sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

improvments v2

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-08-07 10:30:08 +01:00
parent 0fc418a222
commit 4f566974c9
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
15 changed files with 110 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tasks/section_1/cis_1.6.x.yml
View file

@ -13,7 +13,6 @@
- NIST800-53R5_SC-6
ansible.builtin.debug:
msg: "Captured in prelim to ensure not LEGACY. Runs handler to update"
changed_when: true
notify:
- Update Crypto Policy
- Set Crypto Policy
@ -135,8 +134,8 @@
block:
- name: "1.6.6 | PATCH | Ensure system wide crypto policy disables chacha20-poly1305 for ssh | Add submodule exclusion"
ansible.builtin.template:
src: etc/crypto-policies/policies/modules/NO-SSHWEAKMAC.pmod.j2
dest: /etc/crypto-policies/policies/modules/NO-SSHWEAKMAC.pmod
src: etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
dest: /etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod
owner: root
group: root
mode: '0640'
@ -146,7 +145,7 @@
- name: "1.6.6 | PATCH | Ensure system wide crypto policy disables chacha20-poly1305 for ssh | submodule to crypto policy modules"
ansible.builtin.set_fact:
rhel9cis_crypto_policy_module: "{{ rhel9cis_crypto_policy_module + ':NO-SSHWEAKMAC' }}"
rhel9cis_crypto_policy_module: "{{ rhel9cis_crypto_policy_module + ':NO-SSHWEAKCIPHERS' }}"
- name: "1.6.7 | PATCH | Ensure system wide crypto policy disables EtM for ssh"
when: