update blacklist

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-19 11:28:53 +00:00 · 2023-01-19 11:28:53 +00:00 · 184832d2ac
commit 184832d2ac
parent b8085e5dc0
1 changed files with 18 additions and 8 deletions
--- a/tasks/section_3/cis_3.1.x.yml
+++ b/tasks/section_3/cis_3.1.x.yml
@ -54,14 +54,24 @@
      - rule_3.1.2

 - name: "3.1.3 | PATCH | Ensure TIPC is disabled"
-  ansible.builtin.template:
-      src: "etc/modprobe.d/modprobe.conf.j2"
-      dest: "/etc/modprobe.d/{{ item }}.conf"
-      mode: "0600"
-      owner: root
-      group: root
-  with_items:
-      - tipc
+  block:
+      - name: "3.1.3 | PATCH | Ensure TIPC is disabled"
+        ansible.builtin.template:
+            src: "etc/modprobe.d/modprobe.conf.j2"
+            dest: "/etc/modprobe.d/{{ item }}.conf"
+            mode: "0600"
+            owner: root
+            group: root
+        with_items:
+            - tipc
+
+      - name: "3.1.3 | PATCH | Ensure TIPC is disabled | blacklist"
+        ansible.builtin.lineinfile:
+            path: /etc/modprobe.d/blacklist.conf
+            regexp: "^(#)?blacklist tipc(\\s|$)"
+            line: "blacklist tipc"
+            create: true
+            mode: 0600
  when:
      - rhel9cis_rule_3_1_3
  tags: