---

- name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked"
  block:
      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Get list of services"
        ansible.builtin.shell: systemctl list-units --type=service
        changed_when: false
        failed_when: false
        check_mode: false
        register: rhel9cis_2_4_services

      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Get list of sockets"
        ansible.builtin.shell: systemctl list-units --type=sockets
        changed_when: false
        failed_when: false
        check_mode: false
        register: rhel9cis_2_4_sockets

      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Display list of services"
        ansible.builtin.debug:
            msg:
                - "Warning!! Below are the list of services and sockets, both active and inactive"
                - "Please review to make sure all are essential"
                - "{{ rhel9cis_2_4_services.stdout_lines }}"
                - "{{ rhel9cis_2_4_sockets.stdout_lines }}"

      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Warn Count"
        ansible.builtin.set_fact:
            control_number: "{{ control_number }} + ['rule_2.4']"
            warn_count: "{{ warn_count | int + 1 }}"
  when:
      - rhel9cis_rule_2_4
  tags:
      - level1-server
      - level1-workstation
      - manual
      - audit
      - services
      - rule_2.4