From ad49d8ef009f92faeac121b633702718bb47878d Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 11 Nov 2024 15:24:38 +0000
Subject: [PATCH] updated 1.2.2-1.2.5 improved regex #425

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.2.x.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tasks/section_1/cis_1.2.x.yml b/tasks/section_1/cis_1.2.x.yml
index 4cfa9470..6aec5159 100644
--- a/tasks/section_1/cis_1.2.x.yml
+++ b/tasks/section_1/cis_1.2.x.yml
@@ -39,7 +39,7 @@
       - name: "1.2.2 | PATCH | Ensure gpgcheck is globally activated | Update yum.repos"
         ansible.builtin.replace:
             name: "{{ item.path }}"
-            regexp: "^gpgcheck=0"
+            regexp: ^gpgcheck\s*=\s*0
             replace: "gpgcheck=1"
         loop: "{{ discovered_yum_repos.files }}"
         loop_control:
@@ -48,7 +48,7 @@
       - name: "1.2.2 | PATCH | Ensure gpgcheck is globally activated | Update dnf.conf"
         ansible.builtin.lineinfile:
             path: /etc/dnf/dnf.conf
-            regexp: ^(#|)gpgcheck=
+            regexp: ^(#|)gpgcheck\s*=
             line: gpgcheck=1
 
 - name: "1.2.3 | PATCH | Ensure repo_gpgcheck is globally activated"
@@ -72,7 +72,7 @@
       - name: "1.2.3 | PATCH | Ensure repo_gpgcheck is globally activated | Update yum.repos"
         ansible.builtin.replace:
             name: "{{ item.path }}"
-            regexp: "^repo_gpgcheck=0"
+            regexp: ^repo_gpgcheck\s*=\s*0"
             replace: "repo_gpgcheck=1"
         loop: "{{ discovered_yum_repos.files }}"
         loop_control:
@@ -81,7 +81,7 @@
       - name: "1.2.3 | PATCH | Ensure repo_gpgcheck is globally activated | Update dnf.conf"
         ansible.builtin.lineinfile:
             path: /etc/dnf/dnf.conf
-            regexp: ^(#|)repo_gpgcheck=
+            regexp: ^(#|)repo_gpgcheck\s*=
             line: repo_gpgcheck=1
 
 - name: "1.2.4 | AUDIT | Ensure package manager repositories are configured"