---

- name: "1.6.1 | L1 | PATCH | Ensure core dumps are restricted"
  block:
      - name: "1.6.1 | L1 | Ensure core dumps are restricted | Update limits.conf file"
        lineinfile:
            state: present
            dest: /etc/security/limits.conf
            regexp: '^#?\\*.*core'
            line: '*                hard    core            0'
            insertbefore: '^# End of file'

      - name: "1.6.1 | L1 | PATCH | Ensure core dumps are restricted | Set active kernel parameter"
        debug:
            msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/99-sysctl.conf"
        notify: 
            - update sysctl

      - name: "1.6.1 | L1 | PATCH | Ensure core dumps are restricted | if systemd coredump"
        lineinfile:
            path: /etc/systemd/coredump.conf
            regexp: "{{ item.regexp }}"
            line: "{{ item.regexp }}{{ item.line }}"
            state: present
        with_items:
            - {'regexp': 'Storage=', 'line': 'none'}
            - {'regexp': 'ProcessSizeMax=', 'line': '0'}
        notify:
            - systemd_daemon_reload
        when:
            - systemd_coredump.stat.exists
  when:
      - rhel9cis_rule_1_6_1
  tags:
      - level1-server
      - level1-workstation
      - scored
      - sysctl
      - patch
      - rule_1.6.1

- name: "1.6.2 | L1 | PATCH | Ensure address space layout randomization (ASLR) is enabled"
  debug:
      msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/99-sysctl.conf"
  notify: 
      - update sysctl
  when:
      - rhel9cis_rule_1_6_2
  tags:
      - level1-server
      - level1-workstation
      - scored
      - patch
      - rule_1.6.2