ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-05-09 23:33:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

updated tags on optional

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2026-04-08 12:52:40 +01:00
parent 5dfa35a487
commit 2b17f3f168
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_4/cis_4.3.x.yml
View file

@ -7,7 +7,11 @@
- rhel9cis_rule_4_3_2 - rhel9cis_rule_4_3_2
- rhel9cis_rule_4_3_3 - rhel9cis_rule_4_3_3
- rhel9cis_rule_4_3_4 - rhel9cis_rule_4_3_4
tags: always tags:
- rule_4.3.1
- rule_4.3.2
- rule_4.3.3
- rule_4.3.4
ansible.builtin.command: "nft add table inet {{ rhel9cis_nft_tables_tablename }}" ansible.builtin.command: "nft add table inet {{ rhel9cis_nft_tables_tablename }}"
changed_when: true changed_when: true
@ -210,7 +214,7 @@
ansible.builtin.command: nft add rule inet "{{ rhel9cis_nft_tables_tablename }}" input iif lo accept ansible.builtin.command: nft add rule inet "{{ rhel9cis_nft_tables_tablename }}" input iif lo accept
changed_when: true changed_when: true
- name: "4.3.4 | PATCH | Ensure nftables loopback traffic is configured | Set ip sddr rule | nftables" - name: "4.3.4 | PATCH | Ensure nftables loopback traffic is configured | Set ip saddr rule | nftables"
when: '"ip saddr 127.0.0.0/8 counter packets 0 bytes 0 drop" not in discovered_nftables_ipsaddr.stdout' when: '"ip saddr 127.0.0.0/8 counter packets 0 bytes 0 drop" not in discovered_nftables_ipsaddr.stdout'
ansible.builtin.command: nft add rule inet "{{ rhel9cis_nft_tables_tablename }}" input ip saddr 127.0.0.0/8 counter drop ansible.builtin.command: nft add rule inet "{{ rhel9cis_nft_tables_tablename }}" input ip saddr 127.0.0.0/8 counter drop
changed_when: true changed_when: true