forked from ansible-lockdown/RHEL9-CIS
Added Nist values
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
8b58d71e4b
commit
2bf67cde0d
16 changed files with 100 additions and 21 deletions
|
|
@ -9,6 +9,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.1
|
||||
- cramfs
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.1 | PATCH | Ensure cramfs kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -42,6 +43,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.2
|
||||
- freevxfs
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.2 | PATCH | Ensure freevxfs kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -75,6 +77,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.3
|
||||
- hfs
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.3 | PATCH | Ensure hfs kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -108,6 +111,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.4
|
||||
- hfsplus
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.4 | PATCH | Ensure hfsplus kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -141,6 +145,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.5
|
||||
- jffs2
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.5 | PATCH | Ensure jffs2 kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -174,6 +179,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.6
|
||||
- squashfs
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.6 | PATCH | Ensure squashfs kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -207,6 +213,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.7
|
||||
- udf
|
||||
- NIST800-53R5_CM-7
|
||||
block:
|
||||
- name: "1.1.1.7 | PATCH | Ensure udf kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -240,6 +247,7 @@
|
|||
- patch
|
||||
- rule_1.1.1.8
|
||||
- usb
|
||||
- NIST800-53R5_SI-3
|
||||
block:
|
||||
- name: "1.1.1.8 | PATCH | Ensure usb-storage kernel module is not available | Edit modprobe config"
|
||||
ansible.builtin.lineinfile:
|
||||
|
|
@ -272,7 +280,6 @@
|
|||
- level1-workstation
|
||||
- patch
|
||||
- rule_1.1.1.9
|
||||
- usb
|
||||
vars:
|
||||
warn_control_id: '1.1.1.9'
|
||||
block:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue