mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 22:23:06 +00:00
50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
---
|
|
|
|
- name: "3.4.3.1.1 | PATCH | Ensure iptables packages are installed"
|
|
package:
|
|
name:
|
|
- iptables
|
|
- iptables-services
|
|
state: present
|
|
when:
|
|
- rhel9cis_firewall == "iptables"
|
|
- rhel9cis_rule_3_4_3_1_1
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- automated
|
|
- patch
|
|
- iptables
|
|
- rule_3.4.3.1.1
|
|
|
|
- name: "3.4.3.1.2 | PATCH | Ensure nftables is not installed with iptables"
|
|
package:
|
|
name: nftables
|
|
state: absent
|
|
when:
|
|
- rhel9cis_firewall == "iptables"
|
|
- rhel9cis_rule_3_4_3_1_2
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- automated
|
|
- patch
|
|
- iptables
|
|
- rule_3.4.3.1.2
|
|
|
|
# The control allows the service it be masked or not installed
|
|
# We have chosen not installed
|
|
- name: "3.4.3.1.3 | PATCH | Ensure firewalld is either not installed or masked with iptables"
|
|
package:
|
|
name: firewalld
|
|
state: absent
|
|
when:
|
|
- rhel9cis_firewall == "iptables"
|
|
- rhel9cis_rule_3_4_3_1_3
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- automated
|
|
- patch
|
|
- iptables
|
|
- rule_3.4.3.1.3
|