ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-25 14:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

added blacklist requirement

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-17 11:34:01 +00:00
parent 910d1599a2
commit a2d074a343
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tasks/section_1/cis_1.1.1.x.yml
View file

@ -10,11 +10,20 @@
create: true create: true
mode: 0600 mode: 0600
- name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | blacklist"
lineinfile:
path: /etc/modprobe.d/blacklist.conf
regexp: "^(#)?blacklist squashfs(\\s|$)"
line: "blacklist squashfs"
create: true
mode: 0600
- name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs" - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs"
modprobe: modprobe:
name: squashfs name: squashfs
state: absent state: absent
when: not system_is_container when: not system_is_container
when: when:
- rhel9cis_rule_1_1_1_1 - rhel9cis_rule_1_1_1_1
tags: tags:
@ -34,6 +43,14 @@
create: true create: true
mode: 0600 mode: 0600
- name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disabled | blacklist"
lineinfile:
path: /etc/modprobe.d/blacklist.conf
regexp: "^(#)?blacklist udf(\\s|$)"
line: "blacklist udf"
create: true
mode: 0600
- name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf" - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf"
modprobe: modprobe:
name: udf name: udf