2024-07-19 17:01:23 +01:00
---
- name : "1.1.2.3.1 | AUDIT | Ensure separate partition exists for /home"
when :
- required_mount not in mount_names
- rhel9cis_rule_1_1_2_3_1
tags :
- level2-server
- level2-workstation
- audit
- mounts
- rule_1_1_2.3.1
2024-07-22 12:42:39 +01:00
- NIST800-53R5_CM-7
2024-07-19 17:01:23 +01:00
vars :
2024-07-24 14:00:00 +01:00
warn_control_id : '1.1.2.3.1'
required_mount : '/home'
2024-07-19 17:01:23 +01:00
block :
- name : "1.1.2.3.1 | AUDIT | Ensure separate partition exists for /home | Absent"
ansible.builtin.debug :
msg : "Warning!! {{ required_mount }} doesn't exist. This is a manual task"
- name : "1.1.2.3.1 | AUDIT | Ensure separate partition exists for /home | Present"
ansible.builtin.import_tasks :
file : warning_facts.yml
- name : |
2024-11-04 17:11:38 +00:00
"1.1.2.3.2 | PATCH | Ensure nodev option set on /home partition
1.1 .2 .3 .3 | PATCH | Ensure nosuid option set on /home partition"
2024-07-19 17:01:23 +01:00
when :
- item.mount == "/home"
- rhel9cis_rule_1_1_2_3_2 or
rhel9cis_rule_1_1_2_3_3
tags :
- level1-server
- level1-workstation
- patch
- mounts
2024-08-07 12:37:43 +01:00
- rule_1.1.2.3.2
- rule_1.1.2.3.3
2024-07-22 12:42:39 +01:00
- NIST800-53R5_CM-7
- NIST800-53R5_AC-3
- NIST800-53R5_MP-2
2024-07-24 14:00:00 +01:00
ansible.posix.mount :
2024-07-19 17:01:23 +01:00
name : /home
src : "{{ item.device }}"
fstype : "{{ item.fstype }}"
state : present
2024-11-04 17:11:38 +00:00
opts : "{{ item.options }}{% if ('nodev' not in item.options and rhel9cis_rule_1_1_2_3_2) %},nodev{% endif %}{% if ('nosuid' not in item.options and rhel9cis_rule_1_1_2_3_3) %},nosuid{% endif %}"
2024-07-19 17:01:23 +01:00
loop : "{{ ansible_facts.mounts }}"
loop_control :
label : "{{ item.device }}"
notify : Change_requires_reboot
