v1.0.0 updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-09 16:30:02 +00:00 · 2023-01-09 16:30:02 +00:00 · 50e24dfac1
commit 50e24dfac1
parent 2634fabd41
4 changed files with 147 additions and 219 deletions
--- a/tasks/section_2/cis_2.4.yml
+++ b/tasks/section_2/cis_2.4.yml
@ -1,23 +1,31 @@
 ---

- name: "2.4 | AUDIT | Ensure nonessential services are removed or masked"
+- name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked"
  block:
-      - name: "2.4 | AUDIT | Ensure nonessential services are removed or masked | Get list of services"
-        shell: systemctl list-units --type=service
+      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Get list of services"
+        ansible.builtin.shell: systemctl list-units --type=service
        changed_when: false
        failed_when: false
        check_mode: false
        register: rhel9cis_2_4_services

-      - name: "2.4 | AUDIT | Ensure nonessential services are removed or masked | Display list of services"
-        debug:
+      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Get list of sockets"
+        ansible.builtin.shell: systemctl list-units --type=sockets
+        changed_when: false
+        failed_when: false
+        check_mode: false
+        register: rhel9cis_2_4_sockets
+
+      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Display list of services"
+        ansible.builtin.debug:
            msg:
-                - "Warning!! Below are the list of services, both active and inactive"
+                - "Warning!! Below are the list of services and sockets, both active and inactive"
                - "Please review to make sure all are essential"
                - "{{ rhel9cis_2_4_services.stdout_lines }}"
+                - "{{ rhel9cis_2_4_sockets.stdout_lines }}"

-      - name: "2.4 | AUDIT | Ensure nonessential services are removed or masked | Warn Count"
-        set_fact:
+      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Warn Count"
+        ansible.builtin.set_fact:
            control_number: "{{ control_number }} + ['rule_2.4']"
            warn_count: "{{ warn_count | int + 1 }}"
  when: