added fix for #327 thanks to @derekbentson

uk-bolly · uk-bolly · commit e792e99dc83c · 2025-02-11T13:34:46.000Z
Signed-off-by: Mark Bolwell &lt;mark.bollyuk@gmail.com&gt;
diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml
@@ -6161,30 +6161,12 @@
       "MEDIUM | RHEL-08-040120 | PATCH | RHEL 8 must mount /dev/shm with the nodev option."
       "MEDIUM | RHEL-08-040121 | PATCH | RHEL 8 must mount /dev/shm with the nosuid option."
       "MEDIUM | RHEL-08-040122 | PATCH | RHEL 8 must mount /dev/shm with the noexec option."
-  block:
-      - name: |
-            "MEDIUM | RHEL-08-040120 | AUDIT | RHEL 8 must mount /dev/shm with the nodev option."
-            "MEDIUM | RHEL-08-040121 | AUDIT | RHEL 8 must mount /dev/shm with the nosuid option."
-            "MEDIUM | RHEL-08-040122 | AUDIT | RHEL 8 must mount /dev/shm with the noexec option."
-        ansible.builtin.shell: mount | grep /dev/shm
-        changed_when: false
-        failed_when: false
-        register: rhel8stig_040120_dev_shm_status
-
-      - name: |
-            "MEDIUM | RHEL-08-040120 | PATCH | RHEL 8 must mount /dev/shm with the nodev option."
-            "MEDIUM | RHEL-08-040121 | PATCH | RHEL 8 must mount /dev/shm with the nosuid option."
-            "MEDIUM | RHEL-08-040122 | PATCH | RHEL 8 must mount /dev/shm with the noexec option."
-        ansible.posix.mount:
-            path: "{{ item.mount }}"
-            state: mounted
-            src: "{{ item.device }}"
-            fstype: "{{ item.fstype }}"
-            opts: "defaults{{ rhel_08_040120 | ternary (',nodev', '') }}{{ rhel_08_040121 | ternary (',nosuid', '') }}{{ rhel_08_040122 | ternary (',noexec', '') }}"
-        loop: "{{ ansible_facts.mounts }}"
-        when:
-            - item.mount == '/dev/shm'
-            - rhel8stig_040120_dev_shm_status.stdout | length > 0
+  ansible.posix.mount:
+      path: /dev/shm
+      state: mounted
+      src: tmpfs
+      fstype: tmpfs
+      opts: "defaults{{ rhel_08_040120 | ternary (',nodev', '') }}{{ rhel_08_040121 | ternary (',nosuid', '') }}{{ rhel_08_040122 | ternary (',noexec', '') }}"
   when:
       - rhel_08_040120 or
         rhel_08_040121 or
