forked from ansible-lockdown/RHEL9-CIS
Update cryto policy based controls with improved logic
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
This commit is contained in:
Frederick Witty
parent
b0ec6c4820
commit
413ccb96b7
5 changed files with 14 additions and 3 deletions
|
|
@ -136,8 +136,7 @@
|
|||
register: prelim_systemd_coredump
|
||||
|
||||
- name: "PRELIM | PATCH | Setup crypto-policy"
|
||||
when:
|
||||
- rhel9cis_rule_1_6_1
|
||||
when: rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
|
||||
- name: "1.6.1 | AUDIT | Ensure system-wide crypto policy is not legacy"
|
||||
when: rhel9cis_rule_1_6_1
|
||||
when:
|
||||
- rhel9cis_rule_1_6_1
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -39,6 +41,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_1_6_3
|
||||
- "'NO-SHA1' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -69,6 +72,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_1_6_4
|
||||
- "'NO-WEAKMAC' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -99,6 +103,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_1_6_5
|
||||
- "'NO-SSHCBC' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -129,6 +134,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_1_6_6
|
||||
- "'NO-SSHWEAKCIPHERS' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -159,6 +165,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_1_6_7
|
||||
- "'NO-SSHETM' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
|
|||
|
|
@ -80,6 +80,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_5_1_4
|
||||
- "'NO-SSHWEAKCIPHERS' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -108,6 +109,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_5_1_5
|
||||
- "'NO-SHA1' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -136,6 +138,7 @@
|
|||
when:
|
||||
- rhel9cis_rule_5_1_6
|
||||
- "'NO-SSHWEAKMACS' not in rhel9cis_crypto_policy_module"
|
||||
- rhel9cis_crypto_policy_ansible_managed
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue