sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Readme Update, Yamllint Update

Browse source 
Signed-off-by: Stephen Williams <stephenw@mindpointgroup.com>
This commit is contained in:
Stephen Williams 2023-04-10 13:48:47 -04:00
parent eee101c844
commit 4a40facca9
No known key found for this signature in database
GPG key ID: 5E72F3F34A871C11
8 changed files with 249 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tasks/section_1/cis_1.1.2.x.yml
View file

@ -26,7 +26,7 @@
"1.1.2.2 | PATCH | Ensure nodev option set on /tmp partition"
"1.1.2.3 | PATCH | Ensure noexec option set on /tmp partition"
"1.1.2.4 | PATCH | Ensure nosuid option set on /tmp partition"
ansible.builtin.mount:
ansible.posix.mount:
name: /tmp
src: "{{ item.device }}"
fstype: "{{ item.fstype }}"

2
tasks/section_1/cis_1.1.8.x.yml
View file

@ -28,7 +28,7 @@
"1.1.8.2 | PATCH | Ensure nodev option set on /dev/shm partition | Set nodev option
1.1.8.3 | PATCH | Ensure noexec option set on /dev/shm partition | Set nosuid option
1.1.8.4 | PATCH | Ensure nosuid option set on /dev/shm partition | Set noexec option"
ansible.builtin.mount:
ansible.posix.mount:
name: /dev/shm
src: tmpfs
fstype: tmpfs

2
tasks/section_1/cis_1.1.x.yml
View file

@ -13,7 +13,7 @@
mode: 0600
- name: "1.1.9 | PATCH | Disable USB Storage | Edit modprobe config"
ansible.builtin.modprobe:
community.general.modprobe:
name: usb-storage
state: absent