mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 14:23:05 +00:00
60 lines
1.2 KiB
YAML
60 lines
1.2 KiB
YAML
---
|
|
# Post tasks
|
|
|
|
- name: Perform DNF package cleanup
|
|
dnf:
|
|
autoremove: true
|
|
changed_when: false
|
|
|
|
- name: trigger update sysctl
|
|
shell: /bin/true
|
|
args:
|
|
warn: false
|
|
changed_when: true
|
|
check_mode: false
|
|
notify: update sysctl
|
|
when:
|
|
- rhel9cis_rule_1_6_1 or
|
|
rhel9cis_rule_1_6_2 or
|
|
rhel9cis_rule_3_1_2 or
|
|
rhel9cis_rule_3_1_2 or
|
|
rhel9cis_rule_3_2_1 or
|
|
rhel9cis_rule_3_2_2 or
|
|
rhel9cis_rule_3_2_3 or
|
|
rhel9cis_rule_3_2_4 or
|
|
rhel9cis_rule_3_2_5 or
|
|
rhel9cis_rule_3_2_6 or
|
|
rhel9cis_rule_3_2_7 or
|
|
rhel9cis_rule_3_2_8 or
|
|
rhel9cis_rule_3_2_9
|
|
tags:
|
|
- sysctl
|
|
|
|
- name: trigger update auditd
|
|
shell: /bin/true
|
|
args:
|
|
warn: false
|
|
notify: update auditd
|
|
changed_when: true
|
|
check_mode: false
|
|
when:
|
|
- rhel9cis_rule_4_1_3 or
|
|
rhel9cis_rule_4_1_4 or
|
|
rhel9cis_rule_4_1_5 or
|
|
rhel9cis_rule_4_1_6 or
|
|
rhel9cis_rule_4_1_7 or
|
|
rhel9cis_rule_4_1_8 or
|
|
rhel9cis_rule_4_1_9 or
|
|
rhel9cis_rule_4_1_10 or
|
|
rhel9cis_rule_4_1_11 or
|
|
rhel9cis_rule_4_1_12
|
|
tags:
|
|
- auditd
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: Reboot host
|
|
reboot:
|
|
when:
|
|
- not rhel9cis_skip_reboot
|