ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 07:23:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tags and containder discovery

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-01-18 13:16:17 +00:00
parent 24ca9a28de
commit 99b81d2d4a
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 35 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

36
tasks/main.yml
View file

@ -3,7 +3,7 @@
- name: Check OS version and family - name: Check OS version and family
assert: assert:
that: that:
- ansible_os_family == 'RedHat' - (ansible_os_family == 'RedHat' or ansible_os_family == "Rocky")
- ansible_distribution_major_version |int >= 8 - ansible_distribution_major_version |int >= 8
fail_msg: "This role can only be run against RHEL 8 or 9. {{ ansible_distribution }} {{ ansible_distribution_major_version }} is not supported." fail_msg: "This role can only be run against RHEL 8 or 9. {{ ansible_distribution }} {{ ansible_distribution_major_version }} is not supported."
success_msg: "Supported OS release and version" success_msg: "Supported OS release and version"
@ -19,6 +19,28 @@
tags: tags:
- always - always
- name: Setup rules if container
block:
- name: Discover and set container variable if required
set_fact:
system_is_container: true
- name: Load variable for container
include_vars:
file: is_container.yml
- name: output if discovered is a container
debug:
msg: system has been discovered as a container
when:
- system_is_container
when:
- ansible_connection == 'docker' or
ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- container_discovery
- always
- name: Check crypto-policy input - name: Check crypto-policy input
assert: assert:
that: rhel9cis_crypto_policy in rhel9cis_allowed_crypto_policies that: rhel9cis_crypto_policy in rhel9cis_allowed_crypto_policies
@ -82,6 +104,8 @@
- name: capture /etc/password variables - name: capture /etc/password variables
include_tasks: parse_etc_password.yml include_tasks: parse_etc_password.yml
when: rhel9cis_section6 when: rhel9cis_section6
tags:
- rhel9cis_section6
- name: run Section 1 tasks - name: run Section 1 tasks
import_tasks: section_1/main.yml import_tasks: section_1/main.yml
@ -94,26 +118,36 @@
import_tasks: section_2/main.yml import_tasks: section_2/main.yml
become: true become: true
when: rhel9cis_section2 when: rhel9cis_section2
tags:
- rhel9cis_section2
- name: run Section 3 tasks - name: run Section 3 tasks
import_tasks: section_3/main.yml import_tasks: section_3/main.yml
become: true become: true
when: rhel9cis_section3 when: rhel9cis_section3
tags:
- rhel9cis_section3
- name: run Section 4 tasks - name: run Section 4 tasks
import_tasks: section_4/main.yml import_tasks: section_4/main.yml
become: true become: true
when: rhel9cis_section4 when: rhel9cis_section4
tags:
- rhel9cis_section4
- name: run Section 5 tasks - name: run Section 5 tasks
import_tasks: section_5/main.yml import_tasks: section_5/main.yml
become: true become: true
when: rhel9cis_section5 when: rhel9cis_section5
tags:
- rhel9cis_section5
- name: run Section 6 tasks - name: run Section 6 tasks
import_tasks: section_6/main.yml import_tasks: section_6/main.yml
become: true become: true
when: rhel9cis_section6 when: rhel9cis_section6
tags:
- rhel9cis_section6
- name: run post remediation tasks - name: run post remediation tasks
import_tasks: post.yml import_tasks: post.yml