mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 14:23:05 +00:00
96 lines
2.4 KiB
YAML
96 lines
2.4 KiB
YAML
---
|
|
# Post tasks
|
|
|
|
- name: Perform DNF package cleanup
|
|
dnf:
|
|
autoremove: true
|
|
changed_when: false
|
|
|
|
- name: Gather the package facts after remediation
|
|
package_facts:
|
|
manager: auto
|
|
tags:
|
|
- always
|
|
|
|
- name: trigger update sysctl
|
|
shell: /bin/true
|
|
args:
|
|
warn: false
|
|
changed_when: true
|
|
check_mode: false
|
|
notify: update sysctl
|
|
when:
|
|
- rhel9cis_rule_3_1_1 or
|
|
rhel9cis_rule_3_1_2 or
|
|
rhel9cis_rule_3_1_3 or
|
|
rhel9cis_rule_3_2_1 or
|
|
rhel9cis_rule_3_2_2 or
|
|
rhel9cis_rule_3_3_1 or
|
|
rhel9cis_rule_3_3_2 or
|
|
rhel9cis_rule_3_3_3 or
|
|
rhel9cis_rule_3_3_4 or
|
|
rhel9cis_rule_3_3_5 or
|
|
rhel9cis_rule_3_3_6 or
|
|
rhel9cis_rule_3_3_7 or
|
|
rhel9cis_rule_3_3_8 or
|
|
rhel9cis_rule_3_3_9
|
|
tags:
|
|
- sysctl
|
|
|
|
- name: trigger update auditd
|
|
shell: /bin/true
|
|
args:
|
|
warn: false
|
|
notify: update auditd
|
|
changed_when: true
|
|
check_mode: false
|
|
when:
|
|
- rhel9cis_rule_4_1_1_1 or
|
|
rhel9cis_rule_4_1_1_2 or
|
|
rhel9cis_rule_4_1_1_3 or
|
|
rhel9cis_rule_4_1_2_1 or
|
|
rhel9cis_rule_4_1_2_2 or
|
|
rhel9cis_rule_4_1_2_3 or
|
|
rhel9cis_rule_4_1_3 or
|
|
rhel9cis_rule_4_1_4 or
|
|
rhel9cis_rule_4_1_5 or
|
|
rhel9cis_rule_4_1_6 or
|
|
rhel9cis_rule_4_1_7 or
|
|
rhel9cis_rule_4_1_8 or
|
|
rhel9cis_rule_4_1_9 or
|
|
rhel9cis_rule_4_1_10 or
|
|
rhel9cis_rule_4_1_11 or
|
|
rhel9cis_rule_4_1_12
|
|
tags:
|
|
- auditd
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: POST | reboot system if changes require it and not skipped
|
|
block:
|
|
- name: POST | Reboot system if changes require it and not skipped
|
|
reboot:
|
|
when:
|
|
- change_requires_reboot
|
|
- not skip_reboot
|
|
|
|
- name: POST | Warning a reboot required but skip option set
|
|
debug:
|
|
msg: "Warning!! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results"
|
|
changed_when: true
|
|
when:
|
|
- change_requires_reboot
|
|
- skip_reboot
|
|
tags:
|
|
- grub
|
|
- level1-server
|
|
- level1-workstation
|
|
- level2-server
|
|
- level2-workstation
|
|
- rhel9cis_section1
|
|
- rhel9cis_section2
|
|
- rhel9cis_section3
|
|
- rhel9cis_section4
|
|
- rhel9cis_section5
|
|
- rhel9cis_section6
|