ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated ipv6 rules

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-03-30 11:36:36 +01:00
parent 8c79bfe7fb
commit c85e9ba43f
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 5 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
tasks/section_3/cis_3.1.x.yml
View file

@ -3,15 +3,11 @@
# The CIS Control wants IPv6 disabled if not in use. # The CIS Control wants IPv6 disabled if not in use.
# We are using the rhel9cis_ipv6_required to specify if you have IPv6 in use # We are using the rhel9cis_ipv6_required to specify if you have IPv6 in use
- name: "3.1.1 | PATCH | Verify if IPv6 is enabled on the system" - name: "3.1.1 | PATCH | Verify if IPv6 is enabled on the system"
sysctl: debug:
name: "{{ item }}" msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/99-sysctl.conf"
value: '1' notify:
state: present - update sysctl
reload: yes - sysctl flush ipv6 route table
with_items:
- net.ipv6.conf.all.disable_ipv6
- net.ipv6.conf.default.disable_ipv6
- net.ipv6.conf.lo.disable_ipv6
when: when:
- not rhel9cis_ipv6_required - not rhel9cis_ipv6_required
- rhel9cis_rule_3_1_1 - rhel9cis_rule_3_1_1