sr2/RHEL9-CIS
6
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

feat: become true for all tasks

Browse source
This commit is contained in:
Iain Learmonth 2025-12-20 12:49:57 +00:00
parent b98381fcd8
commit c403016b38
2 changed files with 272 additions and 251 deletions
Download patch file Download diff file Expand all files Collapse all files

18
handlers/main.yml
View file

@ -11,6 +11,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /tmp" listen: "Remount /tmp"
- name: "Remounting /tmp" - name: "Remounting /tmp"
@ -19,6 +20,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /tmp" listen: "Remount /tmp"
- name: "Remounting /tmp systemd" - name: "Remounting /tmp systemd"
@ -28,6 +30,7 @@
name: tmp.mount name: tmp.mount
state: restarted state: restarted
daemon_reload: true daemon_reload: true
become: true
listen: "Remount /tmp" listen: "Remount /tmp"
- name: "Adding options for /dev/shm" - name: "Adding options for /dev/shm"
@ -39,6 +42,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /dev/shm" listen: "Remount /dev/shm"
- name: "Remounting /dev/shm" - name: "Remounting /dev/shm"
@ -47,6 +51,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /dev/shm" listen: "Remount /dev/shm"
- name: "Adding options for /home" - name: "Adding options for /home"
@ -58,6 +63,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /home" listen: "Remount /home"
- name: "Remounting /home" - name: "Remounting /home"
@ -66,6 +72,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /home" listen: "Remount /home"
- name: "Adding options for /var" - name: "Adding options for /var"
@ -77,6 +84,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /var" listen: "Remount /var"
- name: "Remounting /var" - name: "Remounting /var"
@ -85,6 +93,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /var" listen: "Remount /var"
- name: "Adding options for /var/tmp" - name: "Adding options for /var/tmp"
@ -96,6 +105,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /var/tmp" listen: "Remount /var/tmp"
- name: "Remounting /var/tmp" - name: "Remounting /var/tmp"
@ -104,6 +114,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /var/tmp" listen: "Remount /var/tmp"
- name: "Adding options for /var/log" - name: "Adding options for /var/log"
@ -115,6 +126,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /var/log" listen: "Remount /var/log"
- name: "Remounting /var/log" - name: "Remounting /var/log"
@ -123,6 +135,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /var/log" listen: "Remount /var/log"
- name: "Adding options for /var/log/audit" - name: "Adding options for /var/log/audit"
@ -134,6 +147,7 @@
state: present state: present
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}" fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}" opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
become: true
listen: "Remount /var/log/audit" listen: "Remount /var/log/audit"
- name: "Remounting /var/log/audit" - name: "Remounting /var/log/audit"
@ -142,6 +156,7 @@
ansible.posix.mount: ansible.posix.mount:
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
become: true
listen: "Remount /var/log/audit" listen: "Remount /var/log/audit"
- name: "Remounting /boot/efi" - name: "Remounting /boot/efi"
@ -151,6 +166,7 @@
path: "{{ mount_point }}" path: "{{ mount_point }}"
state: remounted state: remounted
notify: Set reboot required notify: Set reboot required
become: true
listen: "Remount /boot/efi" listen: "Remount /boot/efi"
- name: Reload sysctl - name: Reload sysctl
@ -260,12 +276,14 @@
- name: Stop auditd process - name: Stop auditd process
ansible.builtin.command: systemctl kill auditd ansible.builtin.command: systemctl kill auditd
changed_when: true changed_when: true
become: true
listen: Restart auditd listen: Restart auditd
- name: Start auditd process - name: Start auditd process
ansible.builtin.systemd: ansible.builtin.systemd:
name: auditd name: auditd
state: started state: started
become: true
listen: Restart auditd listen: Restart auditd
- name: Set reboot required - name: Set reboot required

3
tasks/main.yml
View file

@ -1,6 +1,9 @@
--- ---
# tasks file for RHEL9-CIS # tasks file for RHEL9-CIS
- name: "RHEL9-CIS"
become: true
block:
- name: "Check OS version and family" - name: "Check OS version and family"
when: os_check when: os_check
tags: always tags: always