reorder 3.4.1.2

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-04-05 10:08:21 +01:00 · 2022-04-05 10:08:21 +01:00 · 32c409cb48
commit 32c409cb48
parent 96abe45eb2
1 changed files with 4 additions and 2 deletions
--- a/tasks/section_3/cis_3.4.1.x.yml
+++ b/tasks/section_3/cis_3.4.1.x.yml
@ -21,16 +21,18 @@
      - name: "3.4.1.2 | PATCH | Ensure iptables-services not installed with firewalld | Stop running services"
        systemd:
            name: "{{ item }}"
-            masked: true
+            state: stopped
+            enabled: false
        with_items:
            - iptables
            - ip6tables
        when: item in ansible_facts.packages

-      - name: "3.4.1.2 | PATCH | Ensure iptables-services not installed with firewalld | Remove IPTables"
+      - name: "3.4.1.2 | PATCH | Ensure iptables-services not installed with firewalld | remove iptables-services pkg "
        package:
            name: iptables-services
            state: absent
+        when: "'iptables-services' in ansible_facts.packages"
  when:
      - rhel9cis_rule_3_4_1_2
  tags: