sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

lint

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-05 10:24:47 +01:00
parent 4e873bc0d6
commit 13a6746997
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
24 changed files with 104 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tasks/section_3/cis_3.1.x.yml
View file

@ -1,11 +1,11 @@
---
# The CIS Control wants IPv6 disabled if not in use.
# The CIS Control wants IPv6 disabled if not in use.
# We are using the rhel9cis_ipv6_required to specify if you have IPv6 in use
- name: "3.1.1 | PATCH | Verify if IPv6 is enabled on the system"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-disable_ipv6.conf"
notify:
notify:
- update sysctl
- sysctl flush ipv6 route table
when:
@ -88,4 +88,4 @@
- automated
- patch
- wireless
- rule_3.1.4
- rule_3.1.4

2
tasks/section_3/cis_3.2.x.yml
View file

@ -5,7 +5,7 @@
- name: "3.2.1 | PATCH | Ensure IP forwarding is disabled | Disable IPv4 forwarding"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify:
notify:
- update sysctl
- sysctl flush ipv4 route table

18
tasks/section_3/cis_3.3.x.yml
View file

@ -5,7 +5,7 @@
- name: "3.3.1 | PATCH | Ensure source routed packets are not accepted"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify:
notify:
- update sysctl
- sysctl flush ipv4 route table
@ -30,7 +30,7 @@
- name: "3.3.2 | PATCH | Ensure ICMP redirects are not accepted"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify:
notify:
- update sysctl
- sysctl flush ipv4 route table
@ -52,7 +52,7 @@
- name: "3.3.3 | PATCH | Ensure secure ICMP redirects are not accepted"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify: update sysctl
when:
- rhel9cis_rule_3_3_3
@ -65,7 +65,7 @@
- name: "3.3.4 | PATCH | Ensure suspicious packets are logged"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify: update sysctl
when:
- rhel9cis_rule_3_3_4
@ -78,7 +78,7 @@
- name: "3.3.5 | PATCH | Ensure broadcast ICMP requests are ignored"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify: update sysctl
when:
- rhel9cis_rule_3_3_5
@ -91,7 +91,7 @@
- name: "3.3.6 | PATCH | Ensure bogus ICMP responses are ignored"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify: update sysctl
when:
- rhel9cis_rule_3_3_6
@ -104,7 +104,7 @@
- name: "3.3.7 | PATCH | Ensure Reverse Path Filtering is enabled"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify: update sysctl
when:
- rhel9cis_rule_3_3_7
@ -117,7 +117,7 @@
- name: "3.3.8 | PATCH | Ensure TCP SYN Cookies is enabled"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify: update sysctl
when:
- rhel9cis_rule_3_3_8
@ -133,7 +133,7 @@
- name: "3.3.9 | PATCH | Ensure IPv6 router advertisements are not accepted"
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-netipv4_sysctl.conf"
notify:
notify:
- update sysctl
- sysctl flush ipv4 route table