sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

fqcn updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-19 13:12:33 +00:00
parent 4e1ee6f8e6
commit 4e8397b89e
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
4 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_1/cis_1.1.1.x.yml
View file

@ -11,7 +11,7 @@
mode: 0600
- name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | blacklist"
lineinfile:
ansible.builtin.lineinfile:
path: /etc/modprobe.d/blacklist.conf
regexp: "^(#)?blacklist squashfs(\\s|$)"
line: "blacklist squashfs"
@ -19,7 +19,7 @@
mode: 0600
- name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs"
modprobe:
community.general.modprobe:
name: squashfs
state: absent
when: not system_is_container
@ -44,7 +44,7 @@
mode: 0600
- name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disabled | blacklist"
lineinfile:
ansible.builtin.lineinfile:
path: /etc/modprobe.d/blacklist.conf
regexp: "^(#)?blacklist udf(\\s|$)"
line: "blacklist udf"
@ -52,7 +52,7 @@
mode: 0600
- name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf"
modprobe:
community.general.modprobe:
name: udf
state: absent
when: not system_is_container