set -o pipefail
     chkstat --set --system
   when: update_permissions_local_result_ausearch.changed
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/aureport', path='/etc/permissions.local', regex='^\/usr\/sbin\/aureport\s+root.*', new_line='/usr/sbin/aureport root:root 0755', create='yes', state='present', register='update_permissions_local_result_aureport') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/aureport', path='/etc/permissions.local', regex='^\/usr\/sbin\/aureport\s+root.*', insensitive=false, new_line='/usr/sbin/aureport root:root 0755', create='yes', state='present', register='update_permissions_local_result_aureport') }}}
 
 - name: "Correct file permissions after update /usr/sbin/aureport"
   shell: >
     set -o pipefail
     chkstat --set --system
   when: update_permissions_local_result_aureport.changed
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/autrace', path='/etc/permissions.local', regex='^\/usr\/sbin\/autrace\s+root.*', new_line='/usr/sbin/autrace root:root 0750', create='yes', state='present', register='update_permissions_local_result_autrace') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/autrace', path='/etc/permissions.local', regex='^\/usr\/sbin\/autrace\s+root.*', insensitive=false, new_line='/usr/sbin/autrace root:root 0750', create='yes', state='present', register='update_permissions_local_result_autrace') }}}
 
 - name: "Correct file permissions after update /usr/sbin/autrace"
   shell: >
     set -o pipefail
     chkstat --set --system
   when: update_permissions_local_result_autrace.changed
 
-{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/augenrules', path='/etc/permissions.local', regex='^\/usr\/sbin\/augenrules\s+root.*', new_line='/usr/sbin/augenrules root:root 0750', create='yes', state='present', register='update_permissions_local_result_augenrules') }}}
+{{{ ansible_lineinfile(msg='Configure permission for /usr/sbin/augenrules', path='/etc/permissions.local', regex='^\/usr\/sbin\/augenrules\s+root.*', insensitive=false, new_line='/usr/sbin/augenrules root:root 0750', create='yes', state='present', register='update_permissions_local_result_augenrules') }}}
 
 - name: "Correct file permissions after update /usr/sbin/augenrules"
   shell: >

linux_os/guide/system/software/sudo/sudoers_default_includedir/ansible/shared.yml

@@ -4,9 +4,9 @@
 # complexity = low
 # disruption = low
 
-{{{ ansible_only_lineinfile(msg='Ensure sudo only has the default includedir', line_regex='^#includedir.*$', path='/etc/sudoers', new_line='#includedir /etc/sudoers.d') }}}
-{{{ ansible_lineinfile(msg='Ensure sudoers doesn\'t include other non-default file', regex='^[#@]include[\s]+.*$', path='/etc/sudoers', state='absent') }}}
-{{{ ansible_lineinfile(msg='Ensure sudoers doesn\'t have non-default includedir', regex='^@includedir[\s]+.*$', path='/etc/sudoers', state='absent') }}}
+{{{ ansible_only_lineinfile(msg='Ensure sudo only has the default includedir', line_regex='^#includedir.*$', insensitive=false, path='/etc/sudoers', new_line='#includedir /etc/sudoers.d') }}}
+{{{ ansible_lineinfile(msg='Ensure sudoers doesn\'t include other non-default file', regex='^[#@]include[\s]+.*$', insensitive=false, path='/etc/sudoers', state='absent') }}}
+{{{ ansible_lineinfile(msg='Ensure sudoers doesn\'t have non-default includedir', regex='^@includedir[\s]+.*$', insensitive=false, path='/etc/sudoers', state='absent') }}}
 - name: "Find out if /etc/sudoers.d/* files contain file or directory includes"
   find:
     path: "/etc/sudoers.d"

linux_os/guide/system/software/sudo/sudoers_validate_passwd/ansible/shared.yml

@@ -38,6 +38,6 @@
 {{{- delete_line_in_sudoers_file("Defaults rootpw") }}}
 {{{- delete_line_in_sudoers_file("Defaults runaspw") }}}
 
-{{{ ansible_only_lineinfile(msg='Ensure that Defaults !targetpw is defined in sudoers', line_regex='^Defaults !targetpw$', path='/etc/sudoers', new_line='Defaults !targetpw') }}}
-{{{ ansible_only_lineinfile(msg='Ensure that Defaults !rootpw is defined in sudoers', line_regex='^Defaults !rootpw$', path='/etc/sudoers', new_line='Defaults !rootpw') }}}
-{{{ ansible_only_lineinfile(msg='Ensure that Defaults !runaspw is defined in sudoers', line_regex='^Defaults !runaspw$', path='/etc/sudoers', new_line='Defaults !runaspw') }}}
+{{{ ansible_only_lineinfile(msg='Ensure that Defaults !targetpw is defined in sudoers', line_regex='^Defaults !targetpw$', insensitive=false, path='/etc/sudoers', new_line='Defaults !targetpw') }}}
+{{{ ansible_only_lineinfile(msg='Ensure that Defaults !rootpw is defined in sudoers', line_regex='^Defaults !rootpw$', insensitive=false, path='/etc/sudoers', new_line='Defaults !rootpw') }}}
+{{{ ansible_only_lineinfile(msg='Ensure that Defaults !runaspw is defined in sudoers', line_regex='^Defaults !runaspw$', insensitive=false, path='/etc/sudoers', new_line='Defaults !runaspw') }}}