From be0b2ed8455b85291c187e4fca3b704685572e2c Mon Sep 17 00:00:00 2001
From: Aaron Guise <aaron.guise@ultrafast.co.nz>
Date: Wed, 6 Jul 2016 14:29:56 +1200
Subject: [PATCH] Use SElinux module and remove Dynamic MOTD in /etc/profile

---
 tasks/main.yml | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 9f99076..494e770 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -28,23 +28,17 @@
     - yum-utils
   tags: packages
     
-- name: Check SELinux status
-  command: /usr/sbin/getenforce
-  register: result
-  changed_when: False
-  
-- name: Disable SELinux now if enabled
-  shell: /usr/sbin/setenforce 0
-  when: result.stdout != "Disabled"
-  
-- name: Check/Set SELinux Disabled on boot
-  selinux: policy=targeted state=disabled
+- name: Ensure SELinux status
+  selinux:
+    state: disabled
+  tags: security
   
 - name: Configure NTPD
   template:
     src: ntp.conf.j2
     dest: /etc/ntp.conf
   tags: ntp
+
 - name: Ensure NTPD enabled and started
   service: 
     name: ntpd
@@ -137,6 +131,13 @@
     dest: /usr/local/bin/dynmotd
     mode: a+x
 
+
+- name: Configure Dynamic MOTD in profile
+  lineinfile:
+    dest: /etc/profile
+    regexp: "^/usr/local/bin/dynmotd"
+    state: absent
+    
 - name: Configure Dynamic MOTD in profile
   lineinfile:
     dest: /etc/profile.d/motd.sh