ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adding missing lines to sysctl.d/50-default.conf

Browse source 
Signed-off-by: Bernd Grobauer <bernd.grobauer@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
This commit is contained in:
Bernd Grobauer 2023-10-12 12:56:20 +02:00 committed by Ionut Pruteanu
parent 1d609e10cb
commit de3a25dd3a
No known key found for this signature in database
GPG key ID: 95B7D43B702B3569
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tasks/post.yml
View file

@ -26,6 +26,19 @@
- not system_is_container - not system_is_container
- "'procps-ng' in ansible_facts.packages" - "'procps-ng' in ansible_facts.packages"
- name: POST | Update usr sysctl
ansible.builtin.lineinfile:
dest: /usr/lib/sysctl.d/50-default.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '^net.ipv4.conf.default.rp_filter', line: 'net.ipv4.conf.default.rp_filter = 1' }
- { regexp: '^net.ipv4.conf.*.rp_filter', line: 'net.ipv4.conf.*.rp_filter = 1' }
when:
- rhel9cis_sysctl_update
- not system_is_container
- "'procps-ng' in ansible_facts.packages"
- name: Flush handlers - name: Flush handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers