ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updates from Public

Browse source 
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
This commit is contained in:
Frederick Witty 2025-09-10 12:57:50 -04:00
parent a1d88edde0
commit 67c574d8a9
No known key found for this signature in database
GPG key ID: D29987C25A47D813
10 changed files with 32 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/section_4/cis_4.3.x.yml
View file

@ -81,7 +81,7 @@
register: discovered_nftables_inconnectionrule
- name: "4.3.2 | AUDIT | Ensure nftables established connections are configured | Gather outbound connection rules"
ansible.builtin.command: nft list ruleset | awk '/hook output/,/}/' | grep -E 'ip protocol (tcp|udp|icmp) ct state'
ansible.builtin.shell: nft list ruleset | awk '/hook output/,/}/' | grep -E 'ip protocol (tcp|udp|icmp) ct state'
changed_when: false
failed_when: false
register: discovered_nftables_outconnectionrule