ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 07:23:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

masked or removal options

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-04 15:14:59 +01:00
parent b4eefdbdd3
commit adcc647dd4
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
3 changed files with 45 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tasks/section_3/cis_3.4.1.x.yml
View file

@ -42,10 +42,21 @@
- rule_3.4.1.2
- name: "3.4.1.3 | PATCH | Ensure nftables either not installed or masked with firewalld"
systemd:
name: nftables
state: stopped
masked: yes
block:
- name: "3.4.1.3 | PATCH | Ensure nftables either not installed or masked with firewalld | mask service"
systemd:
name: nftables
state: stopped
masked: yes
when:
- rhel9cis_firewalld_nftables_state == "masked"
- name: "3.4.1.3 | PATCH | Ensure nftables either not installed or masked with firewalld | pkg removed"
package:
name: nftables
state: absent
when:
- rhel9cis_firewalld_nftables_state == "absent"
when:
- rhel9cis_rule_3_4_1_3
tags: