ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Improved logic for crypto policy additions

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-08-07 14:05:59 +01:00
parent 49fdafc5e0
commit d5b688caac
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
3 changed files with 42 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

3
handlers/main.yml
View file

@ -38,14 +38,13 @@
- name: Update Crypto Policy
ansible.builtin.set_fact:
rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}:{{ rhel9cis_crypto_policy_module }}{% endif %}"
rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}{{ rhel9cis_crypto_policy_module }}{% endif %}"
notify: Set Crypto Policy
- name: Set Crypto Policy
when: prelim_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
ansible.builtin.shell: |
update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
update-crypto-policies
notify:
- Change_requires_reboot
- Restart sshd