Revert "Merge 'devel' of kris9854/RHEL9-CIS-fix into devel"

This reverts commit d4471a3016, reversing changes made to d6ca36a91f.
2025-12-28 07:53:07 +00:00 · 2022-09-26 19:10:53 +02:00 · 2022-09-26 19:10:53 +02:00 · da0734c3a8
commit da0734c3a8
parent 66d8fb8b32
65 changed files with 461 additions and 801 deletions
--- a/tasks/post.yml
+++ b/tasks/post.yml
@ -12,24 +12,57 @@
  tags:
      - always

- name: update sysctl
-  template:
-      src: "etc/sysctl.d/{{ item }}.j2"
-      dest: "/etc/sysctl.d/{{ item }}"
-      owner: root
-      group: root
-      mode: 0600
-  register: sysctl_updated
-  notify: reload sysctl
-  with_items:
-      - 60-kernel_sysctl.conf
-      - 60-disable_ipv6.conf
-      - 60-netipv4_sysctl.conf
-      - 60-netipv6_sysctl.conf
+- name: trigger update sysctl
+  shell: /bin/true
+  args:
+      warn: false
+  changed_when: true
+  check_mode: false
+  notify: update sysctl
  when:
-      - sysctl_update
-      - not system_is_container
-      - "'procps-ng' in ansible_facts.packages"
+      - rhel9cis_rule_3_1_1 or
+        rhel9cis_rule_3_1_2 or
+        rhel9cis_rule_3_1_3 or
+        rhel9cis_rule_3_2_1 or
+        rhel9cis_rule_3_2_2 or
+        rhel9cis_rule_3_3_1 or
+        rhel9cis_rule_3_3_2 or
+        rhel9cis_rule_3_3_3 or
+        rhel9cis_rule_3_3_4 or
+        rhel9cis_rule_3_3_5 or
+        rhel9cis_rule_3_3_6 or
+        rhel9cis_rule_3_3_7 or
+        rhel9cis_rule_3_3_8 or
+        rhel9cis_rule_3_3_9
+  tags:
+      - sysctl
+
+- name: trigger update auditd
+  shell: /bin/true
+  args:
+      warn: false
+  notify: update auditd
+  changed_when: true
+  check_mode: false
+  when:
+      - rhel9cis_rule_4_1_1_1 or
+        rhel9cis_rule_4_1_1_2 or
+        rhel9cis_rule_4_1_1_3 or
+        rhel9cis_rule_4_1_2_1 or
+        rhel9cis_rule_4_1_2_2 or
+        rhel9cis_rule_4_1_2_3 or
+        rhel9cis_rule_4_1_3 or
+        rhel9cis_rule_4_1_4 or
+        rhel9cis_rule_4_1_5 or
+        rhel9cis_rule_4_1_6 or
+        rhel9cis_rule_4_1_7 or
+        rhel9cis_rule_4_1_8 or
+        rhel9cis_rule_4_1_9 or
+        rhel9cis_rule_4_1_10 or
+        rhel9cis_rule_4_1_11 or
+        rhel9cis_rule_4_1_12
+  tags:
+      - auditd

 - name: flush handlers
  meta: flush_handlers
@ -44,20 +77,11 @@

      - name: POST | Warning a reboot required but skip option set
        debug:
-            msg: "Warning!! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
+            msg: "Warning! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
        changed_when: true
        when:
            - change_requires_reboot
            - skip_reboot
-
-      - name: "POST | Warning a reboot required but skip option set | warning count"
-        set_fact:
-            control_number: "{{ control_number }} + [ 'Reboot_required' ]"
-            warn_count: "{{ warn_count | int + 1 }}"
-        when:
-            - change_requires_reboot
-            - skip_reboot
-
  tags:
      - grub
      - level1-server