OT-OSM · oo4abhishek · Nov 5, 2025 · Oct 8, 2025 · Nov 3, 2025 · Nov 3, 2025
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -49,3 +49,8 @@
   ansible.builtin.systemd:
     name: systemd-journald
     state: restarted
+
+#1.3 configuresecureboot 
+- name: Reload systemd
+  ansible.builtin.command: systemctl daemon-reload
+  become: truem
diff --git a/tasks/amazon_linux.yaml b/tasks/amazon_linux.yaml
@@ -0,0 +1,3 @@
+---
+- name: Amazon Linux 2 | Configure secure boot setting 
+  include_tasks: configure_secure_boot_al2.yaml
diff --git a/tasks/configure_secure_boot_al2.yaml b/tasks/configure_secure_boot_al2.yaml
@@ -0,0 +1,13 @@
+---
+
+- name: "1.3.1 Ensure authentication required for single user mode (rescue & emergency)"
+  ansible.builtin.lineinfile:
+    path: "/usr/lib/systemd/system/{{ item }}"
+    regexp: '^ExecStart='
+    line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
+    backup: yes
+  loop:
+    - rescue.service
+    - emergency.service
+  notify: Reload systemd
+
diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -1,16 +1,18 @@
 ---
-- name: Include CIS Stage Specific vars
-  include_vars: cis-{{ cis_Stage }}.yaml
-
-- name: Debian realted Specification
-  include_tasks: configure_Debian.yaml
+- name: Ubuntu related Specification
+  include_tasks: ubuntu.yaml
   when:
     ansible_os_family == 'Debian'
 
-- name: Centos realted Specification
-  include_tasks: configure_RedHat.yaml
+- name: CentOS related Specification
+  include_tasks: centos.yaml
+  when:
+    ansible_os_family == 'RedHat' and ansible_distribution != 'Amazon'
+
+- name: Amazon Linux 2 related Specification
+  include_tasks: amazon_linux.yaml
   when:
-    ansible_os_family == 'RedHat'
+    ansible_distribution == 'Amazon'
 
 # - name: Special purpose services
 #   include_tasks: services.yaml