Initial

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-01-07 09:06:18 +00:00 · 2022-01-07 09:06:18 +00:00 · a54b5216eb
commit a54b5216eb
87 changed files with 7693 additions and 0 deletions
--- a/tasks/section_2/cis_2.2.1.x.yml
+++ b/tasks/section_2/cis_2.2.1.x.yml
@ -0,0 +1,42 @@
+---
+
+- name: "2.2.1.1 | L1 | PATCH | Ensure time synchronization is in use - service install"
+  package:
+      name: "{{ rhel9cis_time_synchronization }}"
+      state: present
+  when:
+      - rhel9cis_rule_2_2_1_1
+      - not rhel9cis_system_is_container
+  tags:
+      - level1-server
+      - level1-workstation
+      - patch
+      - rule_2.2.1.1
+
+- name: "2.2.1.2 | L1 | PATCH | Ensure chrony is configured"
+  block:
+      - name: "2.2.1.2 | L1 | PATCH | Ensure chrony is configured | Set configuration"
+        template:
+            src: chrony.conf.j2
+            dest: /etc/chrony.conf
+            owner: root
+            group: root
+            mode: 0644
+
+      - name: "2.2.1.2 | L1 | PATCH | Ensure chrony is configured | modify /etc/sysconfig/chronyd | 1"
+        lineinfile:
+            dest: /etc/sysconfig/chronyd
+            regexp: "^(#)?OPTIONS"
+            line: "OPTIONS=\"-u chrony\""
+            state: present
+            create: yes
+            mode: 0644
+  when:
+      - rhel9cis_time_synchronization == "chrony"
+      - rhel9cis_rule_2_2_1_2
+      - not rhel9cis_system_is_container
+  tags:
+      - level1-server
+      - level1-workstation
+      - patch
+      - rule_2.2.1.2