Updated mountpoints controls

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 14:23:05 +00:00 · 2024-12-10 17:29:27 +00:00 · 2024-12-10 17:29:27 +00:00 · fd97459b6a
commit fd97459b6a
parent bab28dda45
10 changed files with 628 additions and 214 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,6 +1,149 @@
 ---
 # handlers file for RHEL9-CIS

+- name: "Adding options for /tmp"
+  when: not rhel9cis_tmp_svc
+  vars:
+    mount_point: '/tmp'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /tmp"
+
+- name: "Remounting /tmp"
+  vars:
+    mount_point: '/tmp'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /tmp"
+
+- name: "Remounting /tmp systemd"
+  vars:
+    mount_point: '/tmp'
+  ansible.builtin.systemd:
+    name: tmp.mount
+    state: restarted
+    daemon_reload: true
+  listen: "Remount /tmp"
+
+- name: "Adding options for /dev/shm"
+  vars:
+    mount_point: '/dev/shm'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /dev/shm"
+
+- name: "Remounting /dev/shm"
+  vars:
+    mount_point: '/dev/shm'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /dev/shm"
+
+- name: "Adding options for /home"
+  vars:
+    mount_point: '/home'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /home"
+
+- name: "Remounting /home"
+  vars:
+    mount_point: '/home'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /home"
+
+- name: "Adding options for /var"
+  vars:
+    mount_point: '/var'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /var"
+
+- name: "Remounting /var"
+  vars:
+    mount_point: '/var'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /var"
+
+- name: "Adding options for /var/tmp"
+  vars:
+    mount_point: '/var/tmp'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /var/tmp"
+
+- name: "Remounting /var/tmp"
+  vars:
+    mount_point: '/var/tmp'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /var/tmp"
+
+- name: "Adding options for /var/log"
+  vars:
+    mount_point: '/var/log'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /var/log"
+
+- name: "Remounting /var/log"
+  vars:
+    mount_point: '/var/log'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /var/log"
+
+- name: "Adding options for /var/log/audit"
+  vars:
+    mount_point: '/var/log/audit'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    src: "{{ mount_point_fs_and_options[mount_point]['src'] }}"
+    state: present
+    fstype: "{{ mount_point_fs_and_options[mount_point]['fs_type'] }}"
+    opts: "{{ mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
+  listen: "Remount /var/log/audit"
+
+- name: "Remounting /var/log/audit"
+  vars:
+    mount_point: '/var/log/audit'
+  ansible.posix.mount:
+    path: "{{ mount_point }}"
+    state: remounted
+  listen: "Remount /var/log/audit"
+
 - name: Reload sysctl
  ansible.builtin.shell: sysctl --system

@ -31,11 +174,6 @@
    masked: false
    state: reloaded

- name: Remount tmp
-  ansible.posix.mount:
-    path: /tmp
-    state: remounted
-
 - name: Update Crypto Policy
  ansible.builtin.set_fact:
    rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}{{ rhel9cis_crypto_policy_module }}{% endif %}"