section1 v2 initial

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2024-07-19 17:01:23 +01:00 · 2024-07-19 17:01:23 +01:00 · 8b58d71e4b
commit 8b58d71e4b
parent cf4376f1f7
47 changed files with 2181 additions and 1707 deletions
--- a/tasks/post.yml
+++ b/tasks/post.yml
@ -2,12 +2,16 @@
 # Post tasks

 - name: POST | Gather the package facts after remediation
-  ansible.builtin.package_facts:
-      manager: auto
  tags:
-      - always
+    - always
+  ansible.builtin.package_facts:
+    manager: auto

 - name: POST | Update sysctl
+  when:
+    - rhel9cis_sysctl_update
+    - not system_is_container
+    - "'procps-ng' in ansible_facts.packages"
  ansible.builtin.template:
      src: "etc/sysctl.d/{{ item }}.j2"
      dest: "/etc/sysctl.d/{{ item }}"
@ -21,47 +25,33 @@
      - 60-disable_ipv6.conf
      - 60-netipv4_sysctl.conf
      - 60-netipv6_sysctl.conf
-  when:
-      - rhel9cis_sysctl_update
-      - not system_is_container
-      - "'procps-ng' in ansible_facts.packages"

 - name: Flush handlers
  ansible.builtin.meta: flush_handlers

 - name: POST | reboot system if changes require it and not skipped
-  block:
-      - name: POST | Reboot system if changes require it and not skipped
-        ansible.builtin.reboot:
-        when:
-            - change_requires_reboot
-            - not skip_reboot
-
-      - name: POST | Warning a reboot required but skip option set
-        ansible.builtin.debug:
-            msg: "Warning!! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
-        changed_when: true
-        when:
-            - change_requires_reboot
-            - skip_reboot
-
-      - name: "POST | Warning a reboot required but skip option set | warning count"
-        ansible.builtin.import_tasks:
-            file: warning_facts.yml
-        when:
-            - change_requires_reboot
-            - skip_reboot
-  vars:
-      warn_control_id: Reboot_required
  tags:
-      - grub
-      - level1-server
-      - level1-workstation
-      - level2-server
-      - level2-workstation
-      - rhel9cis_section1
-      - rhel9cis_section2
-      - rhel9cis_section3
-      - rhel9cis_section4
-      - rhel9cis_section5
-      - rhel9cis_section6
+    - always
+  block:
+    - name: POST | Reboot system if changes require it and not skipped
+      ansible.builtin.reboot:
+      when:
+        - change_requires_reboot
+        - not skip_reboot
+
+    - name: POST | Warning a reboot required but skip option set
+      ansible.builtin.debug:
+        msg: "Warning!! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
+      changed_when: true
+      when:
+        - change_requires_reboot
+        - skip_reboot
+
+    - name: "POST | Warning a reboot required but skip option set | warning count"
+      ansible.builtin.import_tasks:
+        file: warning_facts.yml
+      when:
+        - change_requires_reboot
+        - skip_reboot
+  vars:
+    warn_control_id: Reboot_required