sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Adding missing lines to sysctl.d/50-default.conf

Browse source 
Signed-off-by: Bernd Grobauer <bernd.grobauer@siemens.com>
This commit is contained in:
Bernd Grobauer 2023-10-12 12:56:20 +02:00
parent 9fa57a2b41
commit 646b4decc1
No known key found for this signature in database
GPG key ID: 473130EE9C4578ED
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tasks/post.yml
View file

@ -26,6 +26,19 @@
- not system_is_container
- "'procps-ng' in ansible_facts.packages"
- name: POST | Update usr sysctl
ansible.builtin.lineinfile:
dest: /usr/lib/sysctl.d/50-default.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '^net.ipv4.conf.default.rp_filter', line: 'net.ipv4.conf.default.rp_filter = 1' }
- { regexp: '^net.ipv4.conf.*.rp_filter', line: 'net.ipv4.conf.*.rp_filter = 1' }
when:
- rhel9cis_sysctl_update
- not system_is_container
- "'procps-ng' in ansible_facts.packages"
- name: Flush handlers
ansible.builtin.meta: flush_handlers