try this

syntax issue
attempt to fix annoying snapshot/inventory sync issue with CNV
2025-07-11 16:06:24 -06:00 · 2025-07-11 16:03:16 -06:00 · 2025-07-11 16:00:06 -06:00 · 2025-07-09 13:07:17 -06:00 · 2025-06-25 14:00:29 -06:00 · 2025-06-25 13:06:49 -04:00
33 changed files with 3321 additions and 3361 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,10 +1,16 @@
 ---
 profile: production
-offline: false
+offline: true
 skip_list:
  - "galaxy[no-changelog]"
 warn_list:
  # seems to be a bug, see https://github.com/ansible/ansible-lint/issues/4172
  - "fqcn[canonical]"
  # @matferna: really not sure why lint thinks it can't find jmespath, it is installed and functional
  - "jinja[invalid]"
 exclude_paths:
  # would be better to move the roles here to the top-level roles directory
  - collections/ansible_collections/demo/compliance/roles/
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -0,0 +1,25 @@
 # GitHub Actions
 ## Background
 We want to make attempts to run our integration tests in the same manner wether using GitHub actions or on a developers's machine locally. For this reason, the tests are curated to run using container images. As of this writing, two images exist which we would like to test against:
  - quay.io/ansible-product-demos/apd-ee-24:latest
  - quay.io/ansible-product-demos/apd-ee-25:latest
 These images are built given the structure defined in their respective EE [definitions][../execution_environments]. Because they differ (mainly due to their python versions), each gets some special handling.
 ## Troubleshooting GitHub Actions
 ### Interactive
 It is likely the most straight-forward approach to interactively debug issues. The following podman command can be run from the project root directory to replicate the GitHub action:
 ```
 podman run \
           --user root  \
           -v $(pwd):/runner:Z \
           -it \
           <image> \
           /bin/bash
 ```
 `<image>` is one of `quay.io/ansible-product-demos/apd-ee-25:latest`, `quay.io/ansible-product-demos/apd-ee-24:latest`
 It is not exact because GitHub seems to run closer to a sidecar container paradigm, and uses docker instead of podman, but hopefully it's close enough.
 For the 24 EE, the python interpreriter verions is set for our pre-commit script like so: `USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh`
 The 25 EE is similary run but without the need for this variable: `./.github/workflows/run-pc.sh`
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -4,17 +4,23 @@ on:
 - push
 - pull_request_target
 env:
  ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN }}
  ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN }}
 jobs:
-  pre-commit:
+  pre-commit-25:
-    name: pre-commit
+    container:
      image: quay.io/ansible-product-demos/apd-ee-25
      options: --user root
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - run: ./.github/workflows/run-pc.sh
-    - uses: pre-commit/action@v3.0.1
+      shell: bash
  pre-commit-24:
    container:
      image: quay.io/ansible-product-demos/apd-ee-24
      options: --user root
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - run: USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh
      shell: bash
 ...
--- a/.github/workflows/run-pc.sh
+++ b/.github/workflows/run-pc.sh
@@ -0,0 +1,24 @@
 #!/bin/bash -x
 dnf install git-lfs -y
 PYTHON_VARIANT="${USE_PYTHON:-python3.11}"
 PATH="$PATH:$HOME/.local/bin"
 # intsall pip
 eval "${PYTHON_VARIANT} -m pip install --user --upgrade pip"
 # try to fix 2.4 incompatibility 
 eval "${PYTHON_VARIANT} -m pip install --user --upgrade setuptools wheel twine check-wheel-contents"
 # intsall pre-commit
 eval "${PYTHON_VARIANT} -m pip install --user pre-commit"
 # view pip packages
 eval "${PYTHON_VARIANT} -m pip freeze --local"
 # fix permissions on directory
 git config --global --add safe.directory $(pwd)
 # run pre-commit
 pre-commit run --config $(pwd)/.pre-commit-gh.yml --show-diff-on-failure --color=always 
--- a/.gitignore
+++ b/.gitignore
@@ -11,4 +11,6 @@ roles/*
 !roles/requirements.yml
 .deployment_id
 .cache/
-.ansible/
+.ansible/
 **/tmp/
 execution_environments/context/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,13 +14,12 @@ repos:
      - id: check-json
      - id: check-symlinks
-  - repo: https://github.com/ansible/ansible-lint.git
+  - repo: local
    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
    rev: v6.20.3
    hooks:
      - id: ansible-lint
-        additional_dependencies:
+        name: ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25:latest --mode stdout
-          - jmespath
+        language: python
        entry: bash -c "ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25 -v --force-color --mode stdout"
  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 23.11.0
--- a/.pre-commit-gh.yml
+++ b/.pre-commit-gh.yml
@@ -0,0 +1,30 @@
 ---
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
      - id: trailing-whitespace
        exclude: rhel[89]STIG/.*$
      - id: check-yaml
        exclude: \.j2.(yaml|yml)$|\.(yaml|yml).j2$
        args: [--unsafe]   # see https://github.com/pre-commit/pre-commit-hooks/issues/273
      - id: check-toml
      - id: check-json
      - id: check-symlinks
  - repo: https://github.com/ansible/ansible-lint.git
    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
    rev: v6.20.3
    hooks:
      - id: ansible-lint
        additional_dependencies:
          - jmespath
  - repo: https://github.com/psf/black-pre-commit-mirror
    rev: 23.11.0
    hooks:
      - id: black
        exclude: rhel[89]STIG/.*$
 ...
--- a/README.md
+++ b/README.md
@@ -1,10 +1,9 @@
 [![Lab](https://img.shields.io/badge/Try%20Me-EE0000?style=for-the-badge&logo=redhat&logoColor=white)](https://red.ht/aap-product-demos)
 [![Dev Spaces](https://img.shields.io/badge/Customize%20Here-0078d7.svg?style=for-the-badge&logo=visual-studio-code&logoColor=white)](https://workspaces.openshift.com/f?url=https://github.com/ansible/product-demos)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
 [![Dev Spaces](https://img.shields.io/badge/Customize%20Here-0078d7.svg?style=for-the-badge&logo=visual-studio-code&logoColor=white)](https://workspaces.openshift.com/f?url=https://github.com/ansible/product-demos)
-# Official Ansible Product Demos
+# APD - Ansible Product Demos
-This is a centralized location for Ansible Product Demos. This project is a collection of use cases implemented with Ansible for use with the [Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible).
+The Ansible Product Demos (APD) project is a set of Ansible demos that are deployed using [Red Hat Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible).  It uses configuraton-as-code to create AAP resources such as projects, templates, and credentials that form the basis for demonstrating automation use cases in several technology domains:
 | Demo Name | Description |
 |-----------|-------------|
@@ -15,54 +14,21 @@ This is a centralized location for Ansible Product Demos. This project is a coll
 | [OpenShift](openshift/README.md) | OpenShift automation demos |
 | [Satellite](satellite/README.md) | Demos of automation with Red Hat Satellite Server |
 ## Contributions
 If you would like to contribute to this project please refer to [contribution guide](CONTRIBUTING.md) for best practices.
 ## Using this project
-This project is tested for compatibility with the [demo.redhat.com Ansible Product Demos](https://demo.redhat.com/catalog?search=product+demos&item=babylon-catalog-prod%2Fopenshift-cnv.aap-product-demos-cnv.prod) lab environment. To use with other Ansible Automation Platform installations, review the [prerequisite documentation](https://github.com/ansible/product-demos-bootstrap).
+Use the [APD bootstrap](https://github.com/ansible/product-demos-bootstrap) repo to add APD to an existing Ansible Automation Platform deployment.  The bootstrap repo provides the initial manual prerequisite steps as well as a playbook for adding APD to the existing deployment.
-> NOTE: demo.redhat.com is available to Red Hat Associates and Partners with a valid account.
+For Red Hat associates and partners, there is an Ansible Product Demos catalog item [available on demo.redhat.com](https://red.ht/apd-sandbox) (account required).
 1. First you must create a credential for [Automation Hub](https://console.redhat.com/ansible/automation-hub/) to successfully sync collections used by this project.
   1. In the Credentials section of the Controller UI, add a new Credential called `Automation Hub` with the type `Ansible Galaxy/Automation Hub API Token`
   2. You can obtain a token [here](https://console.redhat.com/ansible/automation-hub/token). This page will also provide the Server URL and Auth Server URL.
   3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section. Don't forget to click **Save**!!
      > You can also use an execution environment for disconnected environments. To do this, you must disable collection downloads in the Controller. This can be done in `Settings` > `Job Settings`. This setting prevents the controller from downloading collections listed in the [collections/requirements.yml](collections/requirements.yml) file.
 2. If it is not already created for you, add an Execution Environment called `product-demos`
     - Name: product-demos
     - Image: quay.io/acme_corp/product-demos-ee:latest
     - Pull: Only pull the image if not present before running
 3. If it is not already created for you, create a Project called `Ansible Product Demos` with this repo as a source. NOTE: if you are using a fork, be sure that you have the correct URL. Update the project.
 4. Finally, Create a Job Template called `Setup` with the following configuration:
     - Name: Setup
     - Inventory: Demo Inventory
     - Exec Env: product-demos
     - Playbook: setup_demo.yml
     - Credentials:
        - Type: Red Hat Ansible Automation Platform
        - Name: Controller Credential
     - Extra vars:
            demo: <linux or windows or cloud or network>
 ## Bring Your Own Demo
 Can't find what you're looking for? Customize this repo to make it your own.
 1. Create a fork of this repo.
-2. Update the URL of the `Ansible Project Demos` in the Controller.
+2. Update the URL of the `Ansible Project Demos` project your Ansible Automation Platform controller.
-3. Make changes as needed and run the **Product Demos | Single demo setup** job
+3. Make changes to your fork as needed and run the **Product Demos | Single demo setup** job
-See the [contribution guide](CONTRIBUTING.md) for more details on how to customize the project.
+See the [contributing guide](CONTRIBUTING.md) for more details on how to customize the project.
 ---
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-collections_path=./collections
+collections_path=./collections:/usr/share/ansible/collections
 roles_path=./roles
 [galaxy]
--- a/collections/ansible_collections/demo/compliance/roles/rhel8STIG/defaults/main.yml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel8STIG/defaults/main.yml
@@ -3,7 +3,7 @@ rhel8STIG_stigrule_230225_Manage: True
 rhel8STIG_stigrule_230225_banner_Line: banner /etc/issue
 # R-230226 RHEL-08-010050
 rhel8STIG_stigrule_230226_Manage: True
-rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
+rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: "''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.''"
 # R-230227 RHEL-08-010060
 rhel8STIG_stigrule_230227_Manage: True
 rhel8STIG_stigrule_230227__etc_issue_Dest: /etc/issue
@@ -43,9 +43,6 @@ rhel8STIG_stigrule_230241_policycoreutils_State: installed
 # R-230244 RHEL-08-010200
 rhel8STIG_stigrule_230244_Manage: True
 rhel8STIG_stigrule_230244_ClientAliveCountMax_Line: ClientAliveCountMax 1
 # R-230252 RHEL-08-010291
 rhel8STIG_stigrule_230252_Manage: True
 rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
 # R-230255 RHEL-08-010294
 rhel8STIG_stigrule_230255_Manage: True
 rhel8STIG_stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'MinProtocol = TLSv1.2'
@@ -138,16 +135,9 @@ rhel8STIG_stigrule_230346__etc_security_limits_conf_Line: '* hard maxlogins 10'
 # R-230347 RHEL-08-020030
 rhel8STIG_stigrule_230347_Manage: True
 rhel8STIG_stigrule_230347__etc_dconf_db_local_d_00_screensaver_Value: 'true'
 # R-230348 RHEL-08-020040
 rhel8STIG_stigrule_230348_Manage: True
 rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State: installed
 rhel8STIG_stigrule_230348__etc_tmux_conf_Line: 'set -g lock-command vlock'
 # R-230352 RHEL-08-020060
 rhel8STIG_stigrule_230352_Manage: True
 rhel8STIG_stigrule_230352__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
 # R-230353 RHEL-08-020070
 rhel8STIG_stigrule_230353_Manage: True
 rhel8STIG_stigrule_230353__etc_tmux_conf_Line: 'set -g lock-after-time 900'
 # R-230354 RHEL-08-020080
 rhel8STIG_stigrule_230354_Manage: True
 rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
@@ -335,8 +325,8 @@ rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32_Line: '
 rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
 # R-230439 RHEL-08-030361
 rhel8STIG_stigrule_230439_Manage: True
-rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
+rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete'
-rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
+rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete'
 # R-230444 RHEL-08-030370
 rhel8STIG_stigrule_230444_Manage: True
 rhel8STIG_stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd_Line: '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd'
@@ -432,7 +422,8 @@ rhel8STIG_stigrule_230527_Manage: True
 rhel8STIG_stigrule_230527_RekeyLimit_Line: RekeyLimit 1G 1h
 # R-230529 RHEL-08-040170
 rhel8STIG_stigrule_230529_Manage: True
-rhel8STIG_stigrule_230529_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
+rhel8STIG_stigrule_230529_ctrl_alt_del_target_disable_Enabled: false
 rhel8STIG_stigrule_230529_ctrl_alt_del_target_mask_Masked: true
 # R-230531 RHEL-08-040172
 rhel8STIG_stigrule_230531_Manage: True
 rhel8STIG_stigrule_230531__etc_systemd_system_conf_Value: 'none'
@@ -514,6 +505,9 @@ rhel8STIG_stigrule_244523__usr_lib_systemd_system_emergency_service_Value: '-/us
 # R-244525 RHEL-08-010201
 rhel8STIG_stigrule_244525_Manage: True
 rhel8STIG_stigrule_244525_ClientAliveInterval_Line: ClientAliveInterval 600
 # R-244526 RHEL-08-010287
 rhel8STIG_stigrule_244526_Manage: True
 rhel8STIG_stigrule_244526__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
 # R-244527 RHEL-08-010472
 rhel8STIG_stigrule_244527_Manage: True
 rhel8STIG_stigrule_244527_rng_tools_State: installed
@@ -526,9 +520,6 @@ rhel8STIG_stigrule_244535__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
 # R-244536 RHEL-08-020032
 rhel8STIG_stigrule_244536_Manage: True
 rhel8STIG_stigrule_244536__etc_dconf_db_local_d_02_login_screen_Value: 'true'
 # R-244537 RHEL-08-020039
 rhel8STIG_stigrule_244537_Manage: True
 rhel8STIG_stigrule_244537_tmux_State: installed
 # R-244538 RHEL-08-020081
 rhel8STIG_stigrule_244538_Manage: True
 rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line: '/org/gnome/desktop/session/idle-delay'
--- a/collections/ansible_collections/demo/compliance/roles/rhel8STIG/files/U_RHEL_8_STIG_V1R13_Manual-xccdf.xml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel8STIG/files/U_RHEL_8_STIG_V1R13_Manual-xccdf.xml
--- a/collections/ansible_collections/demo/compliance/roles/rhel8STIG/handlers/main.yml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel8STIG/handlers/main.yml
@@ -6,6 +6,25 @@
  service:
    name: sshd
    state: restarted
 - name: rsyslog_restart
  service:
    name: rsyslog
    state: restarted
 - name: sysctl_load_settings
  command: sysctl --system
 - name: daemon_reload
  systemd:
    daemon_reload: true
 - name: networkmanager_reload
  service:
    name: NetworkManager
    state: reloaded
 - name: logind_restart
  service:
    name: systemd-logind
    state: restarted
 - name: with_faillock_enable
  command: authselect enable-feature with-faillock
 - name: do_reboot
  reboot:
    pre_reboot_delay: 60
--- a/collections/ansible_collections/demo/compliance/roles/rhel8STIG/tasks/main.yml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel8STIG/tasks/main.yml
@@ -88,16 +88,6 @@
  when:
    - rhel8STIG_stigrule_230244_Manage
    - "'openssh-server' in packages"
 # R-230252 RHEL-08-010291
 - name: stigrule_230252__etc_sysconfig_sshd
  lineinfile:
    path: /etc/sysconfig/sshd
    regexp: '^# CRYPTO_POLICY='
    line: "{{ rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line }}"
    create: yes
  notify: do_reboot
  when:
    - rhel8STIG_stigrule_230252_Manage
 # R-230255 RHEL-08-010294
 - name: stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config
  lineinfile:
@@ -111,6 +101,7 @@
 - name: stigrule_230256__etc_crypto_policies_back_ends_gnutls_config
  lineinfile:
    path: /etc/crypto-policies/back-ends/gnutls.config
    regexp: '^\+VERS'
    line: "{{ rhel8STIG_stigrule_230256__etc_crypto_policies_back_ends_gnutls_config_Line }}"
    create: yes
  when:
@@ -422,20 +413,6 @@
  when:
    - rhel8STIG_stigrule_230347_Manage
    - "'dconf' in packages"
 # R-230348 RHEL-08-020040
 - name: stigrule_230348_ensure_tmux_is_installed
  yum:
    name: tmux
    state: "{{ rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State }}"
  when: rhel8STIG_stigrule_230348_Manage
 # R-230348 RHEL-08-020040
 - name: stigrule_230348__etc_tmux_conf
  lineinfile:
    path: /etc/tmux.conf
    line: "{{ rhel8STIG_stigrule_230348__etc_tmux_conf_Line }}"
    create: yes
  when:
    - rhel8STIG_stigrule_230348_Manage
 # R-230352 RHEL-08-020060
 - name: stigrule_230352__etc_dconf_db_local_d_00_screensaver
  ini_file:
@@ -448,20 +425,13 @@
  when:
    - rhel8STIG_stigrule_230352_Manage
    - "'dconf' in packages"
 # R-230353 RHEL-08-020070
 - name: stigrule_230353__etc_tmux_conf
  lineinfile:
    path: /etc/tmux.conf
    line: "{{ rhel8STIG_stigrule_230353__etc_tmux_conf_Line }}"
    create: yes
  when:
    - rhel8STIG_stigrule_230353_Manage
 # R-230354 RHEL-08-020080
 - name: stigrule_230354__etc_dconf_db_local_d_locks_session
  lineinfile:
    path: /etc/dconf/db/local.d/locks/session
    line: "{{ rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line }}"
    create: yes
  notify: dconf_update
  when:
    - rhel8STIG_stigrule_230354_Manage
 # R-230357 RHEL-08-020110
@@ -610,7 +580,7 @@
  when:
    - rhel8STIG_stigrule_230383_Manage
 # R-230386 RHEL-08-030000
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32
+- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv$'
@@ -618,7 +588,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230386_Manage
 # R-230386 RHEL-08-030000
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64
+- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv$'
@@ -626,7 +596,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230386_Manage
 # R-230386 RHEL-08-030000
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32
+- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv$'
@@ -634,7 +604,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230386_Manage
 # R-230386 RHEL-08-030000
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64
+- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv$'
@@ -719,7 +689,7 @@
  when:
    - rhel8STIG_stigrule_230395_Manage
 # R-230402 RHEL-08-030121
- name : stigrule_230402__etc_audit_rules_d_audit_rules_e2
+- name: stigrule_230402__etc_audit_rules_d_audit_rules_e2
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-e 2$'
@@ -727,7 +697,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230402_Manage
 # R-230403 RHEL-08-030122
- name : stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable
+- name: stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^--loginuid-immutable$'
@@ -735,7 +705,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230403_Manage
 # R-230404 RHEL-08-030130
- name : stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow
+- name: stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/shadow -p wa -k identity$'
@@ -743,7 +713,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230404_Manage
 # R-230405 RHEL-08-030140
- name : stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd
+- name: stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/security/opasswd -p wa -k identity$'
@@ -751,7 +721,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230405_Manage
 # R-230406 RHEL-08-030150
- name : stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd
+- name: stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/passwd -p wa -k identity$'
@@ -759,7 +729,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230406_Manage
 # R-230407 RHEL-08-030160
- name : stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow
+- name: stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/gshadow -p wa -k identity$'
@@ -767,7 +737,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230407_Manage
 # R-230408 RHEL-08-030170
- name : stigrule_230408__etc_audit_rules_d_audit_rules__etc_group
+- name: stigrule_230408__etc_audit_rules_d_audit_rules__etc_group
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/group -p wa -k identity$'
@@ -775,7 +745,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230408_Manage
 # R-230409 RHEL-08-030171
- name : stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers
+- name: stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/sudoers -p wa -k identity$'
@@ -783,7 +753,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230409_Manage
 # R-230410 RHEL-08-030172
- name : stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d_
+- name: stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d_
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/sudoers.d/ -p wa -k identity$'
@@ -797,7 +767,7 @@
    state: "{{ rhel8STIG_stigrule_230411_audit_State }}"
  when: rhel8STIG_stigrule_230411_Manage
 # R-230412 RHEL-08-030190
- name : stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su
+- name: stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change$'
@@ -805,7 +775,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230412_Manage
 # R-230413 RHEL-08-030200
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
+- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -813,7 +783,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230413_Manage
 # R-230413 RHEL-08-030200
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
+- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -821,7 +791,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230413_Manage
 # R-230413 RHEL-08-030200
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32
+- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
@@ -829,7 +799,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230413_Manage
 # R-230413 RHEL-08-030200
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64
+- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
@@ -837,7 +807,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230413_Manage
 # R-230418 RHEL-08-030250
- name : stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage
+- name: stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage$'
@@ -845,7 +815,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230418_Manage
 # R-230419 RHEL-08-030260
- name : stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon
+- name: stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -853,7 +823,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230419_Manage
 # R-230421 RHEL-08-030280
- name : stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
+- name: stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
@@ -861,7 +831,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230421_Manage
 # R-230422 RHEL-08-030290
- name : stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd
+- name: stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd$'
@@ -869,7 +839,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230422_Manage
 # R-230423 RHEL-08-030300
- name : stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount
+- name: stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
@@ -877,7 +847,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230423_Manage
 # R-230424 RHEL-08-030301
- name : stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount
+- name: stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
@@ -885,7 +855,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230424_Manage
 # R-230425 RHEL-08-030302
- name : stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32
+- name: stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount$'
@@ -893,7 +863,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230425_Manage
 # R-230425 RHEL-08-030302
- name : stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64
+- name: stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount$'
@@ -901,7 +871,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230425_Manage
 # R-230426 RHEL-08-030310
- name : stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
+- name: stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -909,7 +879,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230426_Manage
 # R-230427 RHEL-08-030311
- name : stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
+- name: stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -917,7 +887,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230427_Manage
 # R-230428 RHEL-08-030312
- name : stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
+- name: stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -925,7 +895,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230428_Manage
 # R-230429 RHEL-08-030313
- name : stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage
+- name: stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -933,7 +903,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230429_Manage
 # R-230430 RHEL-08-030314
- name : stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
+- name: stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -941,7 +911,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230430_Manage
 # R-230431 RHEL-08-030315
- name : stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
+- name: stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -949,7 +919,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230431_Manage
 # R-230432 RHEL-08-030316
- name : stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
+- name: stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -957,7 +927,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230432_Manage
 # R-230433 RHEL-08-030317
- name : stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
+- name: stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -965,7 +935,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230433_Manage
 # R-230434 RHEL-08-030320
- name : stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
+- name: stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
@@ -973,7 +943,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230434_Manage
 # R-230435 RHEL-08-030330
- name : stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl
+- name: stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -981,7 +951,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230435_Manage
 # R-230436 RHEL-08-030340
- name : stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
+- name: stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check$'
@@ -989,7 +959,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230436_Manage
 # R-230437 RHEL-08-030350
- name : stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp
+- name: stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -997,7 +967,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230437_Manage
 # R-230438 RHEL-08-030360
- name : stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32
+- name: stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -1005,7 +975,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230438_Manage
 # R-230438 RHEL-08-030360
- name : stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64
+- name: stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -1013,23 +983,23 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230438_Manage
 # R-230439 RHEL-08-030361
- name : stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32
+- name: stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
-    regexp: '^-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng$'
+    regexp: '^-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
    line: "{{ rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line }}"
  notify: auditd_restart
  when: rhel8STIG_stigrule_230439_Manage
 # R-230439 RHEL-08-030361
- name : stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64
+- name: stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
-    regexp: '^-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng$'
+    regexp: '^-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
    line: "{{ rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line }}"
  notify: auditd_restart
  when: rhel8STIG_stigrule_230439_Manage
 # R-230444 RHEL-08-030370
- name : stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
+- name: stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd$'
@@ -1037,7 +1007,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230444_Manage
 # R-230446 RHEL-08-030390
- name : stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32
+- name: stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -1045,7 +1015,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230446_Manage
 # R-230446 RHEL-08-030390
- name : stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64
+- name: stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -1053,7 +1023,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230446_Manage
 # R-230447 RHEL-08-030400
- name : stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab
+- name: stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab$'
@@ -1061,7 +1031,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230447_Manage
 # R-230448 RHEL-08-030410
- name : stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh
+- name: stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -1069,7 +1039,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230448_Manage
 # R-230449 RHEL-08-030420
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
+- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -1077,7 +1047,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230449_Manage
 # R-230449 RHEL-08-030420
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
+- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -1085,7 +1055,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230449_Manage
 # R-230449 RHEL-08-030420
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
+- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -1093,7 +1063,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230449_Manage
 # R-230449 RHEL-08-030420
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
+- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -1101,7 +1071,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230449_Manage
 # R-230455 RHEL-08-030480
- name : stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32
+- name: stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -1109,7 +1079,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230455_Manage
 # R-230455 RHEL-08-030480
- name : stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64
+- name: stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -1117,7 +1087,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230455_Manage
 # R-230456 RHEL-08-030490
- name : stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32
+- name: stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -1125,7 +1095,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230456_Manage
 # R-230456 RHEL-08-030490
- name : stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64
+- name: stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -1133,7 +1103,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230456_Manage
 # R-230462 RHEL-08-030550
- name : stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo
+- name: stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -1141,7 +1111,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230462_Manage
 # R-230463 RHEL-08-030560
- name : stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod
+- name: stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod$'
@@ -1149,7 +1119,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230463_Manage
 # R-230464 RHEL-08-030570
- name : stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl
+- name: stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -1157,7 +1127,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230464_Manage
 # R-230465 RHEL-08-030580
- name : stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod
+- name: stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules$'
@@ -1165,7 +1135,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230465_Manage
 # R-230466 RHEL-08-030590
- name : stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock
+- name: stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /var/log/faillock -p wa -k logins$'
@@ -1173,7 +1143,7 @@
  notify: auditd_restart
  when: rhel8STIG_stigrule_230466_Manage
 # R-230467 RHEL-08-030600
- name : stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog
+- name: stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /var/log/lastlog -p wa -k logins$'
@@ -1296,7 +1266,7 @@
  when: rhel8STIG_stigrule_230505_Manage
 # R-230506 RHEL-08-040110
 - name: check if wireless network adapters are disabled
-  shell: "[[ $(nmcli radio wifi)  == 'enabled' ]]"
+  shell: "[[ $(nmcli radio wifi) == 'enabled' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1337,13 +1307,33 @@
    - rhel8STIG_stigrule_230527_Manage
    - "'openssh-server' in packages"
 # R-230529 RHEL-08-040170
- name: stigrule_230529_systemctl_mask_ctrl_alt_del_target
+- name: check if ctrl-alt-del.target is installed
-  systemd:
+  shell: ! systemctl list-unit-files | grep "^ctrl-alt-del.target[ \t]\+"
  changed_when: False
  check_mode: no
  register: result
  failed_when: result.rc > 1
 - name: stigrule_230529_ctrl_alt_del_target_disable
  systemd_service:
    name: ctrl-alt-del.target
-    enabled: no
+    enabled: "{{ rhel8STIG_stigrule_230529_ctrl_alt_del_target_disable_Enabled }}"
    masked: yes
  when:
    - rhel8STIG_stigrule_230529_Manage
    - result.rc == 0
 # R-230529 RHEL-08-040170
 - name: check if ctrl-alt-del.target is installed
  shell: ! systemctl list-unit-files | grep "^ctrl-alt-del.target[ \t]\+"
  changed_when: False
  check_mode: no
  register: result
  failed_when: result.rc > 1
 - name: stigrule_230529_ctrl_alt_del_target_mask
  systemd_service:
    name: ctrl-alt-del.target
    masked: "{{ rhel8STIG_stigrule_230529_ctrl_alt_del_target_mask_Masked }}"
  when:
    - rhel8STIG_stigrule_230529_Manage
    - result.rc == 0
 # R-230531 RHEL-08-040172
 - name: stigrule_230531__etc_systemd_system_conf
  ini_file:
@@ -1364,7 +1354,7 @@
  when: rhel8STIG_stigrule_230533_Manage
 # R-230535 RHEL-08-040210
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1392,7 +1382,7 @@
    - rhel8STIG_stigrule_230537_Manage
 # R-230538 RHEL-08-040240
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1406,7 +1396,7 @@
    - cmd_result.rc == 0
 # R-230539 RHEL-08-040250
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1427,7 +1417,7 @@
    - rhel8STIG_stigrule_230540_Manage
 # R-230540 RHEL-08-040260
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1441,7 +1431,7 @@
    - cmd_result.rc == 0
 # R-230541 RHEL-08-040261
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1455,7 +1445,7 @@
    - cmd_result.rc == 0
 # R-230542 RHEL-08-040262
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1476,7 +1466,7 @@
    - rhel8STIG_stigrule_230543_Manage
 # R-230544 RHEL-08-040280
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1623,6 +1613,16 @@
  when:
    - rhel8STIG_stigrule_244525_Manage
    - "'openssh-server' in packages"
 # R-244526 RHEL-08-010287
 - name: stigrule_244526__etc_sysconfig_sshd
  lineinfile:
    path: /etc/sysconfig/sshd
    regexp: '^# CRYPTO_POLICY='
    line: "{{ rhel8STIG_stigrule_244526__etc_sysconfig_sshd_Line }}"
    create: yes
  notify: do_reboot
  when:
    - rhel8STIG_stigrule_244526_Manage
 # R-244527 RHEL-08-010472
 - name: stigrule_244527_rng_tools
  yum:
@@ -1663,18 +1663,13 @@
  when:
    - rhel8STIG_stigrule_244536_Manage
    - "'dconf' in packages"
 # R-244537 RHEL-08-020039
 - name: stigrule_244537_tmux
  yum:
    name: tmux
    state: "{{ rhel8STIG_stigrule_244537_tmux_State }}"
  when: rhel8STIG_stigrule_244537_Manage
 # R-244538 RHEL-08-020081
 - name: stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay
  lineinfile:
    path: /etc/dconf/db/local.d/locks/session
    line: "{{ rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line }}"
    create: yes
  notify: dconf_update
  when:
    - rhel8STIG_stigrule_244538_Manage
 # R-244539 RHEL-08-020082
@@ -1683,6 +1678,7 @@
    path: /etc/dconf/db/local.d/locks/session
    line: "{{ rhel8STIG_stigrule_244539__etc_dconf_db_local_d_locks_session_lock_enabled_Line }}"
    create: yes
  notify: dconf_update
  when:
    - rhel8STIG_stigrule_244539_Manage
 # R-244542 RHEL-08-030181
--- a/collections/ansible_collections/demo/compliance/roles/rhel9STIG/defaults/main.yml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel9STIG/defaults/main.yml
@@ -159,7 +159,7 @@ rhel9STIG_stigrule_257834_Manage: True
 rhel9STIG_stigrule_257834_tuned_State: removed
 # R-257835 RHEL-09-215060
 rhel9STIG_stigrule_257835_Manage: True
-rhel9STIG_stigrule_257835_tftp_State: removed
+rhel9STIG_stigrule_257835_tftp_server_State: removed
 # R-257836 RHEL-09-215065
 rhel9STIG_stigrule_257836_Manage: True
 rhel9STIG_stigrule_257836_quagga_State: removed
@@ -302,10 +302,6 @@ rhel9STIG_stigrule_257916__var_log_messages_owner_Owner: root
 rhel9STIG_stigrule_257917_Manage: True
 rhel9STIG_stigrule_257917__var_log_messages_group_owner_Dest: /var/log/messages
 rhel9STIG_stigrule_257917__var_log_messages_group_owner_Group: root
 # R-257933 RHEL-09-232265
 rhel9STIG_stigrule_257933_Manage: True
 rhel9STIG_stigrule_257933__etc_crontab_mode_Dest: /etc/crontab
 rhel9STIG_stigrule_257933__etc_crontab_mode_Mode: '0600'
 # R-257934 RHEL-09-232270
 rhel9STIG_stigrule_257934_Manage: True
 rhel9STIG_stigrule_257934__etc_shadow_mode_Dest: /etc/shadow
@@ -455,9 +451,6 @@ rhel9STIG_stigrule_257985_PermitRootLogin_Line: PermitRootLogin no
 # R-257986 RHEL-09-255050
 rhel9STIG_stigrule_257986_Manage: True
 rhel9STIG_stigrule_257986_UsePAM_Line: UsePAM yes
 # R-257989 RHEL-09-255065
 rhel9STIG_stigrule_257989_Manage: True
 rhel9STIG_stigrule_257989__etc_crypto_policies_back_ends_openssh_config_Line: 'Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr'
 # R-257992 RHEL-09-255080
 rhel9STIG_stigrule_257992_Manage: True
 rhel9STIG_stigrule_257992_HostbasedAuthentication_Line: HostbasedAuthentication no
@@ -509,9 +502,6 @@ rhel9STIG_stigrule_258008_StrictModes_Line: StrictModes yes
 # R-258009 RHEL-09-255165
 rhel9STIG_stigrule_258009_Manage: True
 rhel9STIG_stigrule_258009_PrintLastLog_Line: PrintLastLog yes
 # R-258010 RHEL-09-255170
 rhel9STIG_stigrule_258010_Manage: True
 rhel9STIG_stigrule_258010_UsePrivilegeSeparation_Line: UsePrivilegeSeparation sandbox
 # R-258011 RHEL-09-255175
 rhel9STIG_stigrule_258011_Manage: True
 rhel9STIG_stigrule_258011_X11UseLocalhost_Line: X11UseLocalhost yes
@@ -560,10 +550,9 @@ rhel9STIG_stigrule_258026__etc_dconf_db_local_d_locks_session_lock_delay_Line: '
 # R-258027 RHEL-09-271085
 rhel9STIG_stigrule_258027_Manage: True
 rhel9STIG_stigrule_258027__etc_dconf_db_local_d_00_security_settings_Value: "''"
 # R-258027 RHEL-09-271085
 rhel9STIG_stigrule_258027_Manage: True
 rhel9STIG_stigrule_258027__etc_dconf_db_local_d_locks_00_security_settings_lock_picture_uri_Line: '/org/gnome/desktop/screensaver/picture-uri'
 # R-258029 RHEL-09-271095
 rhel9STIG_stigrule_258029_Manage: True
 rhel9STIG_stigrule_258029__etc_dconf_db_local_d_00_security_settings_Value: "'true'"
 # R-258030 RHEL-09-271100
 rhel9STIG_stigrule_258030_Manage: True
 rhel9STIG_stigrule_258030__etc_dconf_db_local_d_locks_session_disable_restart_buttons_Line: '/org/gnome/login-screen/disable-restart-buttons'
@@ -583,6 +572,8 @@ rhel9STIG_stigrule_258034__etc_modprobe_d_usb_storage_conf_blacklist_usb_storage
 # R-258035 RHEL-09-291015
 rhel9STIG_stigrule_258035_Manage: True
 rhel9STIG_stigrule_258035_usbguard_State: installed
 rhel9STIG_stigrule_258035_usbguard_enable_Enabled: yes
 rhel9STIG_stigrule_258035_usbguard_start_State: started
 # R-258036 RHEL-09-291020
 rhel9STIG_stigrule_258036_Manage: True
 rhel9STIG_stigrule_258036_usbguard_enable_Enabled: yes
@@ -621,12 +612,6 @@ rhel9STIG_stigrule_258057__etc_security_faillock_conf_Line: 'unlock_time = 0'
 # R-258060 RHEL-09-411105
 rhel9STIG_stigrule_258060_Manage: True
 rhel9STIG_stigrule_258060__etc_security_faillock_conf_Line: 'dir = /var/log/faillock'
 # R-258063 RHEL-09-412010
 rhel9STIG_stigrule_258063_Manage: True
 rhel9STIG_stigrule_258063_tmux_State: installed
 # R-258066 RHEL-09-412025
 rhel9STIG_stigrule_258066_Manage: True
 rhel9STIG_stigrule_258066__etc_tmux_conf_Line: 'set -g lock-after-time 900'
 # R-258069 RHEL-09-412040
 rhel9STIG_stigrule_258069_Manage: True
 rhel9STIG_stigrule_258069__etc_security_limits_conf_Line: '* hard maxlogins 10'
@@ -688,9 +673,6 @@ rhel9STIG_stigrule_258104__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
 # R-258107 RHEL-09-611090
 rhel9STIG_stigrule_258107_Manage: True
 rhel9STIG_stigrule_258107__etc_security_pwquality_conf_Line: 'minlen = 15'
 # R-258108 RHEL-09-611095
 rhel9STIG_stigrule_258108_Manage: True
 rhel9STIG_stigrule_258108__etc_login_defs_Line: 'PASS_MIN_LEN 15'
 # R-258109 RHEL-09-611100
 rhel9STIG_stigrule_258109_Manage: True
 rhel9STIG_stigrule_258109__etc_security_pwquality_conf_Line: 'ocredit = -1'
@@ -718,9 +700,6 @@ rhel9STIG_stigrule_258116__etc_libuser_conf_Value: 'sha512'
 # R-258117 RHEL-09-611140
 rhel9STIG_stigrule_258117_Manage: True
 rhel9STIG_stigrule_258117__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
 # R-258119 RHEL-09-611150
 rhel9STIG_stigrule_258119_Manage: True
 rhel9STIG_stigrule_258119__etc_login_defs_Line: 'SHA_CRYPT_MIN_ROUNDS 5000'
 # R-258121 RHEL-09-611160
 rhel9STIG_stigrule_258121_Manage: True
 rhel9STIG_stigrule_258121__etc_opensc_conf_Line: 'card_drivers = cac;'
@@ -759,9 +738,6 @@ rhel9STIG_stigrule_258142_rsyslog_start_State: started
 # R-258144 RHEL-09-652030
 rhel9STIG_stigrule_258144_Manage: True
 rhel9STIG_stigrule_258144__etc_rsyslog_conf_Line: 'auth.*;authpriv.*;daemon.*                              /var/log/secure'
 # R-258145 RHEL-09-652035
 rhel9STIG_stigrule_258145_Manage: True
 rhel9STIG_stigrule_258145__etc_audit_plugins_d_syslog_conf_Line: 'active = yes'
 # R-258146 RHEL-09-652040
 rhel9STIG_stigrule_258146_Manage: True
 rhel9STIG_stigrule_258146__etc_rsyslog_conf_Line: '$ActionSendStreamDriverAuthMode x509/name'
@@ -1000,12 +976,9 @@ rhel9STIG_stigrule_258228__etc_audit_rules_d_audit_rules_loginuid_immutable_Line
 # R-258229 RHEL-09-654275
 rhel9STIG_stigrule_258229_Manage: True
 rhel9STIG_stigrule_258229__etc_audit_rules_d_audit_rules_e2_Line: '-e 2'
-# R-258234 RHEL-09-672010
+# R-258234 RHEL-09-215100
 rhel9STIG_stigrule_258234_Manage: True
 rhel9STIG_stigrule_258234_crypto_policies_State: installed
-# R-258239 RHEL-09-672035
+# R-272488 RHEL-09-215101
-rhel9STIG_stigrule_258239_Manage: True
+rhel9STIG_stigrule_272488_Manage: True
-rhel9STIG_stigrule_258239__etc_pki_tls_openssl_cnf_Line: '.include = /etc/crypto-policies/back-ends/opensslcnf.config'
+rhel9STIG_stigrule_272488_postfix_State: installed
 # R-258240 RHEL-09-672040
 rhel9STIG_stigrule_258240_Manage: True
 rhel9STIG_stigrule_258240__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'TLS.MinProtocol = TLSv1.2'
--- a/collections/ansible_collections/demo/compliance/roles/rhel9STIG/files/U_RHEL_9_STIG_V2R4_Manual-xccdf.xml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel9STIG/files/U_RHEL_9_STIG_V2R4_Manual-xccdf.xml
--- a/collections/ansible_collections/demo/compliance/roles/rhel9STIG/tasks/main.yml
+++ b/collections/ansible_collections/demo/compliance/roles/rhel9STIG/tasks/main.yml
@@ -56,7 +56,7 @@
 - name: stigrule_257785_ctrl_alt_del_target_disable
  systemd_service:
    name: ctrl-alt-del.target
-    enabled : "{{ rhel9STIG_stigrule_257785_ctrl_alt_del_target_disable_Enabled }}"
+    enabled: "{{ rhel9STIG_stigrule_257785_ctrl_alt_del_target_disable_Enabled }}"
  when:
    - rhel9STIG_stigrule_257785_Manage
    - result.rc == 0
@@ -84,7 +84,7 @@
 - name: stigrule_257786_debug_shell_service_disable
  systemd_service:
    name: debug-shell.service
-    enabled : "{{ rhel9STIG_stigrule_257786_debug_shell_service_disable_Enabled }}"
+    enabled: "{{ rhel9STIG_stigrule_257786_debug_shell_service_disable_Enabled }}"
  when:
    - rhel9STIG_stigrule_257786_Manage
    - result.rc == 0
@@ -333,7 +333,7 @@
 - name: stigrule_257815_systemd_coredump_socket_disable
  systemd_service:
    name: systemd-coredump.socket
-    enabled : "{{ rhel9STIG_stigrule_257815_systemd_coredump_socket_disable_Enabled }}"
+    enabled: "{{ rhel9STIG_stigrule_257815_systemd_coredump_socket_disable_Enabled }}"
  when:
    - rhel9STIG_stigrule_257815_Manage
    - result.rc == 0
@@ -371,7 +371,7 @@
 - name: stigrule_257818_kdump_disable
  systemd_service:
    name: kdump.service
-    enabled : "{{ rhel9STIG_stigrule_257818_kdump_disable_Enabled }}"
+    enabled: "{{ rhel9STIG_stigrule_257818_kdump_disable_Enabled }}"
  when:
    - rhel9STIG_stigrule_257818_Manage
    - result.rc == 0
@@ -474,10 +474,10 @@
    state: "{{ rhel9STIG_stigrule_257834_tuned_State }}"
  when: rhel9STIG_stigrule_257834_Manage
 # R-257835 RHEL-09-215060
- name: stigrule_257835_tftp
+- name: stigrule_257835_tftp_server
  yum:
-    name: tftp
+    name: tftp-server
-    state: "{{ rhel9STIG_stigrule_257835_tftp_State }}"
+    state: "{{ rhel9STIG_stigrule_257835_tftp_server_State }}"
  when: rhel9STIG_stigrule_257835_Manage
 # R-257836 RHEL-09-215065
 - name: stigrule_257836_quagga
@@ -525,7 +525,7 @@
 - name: stigrule_257849_autofs_service_disable
  systemd_service:
    name: autofs.service
-    enabled : "{{ rhel9STIG_stigrule_257849_autofs_service_disable_Enabled }}"
+    enabled: "{{ rhel9STIG_stigrule_257849_autofs_service_disable_Enabled }}"
  when:
    - rhel9STIG_stigrule_257849_Manage
    - result.rc == 0
@@ -764,13 +764,6 @@
    group: "{{ rhel9STIG_stigrule_257917__var_log_messages_group_owner_Group }}"
  when:
    - rhel9STIG_stigrule_257917_Manage
 # R-257933 RHEL-09-232265
 - name: stigrule_257933__etc_crontab_mode
  file:
    dest: "{{ rhel9STIG_stigrule_257933__etc_crontab_mode_Dest }}"
    mode: "{{ rhel9STIG_stigrule_257933__etc_crontab_mode_Mode }}"
  when:
    - rhel9STIG_stigrule_257933_Manage
 # R-257934 RHEL-09-232270
 - name: stigrule_257934__etc_shadow_mode
  file:
@@ -1027,7 +1020,7 @@
    - rhel9STIG_stigrule_257970_Manage
 # R-257971 RHEL-09-254010
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1043,7 +1036,7 @@
    - cmd_result.rc == 0
 # R-257972 RHEL-09-254015
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1059,7 +1052,7 @@
    - cmd_result.rc == 0
 # R-257973 RHEL-09-254020
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1075,7 +1068,7 @@
    - cmd_result.rc == 0
 # R-257974 RHEL-09-254025
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1091,7 +1084,7 @@
    - cmd_result.rc == 0
 # R-257975 RHEL-09-254030
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1107,7 +1100,7 @@
    - cmd_result.rc == 0
 # R-257976 RHEL-09-254035
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1123,7 +1116,7 @@
    - cmd_result.rc == 0
 # R-257977 RHEL-09-254040
 - name: check if ipv6 is enabled
-  shell: "[[ $(cat /sys/module/ipv6/parameters/disable)  == '0' ]]"
+  shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1237,16 +1230,6 @@
  when:
    - rhel9STIG_stigrule_257986_Manage
    - "'openssh-server' in packages"
 # R-257989 RHEL-09-255065
 - name: stigrule_257989__etc_crypto_policies_back_ends_openssh_config
  lineinfile:
    path: /etc/crypto-policies/back-ends/openssh.config
    regexp: '^\s*Ciphers\s+\S+\s*$'
    line: "{{ rhel9STIG_stigrule_257989__etc_crypto_policies_back_ends_openssh_config_Line }}"
    create: yes
  notify: do_reboot
  when:
    - rhel9STIG_stigrule_257989_Manage
 # R-257992 RHEL-09-255080
 - name: stigrule_257992_HostbasedAuthentication
  lineinfile:
@@ -1398,16 +1381,6 @@
  when:
    - rhel9STIG_stigrule_258009_Manage
    - "'openssh-server' in packages"
 # R-258010 RHEL-09-255170
 - name: stigrule_258010_UsePrivilegeSeparation
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '(?i)^\s*UsePrivilegeSeparation\s+'
    line: "{{ rhel9STIG_stigrule_258010_UsePrivilegeSeparation_Line }}"
  notify: ssh_restart
  when:
    - rhel9STIG_stigrule_258010_Manage
    - "'openssh-server' in packages"
 # R-258011 RHEL-09-255175
 - name: stigrule_258011_X11UseLocalhost
  lineinfile:
@@ -1594,18 +1567,6 @@
  when:
    - rhel9STIG_stigrule_258027_Manage
    - "'dconf' in packages"
 # R-258029 RHEL-09-271095
 - name: stigrule_258029__etc_dconf_db_local_d_00_security_settings
  ini_file:
    path: /etc/dconf/db/local.d/00-security-settings
    section: org/gnome/login-screen
    option: disable-restart-buttons
    value: "{{ rhel9STIG_stigrule_258029__etc_dconf_db_local_d_00_security_settings_Value }}"
    no_extra_spaces: yes
  notify: dconf_update
  when:
    - rhel9STIG_stigrule_258029_Manage
    - "'dconf' in packages"
 # R-258030 RHEL-09-271100
 - name: stigrule_258030__etc_dconf_db_local_d_locks_session_disable_restart_buttons
  lineinfile:
@@ -1674,6 +1635,34 @@
    name: usbguard
    state: "{{ rhel9STIG_stigrule_258035_usbguard_State }}"
  when: rhel9STIG_stigrule_258035_Manage
 # R-258035 RHEL-09-291015
 - name: check if usbguard.service is installed
  shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
  changed_when: False
  check_mode: no
  register: result
  failed_when: result.rc > 1
 - name: stigrule_258035_usbguard_enable
  service:
    name: usbguard.service
    enabled: "{{ rhel9STIG_stigrule_258035_usbguard_enable_Enabled }}"
  when:
    - rhel9STIG_stigrule_258035_Manage
    - result.rc == 0
 # R-258035 RHEL-09-291015
 - name: check if usbguard.service is installed
  shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
  changed_when: False
  check_mode: no
  register: result
  failed_when: result.rc > 1
 - name: stigrule_258035_usbguard_start
  service:
    name: usbguard.service
    state: "{{ rhel9STIG_stigrule_258035_usbguard_start_State }}"
  when:
    - rhel9STIG_stigrule_258035_Manage
    - result.rc == 0
 # R-258036 RHEL-09-291020
 - name: check if usbguard.service is installed
  shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
@@ -1731,7 +1720,7 @@
    - rhel9STIG_stigrule_258039_Manage
 # R-258040 RHEL-09-291040
 - name: check if wireless network adapters are disabled
-  shell: "[[ $(nmcli radio wifi)  == 'enabled' ]]"
+  shell: "[[ $(nmcli radio wifi) == 'enabled' ]]"
  changed_when: False
  check_mode: no
  register: cmd_result
@@ -1821,20 +1810,6 @@
  notify: with_faillock_enable
  when:
    - rhel9STIG_stigrule_258060_Manage
 # R-258063 RHEL-09-412010
 - name: stigrule_258063_tmux
  yum:
    name: tmux
    state: "{{ rhel9STIG_stigrule_258063_tmux_State }}"
  when: rhel9STIG_stigrule_258063_Manage
 # R-258066 RHEL-09-412025
 - name: stigrule_258066__etc_tmux_conf
  lineinfile:
    path: /etc/tmux.conf
    line: "{{ rhel9STIG_stigrule_258066__etc_tmux_conf_Line }}"
    create: yes
  when:
    - rhel9STIG_stigrule_258066_Manage
 # R-258069 RHEL-09-412040
 - name: stigrule_258069__etc_security_limits_conf
  lineinfile:
@@ -2025,15 +2000,6 @@
    create: yes
  when:
    - rhel9STIG_stigrule_258107_Manage
 # R-258108 RHEL-09-611095
 - name: stigrule_258108__etc_login_defs
  lineinfile:
    path: /etc/login.defs
    regexp: '^PASS_MIN_LEN'
    line: "{{ rhel9STIG_stigrule_258108__etc_login_defs_Line }}"
    create: yes
  when:
    - rhel9STIG_stigrule_258108_Manage
 # R-258109 RHEL-09-611100
 - name: stigrule_258109__etc_security_pwquality_conf
  lineinfile:
@@ -2116,15 +2082,6 @@
    create: yes
  when:
    - rhel9STIG_stigrule_258117_Manage
 # R-258119 RHEL-09-611150
 - name: stigrule_258119__etc_login_defs
  lineinfile:
    path: /etc/login.defs
    regexp: '^SHA_CRYPT_MIN_ROUNDS'
    line: "{{ rhel9STIG_stigrule_258119__etc_login_defs_Line }}"
    create: yes
  when:
    - rhel9STIG_stigrule_258119_Manage
 # R-258121 RHEL-09-611160
 - name: stigrule_258121__etc_opensc_conf
  lineinfile:
@@ -2264,16 +2221,6 @@
  notify: rsyslog_restart
  when:
    - rhel9STIG_stigrule_258144_Manage
 # R-258145 RHEL-09-652035
 - name: stigrule_258145__etc_audit_plugins_d_syslog_conf
  lineinfile:
    path: /etc/audit/plugins.d/syslog.conf
    regexp: '^\s*active\s*='
    line: "{{ rhel9STIG_stigrule_258145__etc_audit_plugins_d_syslog_conf_Line }}"
    create: yes
  notify: auditd_restart
  when:
    - rhel9STIG_stigrule_258145_Manage
 # R-258146 RHEL-09-652040
 - name: stigrule_258146__etc_rsyslog_conf
  lineinfile:
@@ -2502,7 +2449,7 @@
    state: "{{ rhel9STIG_stigrule_258175_audispd_plugins_State }}"
  when: rhel9STIG_stigrule_258175_Manage
 # R-258176 RHEL-09-654010
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b32
+- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv$'
@@ -2510,7 +2457,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258176_Manage
 # R-258176 RHEL-09-654010
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b64
+- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv$'
@@ -2518,7 +2465,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258176_Manage
 # R-258176 RHEL-09-654010
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b32
+- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv$'
@@ -2526,7 +2473,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258176_Manage
 # R-258176 RHEL-09-654010
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b64
+- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv$'
@@ -2534,7 +2481,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258176_Manage
 # R-258177 RHEL-09-654015
- name : stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b32
+- name: stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2542,7 +2489,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258177_Manage
 # R-258177 RHEL-09-654015
- name : stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b64
+- name: stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2550,7 +2497,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258177_Manage
 # R-258178 RHEL-09-654020
- name : stigrule_258178__etc_audit_rules_d_audit_rules_chown_b32
+- name: stigrule_258178__etc_audit_rules_d_audit_rules_chown_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2558,7 +2505,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258178_Manage
 # R-258178 RHEL-09-654020
- name : stigrule_258178__etc_audit_rules_d_audit_rules_chown_b64
+- name: stigrule_258178__etc_audit_rules_d_audit_rules_chown_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2566,7 +2513,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258178_Manage
 # R-258179 RHEL-09-654025
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
+- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2574,7 +2521,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258179_Manage
 # R-258179 RHEL-09-654025
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
+- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2582,7 +2529,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258179_Manage
 # R-258179 RHEL-09-654025
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32
+- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
@@ -2590,7 +2537,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258179_Manage
 # R-258179 RHEL-09-654025
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64
+- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
@@ -2598,7 +2545,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258179_Manage
 # R-258180 RHEL-09-654030
- name : stigrule_258180__etc_audit_rules_d_audit_rules__usr_bin_umount
+- name: stigrule_258180__etc_audit_rules_d_audit_rules__usr_bin_umount
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
@@ -2606,7 +2553,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258180_Manage
 # R-258181 RHEL-09-654035
- name : stigrule_258181__etc_audit_rules_d_audit_rules__usr_bin_chacl
+- name: stigrule_258181__etc_audit_rules_d_audit_rules__usr_bin_chacl
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2614,7 +2561,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258181_Manage
 # R-258182 RHEL-09-654040
- name : stigrule_258182__etc_audit_rules_d_audit_rules__usr_bin_setfacl
+- name: stigrule_258182__etc_audit_rules_d_audit_rules__usr_bin_setfacl
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2622,7 +2569,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258182_Manage
 # R-258183 RHEL-09-654045
- name : stigrule_258183__etc_audit_rules_d_audit_rules__usr_bin_chcon
+- name: stigrule_258183__etc_audit_rules_d_audit_rules__usr_bin_chcon
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
@@ -2630,7 +2577,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258183_Manage
 # R-258184 RHEL-09-654050
- name : stigrule_258184__etc_audit_rules_d_audit_rules__usr_sbin_semanage
+- name: stigrule_258184__etc_audit_rules_d_audit_rules__usr_sbin_semanage
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2638,7 +2585,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258184_Manage
 # R-258185 RHEL-09-654055
- name : stigrule_258185__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
+- name: stigrule_258185__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2646,7 +2593,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258185_Manage
 # R-258186 RHEL-09-654060
- name : stigrule_258186__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
+- name: stigrule_258186__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged$'
@@ -2654,7 +2601,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258186_Manage
 # R-258187 RHEL-09-654065
- name : stigrule_258187__etc_audit_rules_d_audit_rules_rename_b32
+- name: stigrule_258187__etc_audit_rules_d_audit_rules_rename_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
@@ -2662,7 +2609,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258187_Manage
 # R-258187 RHEL-09-654065
- name : stigrule_258187__etc_audit_rules_d_audit_rules_rename_b64
+- name: stigrule_258187__etc_audit_rules_d_audit_rules_rename_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
@@ -2670,7 +2617,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258187_Manage
 # R-258188 RHEL-09-654070
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
+- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -2678,7 +2625,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258188_Manage
 # R-258188 RHEL-09-654070
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
+- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -2686,7 +2633,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258188_Manage
 # R-258188 RHEL-09-654070
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
+- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -2694,7 +2641,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258188_Manage
 # R-258188 RHEL-09-654070
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
+- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
@@ -2702,7 +2649,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258188_Manage
 # R-258189 RHEL-09-654075
- name : stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b32
+- name: stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -2710,7 +2657,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258189_Manage
 # R-258189 RHEL-09-654075
- name : stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b64
+- name: stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -2718,7 +2665,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258189_Manage
 # R-258190 RHEL-09-654080
- name : stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b32
+- name: stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b32
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -2726,7 +2673,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258190_Manage
 # R-258190 RHEL-09-654080
- name : stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b64
+- name: stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b64
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
@@ -2734,7 +2681,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258190_Manage
 # R-258191 RHEL-09-654085
- name : stigrule_258191__etc_audit_rules_d_audit_rules__usr_bin_chage
+- name: stigrule_258191__etc_audit_rules_d_audit_rules__usr_bin_chage
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage$'
@@ -2742,7 +2689,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258191_Manage
 # R-258192 RHEL-09-654090
- name : stigrule_258192__etc_audit_rules_d_audit_rules__usr_bin_chsh
+- name: stigrule_258192__etc_audit_rules_d_audit_rules__usr_bin_chsh
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -2750,7 +2697,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258192_Manage
 # R-258193 RHEL-09-654095
- name : stigrule_258193__etc_audit_rules_d_audit_rules__usr_bin_crontab
+- name: stigrule_258193__etc_audit_rules_d_audit_rules__usr_bin_crontab
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab$'
@@ -2758,7 +2705,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258193_Manage
 # R-258194 RHEL-09-654100
- name : stigrule_258194__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
+- name: stigrule_258194__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd$'
@@ -2766,7 +2713,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258194_Manage
 # R-258195 RHEL-09-654105
- name : stigrule_258195__etc_audit_rules_d_audit_rules__usr_bin_kmod
+- name: stigrule_258195__etc_audit_rules_d_audit_rules__usr_bin_kmod
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules$'
@@ -2774,7 +2721,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258195_Manage
 # R-258196 RHEL-09-654110
- name : stigrule_258196__etc_audit_rules_d_audit_rules__usr_bin_newgrp
+- name: stigrule_258196__etc_audit_rules_d_audit_rules__usr_bin_newgrp
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -2782,7 +2729,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258196_Manage
 # R-258197 RHEL-09-654115
- name : stigrule_258197__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
+- name: stigrule_258197__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check$'
@@ -2790,7 +2737,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258197_Manage
 # R-258198 RHEL-09-654120
- name : stigrule_258198__etc_audit_rules_d_audit_rules__usr_bin_passwd
+- name: stigrule_258198__etc_audit_rules_d_audit_rules__usr_bin_passwd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd$'
@@ -2798,7 +2745,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258198_Manage
 # R-258199 RHEL-09-654125
- name : stigrule_258199__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
+- name: stigrule_258199__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2806,7 +2753,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258199_Manage
 # R-258200 RHEL-09-654130
- name : stigrule_258200__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
+- name: stigrule_258200__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2814,7 +2761,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258200_Manage
 # R-258201 RHEL-09-654135
- name : stigrule_258201__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
+- name: stigrule_258201__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
@@ -2822,7 +2769,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258201_Manage
 # R-258202 RHEL-09-654140
- name : stigrule_258202__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
+- name: stigrule_258202__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
@@ -2830,7 +2777,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258202_Manage
 # R-258203 RHEL-09-654145
- name : stigrule_258203__etc_audit_rules_d_audit_rules__usr_bin_su
+- name: stigrule_258203__etc_audit_rules_d_audit_rules__usr_bin_su
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change$'
@@ -2838,7 +2785,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258203_Manage
 # R-258204 RHEL-09-654150
- name : stigrule_258204__etc_audit_rules_d_audit_rules__usr_bin_sudo
+- name: stigrule_258204__etc_audit_rules_d_audit_rules__usr_bin_sudo
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -2846,7 +2793,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258204_Manage
 # R-258205 RHEL-09-654155
- name : stigrule_258205__etc_audit_rules_d_audit_rules__usr_bin_sudoedit
+- name: stigrule_258205__etc_audit_rules_d_audit_rules__usr_bin_sudoedit
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
@@ -2854,7 +2801,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258205_Manage
 # R-258206 RHEL-09-654160
- name : stigrule_258206__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
+- name: stigrule_258206__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2862,7 +2809,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258206_Manage
 # R-258207 RHEL-09-654165
- name : stigrule_258207__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
+- name: stigrule_258207__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2870,7 +2817,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258207_Manage
 # R-258208 RHEL-09-654170
- name : stigrule_258208__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
+- name: stigrule_258208__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
@@ -2878,7 +2825,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258208_Manage
 # R-258209 RHEL-09-654175
- name : stigrule_258209__etc_audit_rules_d_audit_rules__usr_sbin_usermod
+- name: stigrule_258209__etc_audit_rules_d_audit_rules__usr_sbin_usermod
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod$'
@@ -2886,7 +2833,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258209_Manage
 # R-258210 RHEL-09-654180
- name : stigrule_258210__etc_audit_rules_d_audit_rules__usr_bin_mount
+- name: stigrule_258210__etc_audit_rules_d_audit_rules__usr_bin_mount
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
@@ -2894,7 +2841,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258210_Manage
 # R-258211 RHEL-09-654185
- name : stigrule_258211__etc_audit_rules_d_audit_rules__usr_sbin_init
+- name: stigrule_258211__etc_audit_rules_d_audit_rules__usr_sbin_init
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/init -F perm=x -F auid>=1000 -F auid!=unset -k privileged-init$'
@@ -2902,7 +2849,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258211_Manage
 # R-258212 RHEL-09-654190
- name : stigrule_258212__etc_audit_rules_d_audit_rules__usr_sbin_poweroff
+- name: stigrule_258212__etc_audit_rules_d_audit_rules__usr_sbin_poweroff
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/poweroff -F perm=x -F auid>=1000 -F auid!=unset -k privileged-poweroff$'
@@ -2910,7 +2857,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258212_Manage
 # R-258213 RHEL-09-654195
- name : stigrule_258213__etc_audit_rules_d_audit_rules__usr_sbin_reboot
+- name: stigrule_258213__etc_audit_rules_d_audit_rules__usr_sbin_reboot
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/reboot -F perm=x -F auid>=1000 -F auid!=unset -k privileged-reboot$'
@@ -2918,7 +2865,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258213_Manage
 # R-258214 RHEL-09-654200
- name : stigrule_258214__etc_audit_rules_d_audit_rules__usr_sbin_shutdown
+- name: stigrule_258214__etc_audit_rules_d_audit_rules__usr_sbin_shutdown
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-a always,exit -F path=/usr/sbin/shutdown -F perm=x -F auid>=1000 -F auid!=unset -k privileged-shutdown$'
@@ -2926,7 +2873,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258214_Manage
 # R-258217 RHEL-09-654215
- name : stigrule_258217__etc_audit_rules_d_audit_rules__etc_sudoers
+- name: stigrule_258217__etc_audit_rules_d_audit_rules__etc_sudoers
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/sudoers -p wa -k identity$'
@@ -2934,7 +2881,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258217_Manage
 # R-258218 RHEL-09-654220
- name : stigrule_258218__etc_audit_rules_d_audit_rules__etc_sudoers_d_
+- name: stigrule_258218__etc_audit_rules_d_audit_rules__etc_sudoers_d_
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/sudoers.d/ -p wa -k identity$'
@@ -2942,7 +2889,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258218_Manage
 # R-258219 RHEL-09-654225
- name : stigrule_258219__etc_audit_rules_d_audit_rules__etc_group
+- name: stigrule_258219__etc_audit_rules_d_audit_rules__etc_group
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/group -p wa -k identity$'
@@ -2950,7 +2897,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258219_Manage
 # R-258220 RHEL-09-654230
- name : stigrule_258220__etc_audit_rules_d_audit_rules__etc_gshadow
+- name: stigrule_258220__etc_audit_rules_d_audit_rules__etc_gshadow
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/gshadow -p wa -k identity$'
@@ -2958,7 +2905,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258220_Manage
 # R-258221 RHEL-09-654235
- name : stigrule_258221__etc_audit_rules_d_audit_rules__etc_security_opasswd
+- name: stigrule_258221__etc_audit_rules_d_audit_rules__etc_security_opasswd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/security/opasswd -p wa -k identity$'
@@ -2966,7 +2913,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258221_Manage
 # R-258222 RHEL-09-654240
- name : stigrule_258222__etc_audit_rules_d_audit_rules__etc_passwd
+- name: stigrule_258222__etc_audit_rules_d_audit_rules__etc_passwd
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/passwd -p wa -k identity$'
@@ -2974,7 +2921,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258222_Manage
 # R-258223 RHEL-09-654245
- name : stigrule_258223__etc_audit_rules_d_audit_rules__etc_shadow
+- name: stigrule_258223__etc_audit_rules_d_audit_rules__etc_shadow
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /etc/shadow -p wa -k identity$'
@@ -2982,7 +2929,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258223_Manage
 # R-258224 RHEL-09-654250
- name : stigrule_258224__etc_audit_rules_d_audit_rules__var_log_faillock
+- name: stigrule_258224__etc_audit_rules_d_audit_rules__var_log_faillock
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /var/log/faillock -p wa -k logins$'
@@ -2990,7 +2937,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258224_Manage
 # R-258225 RHEL-09-654255
- name : stigrule_258225__etc_audit_rules_d_audit_rules__var_log_lastlog
+- name: stigrule_258225__etc_audit_rules_d_audit_rules__var_log_lastlog
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /var/log/lastlog -p wa -k logins$'
@@ -2998,7 +2945,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258225_Manage
 # R-258226 RHEL-09-654260
- name : stigrule_258226__etc_audit_rules_d_audit_rules__var_log_tallylog
+- name: stigrule_258226__etc_audit_rules_d_audit_rules__var_log_tallylog
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-w /var/log/tallylog -p wa -k logins$'
@@ -3006,7 +2953,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258226_Manage
 # R-258227 RHEL-09-654265
- name : stigrule_258227__etc_audit_rules_d_audit_rules_f2
+- name: stigrule_258227__etc_audit_rules_d_audit_rules_f2
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-f 2$'
@@ -3014,7 +2961,7 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258227_Manage
 # R-258228 RHEL-09-654270
- name : stigrule_258228__etc_audit_rules_d_audit_rules_loginuid_immutable
+- name: stigrule_258228__etc_audit_rules_d_audit_rules_loginuid_immutable
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^--loginuid-immutable$'
@@ -3022,34 +2969,22 @@
  notify: auditd_restart
  when: rhel9STIG_stigrule_258228_Manage
 # R-258229 RHEL-09-654275
- name : stigrule_258229__etc_audit_rules_d_audit_rules_e2
+- name: stigrule_258229__etc_audit_rules_d_audit_rules_e2
  lineinfile:
    path: /etc/audit/rules.d/audit.rules
    regexp: '^-e 2$'
    line: "{{ rhel9STIG_stigrule_258229__etc_audit_rules_d_audit_rules_e2_Line }}"
  notify: auditd_restart
  when: rhel9STIG_stigrule_258229_Manage
-# R-258234 RHEL-09-672010
+# R-258234 RHEL-09-215100
 - name: stigrule_258234_crypto_policies
  yum:
    name: crypto-policies
    state: "{{ rhel9STIG_stigrule_258234_crypto_policies_State }}"
  when: rhel9STIG_stigrule_258234_Manage
-# R-258239 RHEL-09-672035
+# R-272488 RHEL-09-215101
- name: stigrule_258239__etc_pki_tls_openssl_cnf
+- name: stigrule_272488_postfix
-  lineinfile:
+  yum:
-    path: /etc/pki/tls/openssl.cnf
+    name: postfix
-    line: "{{ rhel9STIG_stigrule_258239__etc_pki_tls_openssl_cnf_Line }}"
+    state: "{{ rhel9STIG_stigrule_272488_postfix_State }}"
-    create: yes
+  when: rhel9STIG_stigrule_272488_Manage
  when:
    - rhel9STIG_stigrule_258239_Manage
 # R-258240 RHEL-09-672040
 - name: stigrule_258240__etc_crypto_policies_back_ends_opensslcnf_config
  lineinfile:
    path: /etc/crypto-policies/back-ends/opensslcnf.config
    regexp: '^\s*TLS.MinProtocol\s*='
    line: "{{ rhel9STIG_stigrule_258240__etc_crypto_policies_back_ends_opensslcnf_config_Line }}"
    create: yes
  notify: do_reboot
  when:
    - rhel9STIG_stigrule_258240_Manage
--- a/common/setup.yml
+++ b/common/setup.yml
@@ -44,14 +44,13 @@ controller_inventory_sources:
        - tag:Name
      compose:
        ansible_host: public_ip_address
-        ansible_user: 'ec2-user'
+        ansible_user: ec2-user
      groups:
        cloud_aws: true
-        os_linux: tags.blueprint.startswith('rhel')
+        os_linux: "platform_details == 'Red Hat Enterprise Linux'"
-        os_windows: tags.blueprint.startswith('win')
+        os_windows: "platform_details == 'Windows'"
      keyed_groups:
        - key: platform
          prefix: os
        - key: tags.blueprint
          prefix: blueprint
        - key: tags.owner
@@ -62,6 +61,7 @@ controller_inventory_sources:
          prefix: deployment
        - key: tags.Compliance
          separator: ''
 controller_groups:
  - name: cloud_aws
    inventory: Demo Inventory
--- a/execution_environments/.gitattributes
+++ b/execution_environments/.gitattributes
@@ -1 +0,0 @@
 openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm filter=lfs diff=lfs merge=lfs -text
--- a/execution_environments/README.md
+++ b/execution_environments/README.md
@@ -1,17 +1,16 @@
 # Execution Environment Images for Ansible Product Demos
-When the Ansible Product Demos setup job template is run, it creates a number of execution environment definitions on the automation controller.  The content of this directory is used to create and update the default execution environment images defined during the setup process.
+When the Ansible Product Demos setup job template is run, it creates a number of execution environment definitions on the automation controller.  The content of this directory is used to create and update the default APD execution environment images defined during the setup process, [quay.io/ansible-product-demos/apd-ee-25](quay.io/ansible-product-demos/apd-ee-25).
-Currently these execution environment images are created manually using the `build.sh` script, with a future goal of building in a CI pipeline when any EE definitions or requirements are updated.
+Currently the execution environment image is created manually using the `build.sh` script, with a future goal of building in a CI pipeline when the EE definition or requirements are updated.
 ## Building the execution environment images
 1. `podman login registry.redhat.io` in order to pull the base EE images
 2. `export ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN="<token>"` obtained from [Automation Hub](https://console.redhat.com/ansible/automation-hub/token)
-3. `export ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN="<token>"` (same as above)
+3. `export ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN="<token>"` (same token as above)
-4. `./build.sh` to build the EE images and add them to your local podman image cache
+4. `./build.sh` to build the EE image
-The `build.sh` script creates multiple EE images, each based on the ee-minimal image that comes with a different minor version of AAP.  These images are created in the "quay.io/ansible-product-demos" namespace.  Currently the script builds the following images:
+The `build.sh` script creates a multi-architecture EE image for the amd64 (x86_64) and arm64 (aarch64) platforms.  It does so by creating the build context using `ansible-builder create`, then creating a podman manifest definition and building an EE image for each supported platform.
-* quay.io/ansible-product-demos/apd-ee-24
+NOTE: Podman will use qemu to emulate the non-native architecture at build time, so the build must be performed on a system which includes the qemu-user-static package.  Builds have only been tested on MacOS using podman-desktop with the native Fedora-based podman machine.
 * quay.io/ansible-product-demos/apd-ee-25
--- a/execution_environments/apd-ee-24.yml
+++ b/execution_environments/apd-ee-24.yml
@@ -1,32 +0,0 @@
 ---
 version: 3
 images:
  base_image:
    name: registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9:latest
 dependencies:
  galaxy: requirements.yml
 additional_build_files:
  # https://access.redhat.com/solutions/7024259
  # download from access.redhat.com -> Downloads -> OpenShift Container Platform -> Packages
  - src: openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
    dest: rpms
  - src: ansible.cfg
    dest: configs
 options:
  package_manager_path: /usr/bin/microdnf
 additional_build_steps:
  prepend_base:
    - RUN $PYCMD -m pip install --upgrade pip setuptools
    - COPY _build/rpms/openshift-clients*.rpm /tmp/openshift-clients.rpm
    - RUN $PKGMGR -y update && $PKGMGR -y install bash-completion && $PKGMGR clean all
    - RUN rpm -ivh /tmp/openshift-clients.rpm && rm /tmp/openshift-clients.rpm
  prepend_galaxy:
    - ADD _build/configs/ansible.cfg /etc/ansible/ansible.cfg
    - ARG ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN
    - ARG ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN
 ...
--- a/execution_environments/apd-ee-25.yml
+++ b/execution_environments/apd-ee-25.yml
@@ -4,7 +4,7 @@ images:
  base_image:
    name: registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel9:latest
 dependencies:
-  galaxy: requirements-25.yml
+  galaxy: requirements.yml
  system:
    - python3.11-devel [platform:rpm]
  python:
@@ -13,10 +13,6 @@ dependencies:
    python_path: /usr/bin/python3.11
 additional_build_files:
  # https://access.redhat.com/solutions/7024259
  # download from access.redhat.com -> Downloads -> OpenShift Container Platform -> Packages
  - src: openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
    dest: rpms
  - src: ansible.cfg
    dest: configs
@@ -25,16 +21,17 @@ options:
 additional_build_steps:
  prepend_base:
-    # AgnosticD can use this to deterine it is running from an EE
+    - ARG OPENSHIFT_CLIENT_RPM
    # see https://github.com/redhat-cop/agnosticd/blob/development/ansible/install_galaxy_roles.yml
    - ENV LAUNCHED_BY_RUNNER=1
    - RUN $PYCMD -m pip install --upgrade pip setuptools
    - COPY _build/rpms/openshift-clients*.rpm /tmp/openshift-clients.rpm
    - RUN $PKGMGR -y update && $PKGMGR -y install bash-completion && $PKGMGR clean all
-    - RUN rpm -ivh /tmp/openshift-clients.rpm && rm /tmp/openshift-clients.rpm
+    # microdnf doesn't support URL or local file paths to RPMs, use rpm as a workaround
    - RUN curl -o /tmp/openshift-clients.rpm $OPENSHIFT_CLIENT_RPM && rpm -Uvh /tmp/openshift-clients.rpm && rm -f /tmp/openshift-clients.rpm
  prepend_galaxy:
    - ADD _build/configs/ansible.cfg /etc/ansible/ansible.cfg
    - ARG ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN
    - ARG ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN
  append_final:
    - RUN curl -o /etc/yum.repos.d/hasicorp.repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo &&
      microdnf install -y terraform
 ...
--- a/execution_environments/build.sh
+++ b/execution_environments/build.sh
@@ -1,29 +1,61 @@
 #!/bin/bash
-# array of images to build
+if [[ -z $ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN || -z $ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN ]]
-ee_images=(
+then
-    "apd-ee-24"
+    echo "A valid Automation Hub token is required, Set the following environment variables before continuing"
-    "apd-ee-25"
+    echo "export ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN=<token>"
-)
+    echo "export ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN=<token>"
    exit 1
 fi
-for ee in "${ee_images[@]}"
+# log in to pull the base EE image
 if ! podman login --get-login registry.redhat.io > /dev/null
 then
    echo "Run 'podman login registry.redhat.io' before continuing"
    exit 1
 fi
 # create EE definition
 rm -rf ./context/*
 ansible-builder create \
    --file apd-ee-25.yml \
    --context ./context \
    -v 3 | tee ansible-builder.log
 # remove existing manifest if present
 _tag=$(date +%Y%m%d)
 podman manifest rm quay.io/ansible-product-demos/apd-ee-25:${_tag}
 # create manifest for EE image
 podman manifest create quay.io/ansible-product-demos/apd-ee-25:${_tag}
 # for the openshift-clients RPM, microdnf doesn't support URL-based installs
 # and HTTP doesn't support file globs for GETs, use multiple steps to determine
 # the correct RPM URL for each machine architecture
 for arch in amd64 arm64
 do
-    echo "Building EE image ${ee}"
+    _baseurl=https://mirror.openshift.com/pub/openshift-v4/${arch}/dependencies/rpms/4.18-el9-beta/
    _rpm=$(curl -s ${_baseurl} | grep openshift-clients-4 | grep href | cut -d\" -f2)
-    # build EE image
+    # build EE for multiple architectures from the EE context
-    ansible-builder build \
+    pushd ./context/ > /dev/null
-        --file ${ee}.yml \
+    podman build --platform linux/${arch} \
-        --context ./ee_contexts/${ee} \
+      --build-arg ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN \
-        --build-arg ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN \
+      --build-arg ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN \
-        --build-arg ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN \
+      --build-arg OPENSHIFT_CLIENT_RPM="${_baseurl}${_rpm}" \
-        -v 3 \
+      --manifest quay.io/ansible-product-demos/apd-ee-25:${_tag} . \
-        -t quay.io/ansible-product-demos/${ee}:$(date +%Y%m%d)
+      | tee podman-build-${arch}.log
-
+    popd > /dev/null
    if [[ $? == 0 ]]
    then
        # tag EE image as latest
        podman tag \
            quay.io/ansible-product-demos/${ee}:$(date +%Y%m%d) \
            quay.io/ansible-product-demos/${ee}:latest
    fi
 done
 # inspect manifest content
 #podman manifest inspect quay.io/ansible-product-demos/apd-ee-25:${_tag}
 # tag manifest as latest
 #podman tag quay.io/ansible-product-demos/apd-ee-25:${_tag} quay.io/ansible-product-demos/apd-ee-25:latest
 # push all manifest content to repository
 # using --all is important here, it pushes all content and not
 # just the native platform content
 #podman manifest push --all quay.io/ansible-product-demos/apd-ee-25:${_tag}
 #podman manifest push --all quay.io/ansible-product-demos/apd-ee-25:latest
--- a/execution_environments/openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
+++ b/execution_environments/openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f637eb0440f14f1458800c7a9012adcb9b58eb2131c02f64dfa4ca515e182093
 size 54960859
--- a/execution_environments/requirements-25.yml
+++ b/execution_environments/requirements-25.yml
@@ -1,77 +0,0 @@
 ---
 collections:
  # AAP config as code
  - name: ansible.controller
    version: ">=4.6.0"
  # TODO this fails trying to install a different version of
  # the python-systemd package
  # - name: ansible.eda  # fails trying to install systemd-python package
  #   version: ">=2.1.0"
  - name: ansible.hub
    version: ">=1.0.0"
  - name: ansible.platform
    version: ">=2.5.0"
  - name: infra.ah_configuration
    version: ">=2.0.6"
  - name: infra.controller_configuration
    version: ">=2.11.0"
  # linux demos
  - name: ansible.posix
    version: ">=1.5.4"
  - name: community.general
    version: ">=8.0.0"
  - name: containers.podman
    version: ">=1.12.1"
  - name: redhat.insights
    version: ">=1.2.2"
  - name: redhat.rhel_system_roles
    version: ">=1.23.0"
  # windows demos
  - name: microsoft.ad
    version: "1.9"
  - name: ansible.windows
    version: ">=2.3.0"
  - name: chocolatey.chocolatey
    version: ">=1.5.1"
  - name: community.windows
    version: ">=2.2.0"
  # cloud demos
  - name: amazon.aws
    version: ">=7.5.0"
  # satellite demos
  - name: redhat.satellite
    version: ">=4.0.0"
  # network demos
  - name: ansible.netcommon
    version: ">=6.0.0"
  - name: cisco.ios
    version: ">=7.0.0"
  - name: cisco.iosxr
    version: ">=8.0.0"
  - name: cisco.nxos
    version: ">=7.0.0"
  - name: network.backup
    version: ">=3.0.0"
  # TODO on 2.5 ee-minimal-rhel9 this tries to build and install
  # a different version of python netifaces, which fails
  # - name: infoblox.nios_modules
  #   version: ">=1.6.1"
  # openshift demos
  - name: kubernetes.core
    version: ">=4.0.0"
  - name: redhat.openshift
    version: ">=3.0.1"
  - name: redhat.openshift_virtualization
    version: ">=1.4.0"
  # for RHDP
  - name: ansible.utils
    version: ">=5.1.0"
  - name: kubevirt.core
    version: ">=2.1.0"
  - name: community.okd
    version: ">=4.0.0"
  - name: https://github.com/rhpds/assisted_installer.git
    type: git
    version: "v0.0.1"
 ...
--- a/execution_environments/requirements.yml
+++ b/execution_environments/requirements.yml
@@ -1,14 +1,21 @@
 ---
 collections:
  # AAP config as code
  - name: ansible.controller
-    version: "<4.6.0"
+    version: ">=4.6.0"
  # TODO this fails trying to install a different version of
  # the python-systemd package
  # - name: ansible.eda  # fails trying to install systemd-python package
  #   version: ">=2.1.0"
  - name: ansible.hub
    version: ">=1.0.0"
  - name: ansible.platform
    version: ">=2.5.0"
  - name: infra.ah_configuration
    version: ">=2.0.6"
  - name: infra.controller_configuration
-    version: ">=2.9.0"
+    version: ">=2.11.0"
-  - name: redhat_cop.controller_configuration
+  # linux demos
    version: ">=2.3.1"
  # linux
  - name: ansible.posix
    version: ">=1.5.4"
  - name: community.general
@@ -19,7 +26,7 @@ collections:
    version: ">=1.2.2"
  - name: redhat.rhel_system_roles
    version: ">=1.23.0"
-  # windows
+  # windows demos
  - name: microsoft.ad
    version: "1.9"
  - name: ansible.windows
@@ -28,13 +35,13 @@ collections:
    version: ">=1.5.1"
  - name: community.windows
    version: ">=2.2.0"
-  # cloud
+  # cloud demos
  - name: amazon.aws
    version: ">=7.5.0"
-  # satellite
+  # satellite demos
  - name: redhat.satellite
    version: ">=4.0.0"
-  # network
+  # network demos
  - name: ansible.netcommon
    version: ">=6.0.0"
  - name: cisco.ios
@@ -43,12 +50,20 @@ collections:
    version: ">=8.0.0"
  - name: cisco.nxos
    version: ">=7.0.0"
-  - name: infoblox.nios_modules
+  - name: network.backup
-    version: ">=1.6.1"
+    version: ">=3.0.0"
-  # openshift
+  # TODO on 2.5 ee-minimal-rhel9 this tries to build and install
  # a different version of python netifaces, which fails
  # - name: infoblox.nios_modules
  #   version: ">=1.6.1"
  # openshift demos
  - name: ansible.utils
    version: ">=6.0.0"
  - name: kubernetes.core
    version: ">=4.0.0"
  - name: redhat.openshift
    version: ">=3.0.1"
  - name: redhat.openshift_virtualization
    version: ">=1.4.0"
 ...
--- a/linux/multi_profile_compliance_report.yml
+++ b/linux/multi_profile_compliance_report.yml
@@ -52,7 +52,9 @@
            state: enabled
            immediate: true
            permanent: true
-          when: "'firewalld.service' in ansible_facts.services"
+          when:
            - "'firewalld.service' in ansible_facts.services"
            - ansible_facts.services["firewalld.service"].state == "running"
        - name: Disable httpd welcome page
          ansible.builtin.file:
--- a/openshift/gitlab.yml
+++ b/openshift/gitlab.yml
@@ -164,4 +164,4 @@
      ansible.builtin.debug:
        msg: "{{ msg.split('\n') }}"
-...
+...
--- a/openshift/setup.yml
+++ b/openshift/setup.yml
@@ -245,6 +245,34 @@ controller_templates:
      - "OpenShift Credential"
 controller_workflows:
  - name: OpenShift / CNV / Sync Hosts
    description: A workflow to update dynamic CNV inventory and wait for hosts to become avilable
    organization: Default
    notification_templates_started: Telemetry
    notification_templates_success: Telemetry
    notification_templates_error: Telemetry
    survey_enabled: true
    survey:
      name: ''
      description: ''
      spec:
        - question_name: Specify target hosts
          type: text
          variable: _hosts
          required: true
          default: "openshift-cnv-rhel*"
    simplified_workflow_nodes:
      - identifier: Inventory Sync
        unified_job_template: OpenShift CNV Inventory
        success_nodes:
          - Wait Hosts
      - identifier: Wait Hosts
        unified_job_template: OpenShift / CNV / Wait Hosts
        failure_nodes:
          - Second Inventory Sync
      - identifier: Second Inventory Sync
        unified_job_template: OpenShift CNV Inventory
  - name: OpenShift / CNV / Infra Stack
    description: A workflow to deploy Virtualized infra in OCP Virtalization
    organization: Default
@@ -320,15 +348,15 @@ controller_workflows:
        success_nodes:
          - Patch Instance
      # We need to do an invnetory sync *after* creating snapshots, as turning VMs on/off changes their IP
-      - identifier: Inventory Sync
+      - identifier: Sync Hosts
-        unified_job_template: OpenShift CNV Inventory
+        unified_job_template: OpenShift / CNV / Sync Hosts
        success_nodes:
          - Patch Instance
      - identifier: Take Snapshot
        unified_job_template: OpenShift / CNV / Create VM Snapshots
        success_nodes:
          - Project Sync
-          - Inventory Sync
+          - Sync Hosts
      - identifier: Patch Instance
        unified_job_template: OpenShift / CNV / Patch
        job_type: run
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -2,45 +2,65 @@
 roles:
  # RHEL 7 compliance roles from ComplianceAsCode
  - name: redhatofficial.rhel7-cis
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cis
    version: 0.1.72
  - name: redhatofficial.rhel7-cjis
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cjis
    version: 0.1.72
  - name: redhatofficial.rhel7-cui
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cui
    version: 0.1.72
  - name: redhatofficial.rhel7-hipaa
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-hipaa
    version: 0.1.72
  - name: redhatofficial.rhel7-ospp
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-ospp
    version: 0.1.72
  - name: redhatofficial.rhel7-pci-dss
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-pci-dss
    version: 0.1.72
  - name: redhatofficial.rhel7-stig
    src: https://github.com/RedHatOfficial/ansible-role-rhel7-stig
    version: 0.1.72
  # RHEL 8 compliance roles from ComplianceAsCode
  - name: redhatofficial.rhel8-cis
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cis
    version: 0.1.72
  - name: redhatofficial.rhel8-cjis
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cjis
    version: 0.1.72
  - name: redhatofficial.rhel8-cui
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cui
    version: 0.1.72
  - name: redhatofficial.rhel8-hipaa
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-hipaa
    version: 0.1.72
  - name: redhatofficial.rhel8-ospp
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-ospp
    version: 0.1.72
  - name: redhatofficial.rhel8-pci-dss
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-pci-dss
    version: 0.1.72
  - name: redhatofficial.rhel8-stig
    src: https://github.com/RedHatOfficial/ansible-role-rhel8-stig
    version: 0.1.72
  # RHEL 9 compliance roles from ComplianceAsCode
  - name: redhatofficial.rhel9-cis
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-cis
    version: 0.1.72
  - name: redhatofficial.rhel9-cui
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-cui
    version: 0.1.72
  - name: redhatofficial.rhel9-hipaa
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-hipaa
    version: 0.1.72
  - name: redhatofficial.rhel9-ospp
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-ospp
    version: 0.1.72
  - name: redhatofficial.rhel9-pci-dss
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-pci-dss
    version: 0.1.72
  - name: redhatofficial.rhel9-stig
    src: https://github.com/RedHatOfficial/ansible-role-rhel9-stig
    version: 0.1.72
 ...
--- a/tests/requirements.yml
+++ b/tests/requirements.yml
@@ -1 +1 @@
-../execution_environments/requirements.yml
+../execution_environments/requirements-25.yml
--- a/windows/create_ad_domain.yml
+++ b/windows/create_ad_domain.yml
@@ -46,15 +46,17 @@
    - name: Create some users
      microsoft.ad.user:
        name: "{{ item.name }}"
-        groups: "{{ item.groups }}"
+        groups:
          set:
            - "{{ item.group }}"
        password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
        update_password: on_create
      loop:
        - name: "UserA"
-          groups: "GroupA"
+          group: "GroupA"
        - name: "UserB"
-          groups: "GroupB"
+          group: "GroupB"
        - name: "UserC"
-          groups: "GroupC"
+          group: "GroupC"
      retries: 5
      delay: 10
--- a/windows/helpdesk_new_user_portal.yml
+++ b/windows/helpdesk_new_user_portal.yml
@@ -10,7 +10,7 @@
        # Example result: ['&Qw2|E[-']
    - name: Create new user
-      community.windows.win_domain_user:
+      microsoft.ad.user:
        name: "{{ firstname }} {{ surname }}"
        firstname: "{{ firstname }}"
        surname: "{{ surname }}"
--- a/windows/join_ad_domain.yml
+++ b/windows/join_ad_domain.yml
@@ -16,7 +16,7 @@
    - name: Ensure Demo OU exists
      run_once: true
      delegate_to: "{{ domain_controller }}"
-      community.windows.win_domain_ou:
+      microsoft.ad.ou:
        name: Demo
        state: present
@@ -26,7 +26,7 @@
    - name: Join ansible.local domain
      register: r_domain_membership
-      ansible.windows.win_domain_membership:
+      microsoft.ad.membership:
        dns_domain_name: ansible.local
        hostname: "{{ inventory_hostname.split('.')[0] }}"
        domain_admin_user: "{{ ansible_user }}@ansible.local"
Author	SHA1	Message	Date
matt	b5399283a1	try this	2025-07-11 16:06:24 -06:00
matt	b9054543cb	syntax issue	2025-07-11 16:03:16 -06:00
matt	beb47d4f8e	attempt to fix annoying snapshot/inventory sync issue with CNV	2025-07-11 16:00:06 -06:00
Chris Edillon	a7b79faf34	Refer to bootstrap repo for initial APD setup (#257 )	2025-07-09 13:07:17 -06:00
Chris Edillon	af7d93fcdb	Improve compliance report firewalld conditional (#253 ) Co-authored-by: Matthew Fernandez <l3acon@users.noreply.github.com>	2025-06-25 14:00:29 -06:00
Matthew Fernandez	0634643f21	Fix AWS groups (#255 )	2025-06-25 13:06:49 -04:00
Todd Ruch	db97b38fbc	Resolve parameter failure in Windows "Create some users" task (#250 )	2025-06-20 14:38:08 -04:00
Chris Edillon	7468d14a98	support building multi-arch EE image (#249 ) Co-authored-by: Matthew Fernandez <l3acon@users.noreply.github.com>	2025-06-18 16:49:04 -04:00
Matthew Fernandez	8a70edbfdc	Attempt galaxy workaround (#252 ) this will eventually be re-worked to put roles in our EE	2025-06-17 10:00:20 -06:00
Matthew Fernandez	9a93004e0a	Fix mistake where the main README.md is overridden. (#243 )	2025-05-13 12:08:50 -06:00
Matthew Fernandez	64f7c88114	Refactor pre commit (#237 ) Wheee!	2025-05-06 14:24:25 -06:00
Chris Edillon	4285a68f3e	Update DISA supplemental roles for RHEL STIG (#238 )	2025-05-05 11:11:14 -06:00
		`@@ -1 +0,0 @@`
			`openshift-clients-4.16.0-202408021139.p0.ge8fb3c0.assembly.stream.el9.x86_64.rpm filter=lfs diff=lfs merge=lfs -text`
		`@@ -1 +1 @@`
			`../execution_environments/requirements.yml`				`../execution_environments/requirements-25.yml`