ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

addressed #309

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-03-31 12:36:27 +01:00
parent b616f70d86
commit cedf510b94
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 20 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

40
tasks/section_2/cis_2.1.x.yml
View file

@ -25,7 +25,7 @@
when: when:
- not rhel9cis_autofs_services - not rhel9cis_autofs_services
- rhel9cis_autofs_mask - rhel9cis_autofs_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: autofs name: autofs
enabled: false enabled: false
@ -57,7 +57,7 @@
when: when:
- not rhel9cis_avahi_server - not rhel9cis_avahi_server
- rhel9cis_avahi_mask - rhel9cis_avahi_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -90,7 +90,7 @@
when: when:
- not rhel9cis_dhcp_server - not rhel9cis_dhcp_server
- rhel9cis_dhcp_mask - rhel9cis_dhcp_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -123,7 +123,7 @@
when: when:
- not rhel9cis_dns_server - not rhel9cis_dns_server
- rhel9cis_dns_mask - rhel9cis_dns_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: named.service name: named.service
enabled: false enabled: false
@ -153,7 +153,7 @@
when: when:
- not rhel9cis_dnsmasq_server - not rhel9cis_dnsmasq_server
- rhel9cis_dnsmasq_mask - rhel9cis_dnsmasq_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: dnsmasq.service name: dnsmasq.service
enabled: false enabled: false
@ -184,7 +184,7 @@
when: when:
- not rhel9cis_samba_server - not rhel9cis_samba_server
- rhel9cis_samba_mask - rhel9cis_samba_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: smb.service name: smb.service
enabled: false enabled: false
@ -215,7 +215,7 @@
when: when:
- not rhel9cis_ftp_server - not rhel9cis_ftp_server
- rhel9cis_ftp_mask - rhel9cis_ftp_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: vsftpd.service name: vsftpd.service
enabled: false enabled: false
@ -249,7 +249,7 @@
when: when:
- not rhel9cis_message_server - not rhel9cis_message_server
- rhel9cis_message_mask - rhel9cis_message_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -285,7 +285,7 @@
when: when:
- not rhel9cis_nfs_server - not rhel9cis_nfs_server
- rhel9cis_nfs_mask - rhel9cis_nfs_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: nfs-server.service name: nfs-server.service
enabled: false enabled: false
@ -302,7 +302,7 @@
- nis - nis
- NIST800-53R5_CM-7 - NIST800-53R5_CM-7
- rule_2.1.10 - rule_2.1.10
notify: Systemd_daemon_reload notify: Systemd daemon reload
block: block:
- name: "2.1.10 | PATCH | Ensure nis server services are not in use | Remove package" - name: "2.1.10 | PATCH | Ensure nis server services are not in use | Remove package"
when: when:
@ -344,7 +344,7 @@
when: when:
- not rhel9cis_print_server - not rhel9cis_print_server
- rhel9cis_print_mask - rhel9cis_print_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -378,7 +378,7 @@
when: when:
- not rhel9cis_rpc_server - not rhel9cis_rpc_server
- rhel9cis_rpc_mask - rhel9cis_rpc_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -412,7 +412,7 @@
when: when:
- not rhel9cis_rsync_server - not rhel9cis_rsync_server
- rhel9cis_rsync_mask - rhel9cis_rsync_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -445,7 +445,7 @@
when: when:
- not rhel9cis_snmp_server - not rhel9cis_snmp_server
- rhel9cis_snmp_mask - rhel9cis_snmp_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: snmpd.service name: snmpd.service
enabled: false enabled: false
@ -476,7 +476,7 @@
when: when:
- not rhel9cis_telnet_server - not rhel9cis_telnet_server
- rhel9cis_telnet_mask - rhel9cis_telnet_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: telnet.socket name: telnet.socket
enabled: false enabled: false
@ -506,7 +506,7 @@
when: when:
- not rhel9cis_tftp_server - not rhel9cis_tftp_server
- rhel9cis_tftp_mask - rhel9cis_tftp_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
@ -540,7 +540,7 @@
when: when:
- not rhel9cis_squid_server - not rhel9cis_squid_server
- rhel9cis_squid_mask - rhel9cis_squid_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: squid.service name: squid.service
enabled: false enabled: false
@ -580,7 +580,7 @@
when: when:
- not rhel9cis_httpd_server - not rhel9cis_httpd_server
- rhel9cis_httpd_mask - rhel9cis_httpd_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: httpd.service name: httpd.service
enabled: false enabled: false
@ -591,7 +591,7 @@
when: when:
- not rhel9cis_nginx_server - not rhel9cis_nginx_server
- rhel9cis_nginx_mask - rhel9cis_nginx_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: ngnix.service name: ngnix.service
enabled: false enabled: false
@ -621,7 +621,7 @@
when: when:
- not rhel9cis_xinetd_server - not rhel9cis_xinetd_server
- rhel9cis_xinetd_mask - rhel9cis_xinetd_mask
notify: Systemd_daemon_reload notify: Systemd daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
name: xinetd.service name: xinetd.service
enabled: false enabled: false