ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

bool values now true/false

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-01-13 12:37:47 +00:00
parent ca7b275c88
commit dfedc652cb
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 26 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

52
handlers/main.yml
View file

@ -2,22 +2,22 @@
# handlers file for RHEL9-CIS # handlers file for RHEL9-CIS
- name: sysctl flush ipv4 route table - name: sysctl flush ipv4 route table
become: yes become: true
sysctl: sysctl:
name: net.ipv4.route.flush name: net.ipv4.route.flush
value: '1' value: '1'
sysctl_set: yes sysctl_set: true
ignore_errors: yes ignore_errors: true
when: ansible_virtualization_type != "docker" when: ansible_virtualization_type != "docker"
tags: tags:
- skip_ansible_lint - skip_ansible_lint
- name: sysctl flush ipv6 route table - name: sysctl flush ipv6 route table
become: yes become: true
sysctl: sysctl:
name: net.ipv6.route.flush name: net.ipv6.route.flush
value: '1' value: '1'
sysctl_set: yes sysctl_set: true
when: ansible_virtualization_type != "docker" when: ansible_virtualization_type != "docker"
- name: update sysctl - name: update sysctl
@ -35,26 +35,26 @@
name: net.ipv4.route.flush name: net.ipv4.route.flush
value: '1' value: '1'
state: present state: present
reload: yes reload: true
ignoreerrors: yes ignoreerrors: true
when: ansible_virtualization_type != "docker" when: ansible_virtualization_type != "docker"
- name: systemd restart tmp.mount - name: systemd restart tmp.mount
become: yes become: true
systemd: systemd:
name: tmp.mount name: tmp.mount
daemon_reload: yes daemon_reload: true
enabled: yes enabled: true
masked: no masked: false
state: reloaded state: reloaded
- name: systemd restart var-tmp.mount - name: systemd restart var-tmp.mount
become: yes become: true
systemd: systemd:
name: var-tmp.mount name: var-tmp.mount
daemon_reload: yes daemon_reload: true
enabled: yes enabled: true
masked: no masked: false
state: reloaded state: reloaded
- name: remount tmp - name: remount tmp
@ -63,31 +63,31 @@
warn: false warn: false
- name: restart firewalld - name: restart firewalld
become: yes become: true
service: service:
name: firewalld name: firewalld
state: restarted state: restarted
- name: restart xinetd - name: restart xinetd
become: yes become: true
service: service:
name: xinetd name: xinetd
state: restarted state: restarted
- name: restart sshd - name: restart sshd
become: yes become: true
service: service:
name: sshd name: sshd
state: restarted state: restarted
- name: restart postfix - name: restart postfix
become: yes become: true
service: service:
name: postfix name: postfix
state: restarted state: restarted
- name: reload dconf - name: reload dconf
become: yes become: true
shell: dconf update shell: dconf update
args: args:
warn: false warn: false
@ -103,9 +103,9 @@
- name: restart auditd - name: restart auditd
shell: /sbin/service auditd restart shell: /sbin/service auditd restart
changed_when: no changed_when: false
check_mode: no check_mode: false
failed_when: no failed_when: false
args: args:
warn: false warn: false
when: when:
@ -122,17 +122,17 @@
- skip_ansible_lint - skip_ansible_lint
- name: restart rsyslog - name: restart rsyslog
become: yes become: true
service: service:
name: rsyslog name: rsyslog
state: restarted state: restarted
- name: restart syslog-ng - name: restart syslog-ng
become: yes become: true
service: service:
name: syslog-ng name: syslog-ng
state: restarted state: restarted
- name: systemd_daemon_reload - name: systemd_daemon_reload
systemd: systemd:
daemon-reload: yes daemon-reload: true