ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-25 14:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

rule_1.10 updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-06-06 14:36:38 +01:00
parent 3c3ddfa474
commit 674d3417ff
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
5 changed files with 50 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tasks/section_1/cis_1.10.yml
View file

@ -1,16 +1,25 @@
---
- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
ansible.builtin.shell: |
update-crypto-policies --set "{{ rhel9cis_crypto_policy }}"
update-crypto-policies
notify: Change_requires_reboot
block:
- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy | set_fact"
ansible.builtin.set_fact:
rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}:{{ rhel9cis_crypto_policy_module }}{% endif %}"
- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
ansible.builtin.shell: |
update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
update-crypto-policies
notify: change_requires_reboot
when:
- system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
when:
- rhel9cis_rule_1_10
- system_wide_crypto_policy['stdout'] == 'LEGACY'
tags:
- level1-server
- level1-workstation
- automated
- no system_is_ec2
- patch
- rule_1.10