sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

lint updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-09-16 14:08:16 +01:00
parent a1d0130909
commit 0d155c4182
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
5 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/section_3/cis_3.3.x.yml
View file

@ -65,6 +65,7 @@
set_fact: set_fact:
sysctl_update: true sysctl_update: true
flush_ipv4_route: true flush_ipv4_route: true
- name: "3.3.3 | PATCH | Ensure secure ICMP redirects are not accepted" - name: "3.3.3 | PATCH | Ensure secure ICMP redirects are not accepted"
debug: debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf" msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
@ -140,6 +141,7 @@
set_fact: set_fact:
sysctl_update: true sysctl_update: true
flush_ipv4_route: true flush_ipv4_route: true
- name: "3.3.7 | PATCH | Ensure Reverse Path Filtering is enabled" - name: "3.3.7 | PATCH | Ensure Reverse Path Filtering is enabled"
debug: debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf" msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"

2
tasks/section_3/cis_3.4.2.x.yml
View file

@ -172,7 +172,7 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automate - automated
- patch - patch
- nftables - nftables
- rule_3.4.2.6 - rule_3.4.2.6

1
tasks/section_4/cis_4.2.1.x.yml
View file

@ -65,7 +65,6 @@
block: block:
- name: "4.2.1.5 | AUDIT | Ensure logging is configured | rsyslog current config message out" - name: "4.2.1.5 | AUDIT | Ensure logging is configured | rsyslog current config message out"
command: cat /etc/rsyslog.conf command: cat /etc/rsyslog.conf
become: true
changed_when: false changed_when: false
failed_when: false failed_when: false
check_mode: false check_mode: false

2
templates/audit/98_auditd_exception.rules.j2
View file

@ -5,4 +5,4 @@
{% for user in rhel9cis_auditd_uid_exclude %} {% for user in rhel9cis_auditd_uid_exclude %}
-a never,user -F uid!={{ user }} -F auid!={{ user }} -a never,user -F uid!={{ user }} -F auid!={{ user }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}

2
templates/etc/modprobe.d/modprobe.conf.j2
View file

@ -3,4 +3,4 @@
# https://github.com/ansible-lockdown # https://github.com/ansible-lockdown
## This file is managed by Ansible, YOUR CHANGES WILL BE LOST! ## This file is managed by Ansible, YOUR CHANGES WILL BE LOST!
install {{ item }} /bin/true install {{ item }} /bin/true