ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-26 15:13:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

lint updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-09-16 11:19:01 +01:00
parent 33340c7487
commit 1992eea6da
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
7 changed files with 45 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tasks/section_3/cis_3.4.1.x.yml
View file

@ -49,7 +49,7 @@
systemd:
name: nftables
state: stopped
masked: yes
masked: true
when:
- rhel9cis_firewalld_nftables_state == "masked"
@ -73,7 +73,7 @@
systemd:
name: firewalld
state: started
enabled: yes
enabled: true
when:
- rhel9cis_rule_3_4_1_4
tags:
@ -90,7 +90,7 @@
changed_when: false
failed_when: ( firewalld_zone_set.rc not in [ 0, 1 ] )
register: firewalld_zone_set
- name: "3.4.1.5 | AUDIT | Ensure firewalld default zone is set"
command: firewall-cmd --set-default-zone="{{ rhel9cis_default_zone }}"
when:
@ -112,7 +112,7 @@
shell: "nmcli -t connection show | awk -F: '{ if($4){print $4} }' | while read INT; do firewall-cmd --get-active-zones | grep -B1 $INT; done"
changed_when: false
failed_when: false
check_mode: no
check_mode: false
register: rhel9cis_3_4_1_6_interfacepolicy
- name: "3.4.1.6 | AUDIT | Ensure network interfaces are assigned to appropriate zone | Get list of interfaces and polocies | Show the interface to policy"
@ -135,7 +135,7 @@
shell: "firewall-cmd --get-active-zones | awk '!/:/ {print $1}' | while read ZN; do firewall-cmd --list-all --zone=$ZN; done"
changed_when: false
failed_when: false
check_mode: no
check_mode: false
register: rhel9cis_3_4_1_7_servicesport
- name: "3.4.1.7 | AUDIT | Ensure firewalld drops unnecessary services and ports | Show services and ports"