I am using ansible to apply security hardening to CentOS6 VMs. We are following the 179 page CIS security benchmark:
Thanks for the heads up to Philippe Eveque for the complicated regex and backrefs example:
This code will add audit=1 to the end of any line starting with “kernel”
- name: 4.2.3 Enable Auditing for Processes That Start Prior to auditd lineinfile: dest=/etc/grub.conf backup=True backrefs=True state=present regexp='(^\s+kernel(\s+(?!audit=1)[\w=/\-\.]+)*)\s*$' line='\1 audit=1'