2022-01-07 09:06:18 +00:00
|
|
|
---
|
|
|
|
|
|
2022-03-30 11:08:18 +01:00
|
|
|
- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
|
2023-06-06 14:36:38 +01:00
|
|
|
block:
|
|
|
|
|
- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy | set_fact"
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}:{{ rhel9cis_crypto_policy_module }}{% endif %}"
|
|
|
|
|
|
|
|
|
|
- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
|
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
|
update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
|
|
|
|
|
update-crypto-policies
|
|
|
|
|
notify: change_requires_reboot
|
|
|
|
|
when:
|
2023-06-07 09:24:32 +01:00
|
|
|
- rhel9cis_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
|
2022-01-07 09:06:18 +00:00
|
|
|
when:
|
2022-03-30 11:22:30 +01:00
|
|
|
- rhel9cis_rule_1_10
|
2023-06-06 14:36:38 +01:00
|
|
|
|
2022-01-07 09:06:18 +00:00
|
|
|
tags:
|
|
|
|
|
- level1-server
|
|
|
|
|
- level1-workstation
|
2023-06-06 14:36:38 +01:00
|
|
|
- automated
|
2022-01-07 09:06:18 +00:00
|
|
|
- no system_is_ec2
|
|
|
|
|
- patch
|
|
|
|
|
- rule_1.10
|
