forked from ansible-lockdown/RHEL9-CIS
with_items to loop
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
674e0fab16
commit
7760f35161
4 changed files with 5 additions and 8 deletions
|
|
@ -62,8 +62,7 @@
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
with_items:
|
loop: tipc # note the item used in the template
|
||||||
- tipc
|
|
||||||
|
|
||||||
- name: "3.1.3 | PATCH | Ensure TIPC is disabled | blacklist"
|
- name: "3.1.3 | PATCH | Ensure TIPC is disabled | blacklist"
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
|
|
|
||||||
|
|
@ -21,8 +21,7 @@
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
masked: true
|
masked: true
|
||||||
with_items:
|
loop: firewalld
|
||||||
- firewalld
|
|
||||||
when:
|
when:
|
||||||
- item in ansible_facts.packages
|
- item in ansible_facts.packages
|
||||||
- rhel9cis_firewall == 'nftables'
|
- rhel9cis_firewall == 'nftables'
|
||||||
|
|
@ -31,8 +30,7 @@
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
masked: true
|
masked: true
|
||||||
with_items:
|
loop: nftables
|
||||||
- nftables
|
|
||||||
when:
|
when:
|
||||||
- item in ansible_facts.packages
|
- item in ansible_facts.packages
|
||||||
- rhel9cis_firewall == 'firewalld'
|
- rhel9cis_firewall == 'firewalld'
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@
|
||||||
- name: "3.4.2.3 | PATCH | Ensure nftables base chains exist | Create chains if needed"
|
- name: "3.4.2.3 | PATCH | Ensure nftables base chains exist | Create chains if needed"
|
||||||
ansible.builtin.shell: "{{ item }}"
|
ansible.builtin.shell: "{{ item }}"
|
||||||
failed_when: false
|
failed_when: false
|
||||||
with_items:
|
loop:
|
||||||
- nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" input { type filter hook input priority 0 \; }
|
- nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" input { type filter hook input priority 0 \; }
|
||||||
- nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" forward { type filter hook forward priority 0 \; }
|
- nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" forward { type filter hook forward priority 0 \; }
|
||||||
- nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" output { type filter hook output priority 0 \; }
|
- nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" output { type filter hook output priority 0 \; }
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
|
regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
|
||||||
replace: "\\1{{ rhel9cis_logrotate }}"
|
replace: "\\1{{ rhel9cis_logrotate }}"
|
||||||
with_items:
|
loop:
|
||||||
- "{{ log_rotates.files }}"
|
- "{{ log_rotates.files }}"
|
||||||
- { path: "/etc/logrotate.conf" }
|
- { path: "/etc/logrotate.conf" }
|
||||||
loop_control:
|
loop_control:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue