forked from ansible-lockdown/RHEL9-CIS
updated
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
dc5f71d461
commit
8c79bfe7fb
25 changed files with 253 additions and 266 deletions
|
|
@ -18,7 +18,7 @@
|
|||
vars:
|
||||
required_mount: '/var/log/audit'
|
||||
when:
|
||||
- rhel8cis_rule_1_1_6_1
|
||||
- rhel9cis_rule_1_1_6_1
|
||||
tags:
|
||||
- level2-server
|
||||
- level2-workstation
|
||||
|
|
@ -36,7 +36,7 @@
|
|||
src: "{{ item.device }}"
|
||||
fstype: "{{ item.fstype }}"
|
||||
state: present
|
||||
opts: defaults,{% if rhel8cis_rule_1_1_6_2 %}noexec,{% endif %}{% if rhel8cis_rule_1_1_6_3 %}nodev,{% endif %}{% if rhel8cis_rule_1_1_6_4 %}nosuid{% endif %}
|
||||
opts: defaults,{% if rhel9cis_rule_1_1_6_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_6_3 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_6_4 %}nosuid{% endif %}
|
||||
with_items:
|
||||
- "{{ ansible_mounts }}"
|
||||
loop_control:
|
||||
|
|
@ -45,10 +45,10 @@
|
|||
when:
|
||||
- var_log_audit_mount_present is defined
|
||||
- item.mount == "/var/log/audit"
|
||||
- rhel8cis_rule_1_1_6_1 # This is required so the check takes place
|
||||
- rhel8cis_rule_1_1_6_2 or
|
||||
rhel8cis_rule_1_1_6_3 or
|
||||
rhel8cis_rule_1_1_6_4
|
||||
- rhel9cis_rule_1_1_6_1 # This is required so the check takes place
|
||||
- rhel9cis_rule_1_1_6_2 or
|
||||
rhel9cis_rule_1_1_6_3 or
|
||||
rhel9cis_rule_1_1_6_4
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue