2022-01-07 09:06:18 +00:00
|
|
|
---
|
|
|
|
|
|
2024-07-22 12:43:08 +01:00
|
|
|
- name: "2.3.1 | PATCH | Ensure time synchronization is in use"
|
2022-01-07 09:06:18 +00:00
|
|
|
when:
|
2024-07-22 12:43:08 +01:00
|
|
|
- rhel9cis_rule_2_3_1
|
|
|
|
|
- not system_is_container
|
2022-01-07 09:06:18 +00:00
|
|
|
tags:
|
2024-07-22 12:43:08 +01:00
|
|
|
- level1-server
|
|
|
|
|
- level1-workstation
|
|
|
|
|
- patch
|
|
|
|
|
- NIST800-53R5_AU-3
|
|
|
|
|
- NIST800-53R5_AU-12
|
|
|
|
|
- rule_2.3.1
|
2023-01-09 16:30:02 +00:00
|
|
|
ansible.builtin.package:
|
2024-07-22 12:43:08 +01:00
|
|
|
name: chrony
|
|
|
|
|
state: present
|
2022-03-30 11:08:18 +01:00
|
|
|
|
2024-07-22 12:43:08 +01:00
|
|
|
- name: "2.3.2 | PATCH | Ensure chrony is configured"
|
2022-03-30 11:08:18 +01:00
|
|
|
when:
|
2024-07-22 12:43:08 +01:00
|
|
|
- rhel9cis_rule_2_3_2
|
|
|
|
|
- not system_is_container
|
2022-03-30 11:08:18 +01:00
|
|
|
tags:
|
2024-07-22 12:43:08 +01:00
|
|
|
- level1-server
|
|
|
|
|
- level1-workstation
|
|
|
|
|
- patch
|
|
|
|
|
- rule_2.3.2
|
|
|
|
|
- NIST800-53R5_AU-3
|
|
|
|
|
- NIST800-53R5_AU-12
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: etc/chrony.conf.j2
|
|
|
|
|
dest: /etc/chrony.conf
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
2024-12-04 11:45:13 +00:00
|
|
|
mode: 'go-wx'
|
2022-03-30 11:08:18 +01:00
|
|
|
|
2024-07-22 12:43:08 +01:00
|
|
|
- name: "2.3.3 | PATCH | Ensure chrony is not run as the root user"
|
2022-01-07 09:06:18 +00:00
|
|
|
when:
|
2024-07-22 12:43:08 +01:00
|
|
|
- rhel9cis_rule_2_3_3
|
|
|
|
|
- not system_is_container
|
2022-01-07 09:06:18 +00:00
|
|
|
tags:
|
2024-07-22 12:43:08 +01:00
|
|
|
- level1-server
|
|
|
|
|
- level1-workstation
|
|
|
|
|
- patch
|
|
|
|
|
- rule_2.3.3
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/sysconfig/chronyd
|
|
|
|
|
regexp: '^OPTIONS="(?!.* -u chrony.*)(.*)"'
|
|
|
|
|
line: OPTIONS="\1 -u chrony"
|
|
|
|
|
create: true
|
|
|
|
|
backrefs: true
|
2024-12-04 11:45:13 +00:00
|
|
|
mode: 'go-wx'
|
