At the bottom is the code-snipit of the faulty code, it assumes the systemctl status returns 0 or 3, in which case I am experiencing it to return 3 all the time.
To fix I would simply just run the mask command without checking if it were mask'd to begin with.
Testing on my local RHEL7 (yum updated as of aug-09):
#### disabling the symlink
# systemctl unmask ctrl-alt-del.target
Removed symlink /etc/systemd/system/ctrl-alt-del.target.
#### check return code of status
# systemctl status ctrl-alt-del.target; echo $?
● reboot.target - Reboot
Loaded: loaded (/usr/lib/systemd/system/reboot.target; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd.special(7)
3
#### enabling the symlink
# systemctl mask ctrl-alt-del.target
Created symlink from /etc/systemd/system/ctrl-alt-del.target to /dev/null.
#### check return code of status
systemctl status ctrl-alt-del.target; echo $?
● ctrl-alt-del.target
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
3
#### file: ansible-hardening/tasks/rhel7stig/misc.yml
#### line number: 38-58
# This returns an exit code of 0 if it's running, 3 if it's masked.
- name: Check if ctrl-alt-del.target is already masked
command: systemctl status ctrl-alt-del.target
register: cad_mask_check
check_mode: no
changed_when: False
failed_when: cad_mask_check.rc not in [0,3]
tags:
- always
- name: V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled
command: systemctl mask ctrl-alt-del.target
when:
- security_rhel7_disable_ctrl_alt_delete | bool
- cad_mask_check.rc != 3
notify:
- reload systemd
tags:
- high
- misc
- V-71993
This should be fixed by using https:/