From a2d074a343cb9ddca1c1fc2669317a3fdfd7ce95 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 17 Jan 2023 11:34:01 +0000
Subject: [PATCH] added blacklist requirement

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.1.1.x.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tasks/section_1/cis_1.1.1.x.yml b/tasks/section_1/cis_1.1.1.x.yml
index cc2156c..00303ac 100644
--- a/tasks/section_1/cis_1.1.1.x.yml
+++ b/tasks/section_1/cis_1.1.1.x.yml
@@ -10,11 +10,20 @@
             create: true
             mode: 0600
 
+      - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | blacklist"
+        lineinfile:
+            path: /etc/modprobe.d/blacklist.conf
+            regexp: "^(#)?blacklist squashfs(\\s|$)"
+            line: "blacklist squashfs"
+            create: true
+            mode: 0600
+
       - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs"
         modprobe:
             name: squashfs
             state: absent
         when: not system_is_container
+
   when:
       - rhel9cis_rule_1_1_1_1
   tags:
@@ -34,6 +43,14 @@
             create: true
             mode: 0600
 
+      - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disabled | blacklist"
+        lineinfile:
+            path: /etc/modprobe.d/blacklist.conf
+            regexp: "^(#)?blacklist udf(\\s|$)"
+            line: "blacklist udf"
+            create: true
+            mode: 0600
+
       - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf"
         modprobe:
             name: udf