mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 14:23:05 +00:00
updated yamllint, company naming, linting and spacing
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
1b694832bb
commit
2de8a39cdc
66 changed files with 461 additions and 675 deletions
|
|
@ -2,7 +2,8 @@
|
|||
# handlers file for RHEL9-CIS
|
||||
|
||||
- name: Reload sysctl
|
||||
ansible.builtin.shell: sysctl --system
|
||||
ansible.builtin.command: sysctl --system
|
||||
changed_when: true
|
||||
|
||||
- name: Sysctl flush ipv4 route table
|
||||
when:
|
||||
|
|
@ -43,8 +44,8 @@
|
|||
|
||||
- name: Set Crypto Policy
|
||||
when: prelim_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
|
||||
ansible.builtin.shell: |
|
||||
update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
|
||||
ansible.builtin.command: update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
|
||||
changed_when: true
|
||||
notify:
|
||||
- Change_requires_reboot
|
||||
- Restart sshd
|
||||
|
|
@ -65,11 +66,13 @@
|
|||
state: restarted
|
||||
|
||||
- name: Reload dconf
|
||||
ansible.builtin.shell: dconf update
|
||||
ansible.builtin.command: dconf update
|
||||
changed_when: true
|
||||
|
||||
- name: Grub2cfg
|
||||
ansible.builtin.shell: "grub2-mkconfig -o /boot/grub2/grub.cfg"
|
||||
ansible.builtin.command: "grub2-mkconfig -o /boot/grub2/grub.cfg"
|
||||
ignore_errors: true # noqa ignore-errors
|
||||
changed_when: true
|
||||
|
||||
- name: Restart rsyslog
|
||||
ansible.builtin.systemd:
|
||||
|
|
@ -91,24 +94,25 @@
|
|||
daemon-reload: true
|
||||
|
||||
- name: Authselect update
|
||||
ansible.builtin.shell: authselect apply-changes
|
||||
ansible.builtin.command: authselect apply-changes
|
||||
changed_when: true
|
||||
|
||||
## Auditd tasks note order for handlers to run
|
||||
|
||||
- name: Auditd immutable check
|
||||
ansible.builtin.shell: grep -c "^-e 2" /etc/audit/rules.d/99_auditd.rules
|
||||
ansible.builtin.command: grep -c "^-e 2" /etc/audit/rules.d/99_auditd.rules
|
||||
changed_when: false
|
||||
register: discovered_auditd_immutable_check
|
||||
|
||||
- name: Audit immutable fact
|
||||
when:
|
||||
- discovered_auditd_immutable_check.stdout == '1'
|
||||
when: discovered_auditd_immutable_check.stdout == '1'
|
||||
ansible.builtin.debug:
|
||||
msg: "Reboot required for auditd to apply new rules as immutable set"
|
||||
notify: Change_requires_reboot
|
||||
|
||||
- name: Restart auditd
|
||||
ansible.builtin.shell: service auditd restart
|
||||
- name: Restart auditd # noqa command-instead-of-module
|
||||
ansible.builtin.command: service auditd restart
|
||||
changed_when: true
|
||||
|
||||
- name: Change_requires_reboot
|
||||
ansible.builtin.set_fact:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue