forked from ansible-lockdown/RHEL9-CIS
feat: become true for all tasks
This commit is contained in:
parent
b98381fcd8
commit
c403016b38
2 changed files with 272 additions and 251 deletions
|
|
@ -11,6 +11,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /tmp"
|
||||
|
||||
- name: "Remounting /tmp"
|
||||
|
|
@ -19,6 +20,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /tmp"
|
||||
|
||||
- name: "Remounting /tmp systemd"
|
||||
|
|
@ -28,6 +30,7 @@
|
|||
name: tmp.mount
|
||||
state: restarted
|
||||
daemon_reload: true
|
||||
become: true
|
||||
listen: "Remount /tmp"
|
||||
|
||||
- name: "Adding options for /dev/shm"
|
||||
|
|
@ -39,6 +42,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /dev/shm"
|
||||
|
||||
- name: "Remounting /dev/shm"
|
||||
|
|
@ -47,6 +51,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /dev/shm"
|
||||
|
||||
- name: "Adding options for /home"
|
||||
|
|
@ -58,6 +63,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /home"
|
||||
|
||||
- name: "Remounting /home"
|
||||
|
|
@ -66,6 +72,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /home"
|
||||
|
||||
- name: "Adding options for /var"
|
||||
|
|
@ -77,6 +84,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /var"
|
||||
|
||||
- name: "Remounting /var"
|
||||
|
|
@ -85,6 +93,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /var"
|
||||
|
||||
- name: "Adding options for /var/tmp"
|
||||
|
|
@ -96,6 +105,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /var/tmp"
|
||||
|
||||
- name: "Remounting /var/tmp"
|
||||
|
|
@ -104,6 +114,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /var/tmp"
|
||||
|
||||
- name: "Adding options for /var/log"
|
||||
|
|
@ -115,6 +126,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /var/log"
|
||||
|
||||
- name: "Remounting /var/log"
|
||||
|
|
@ -123,6 +135,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /var/log"
|
||||
|
||||
- name: "Adding options for /var/log/audit"
|
||||
|
|
@ -134,6 +147,7 @@
|
|||
state: present
|
||||
fstype: "{{ prelim_mount_point_fs_and_options[mount_point]['fs_type'] }}"
|
||||
opts: "{{ prelim_mount_point_fs_and_options[mount_point]['options'] | unique | join(',') }}"
|
||||
become: true
|
||||
listen: "Remount /var/log/audit"
|
||||
|
||||
- name: "Remounting /var/log/audit"
|
||||
|
|
@ -142,6 +156,7 @@
|
|||
ansible.posix.mount:
|
||||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
become: true
|
||||
listen: "Remount /var/log/audit"
|
||||
|
||||
- name: "Remounting /boot/efi"
|
||||
|
|
@ -151,6 +166,7 @@
|
|||
path: "{{ mount_point }}"
|
||||
state: remounted
|
||||
notify: Set reboot required
|
||||
become: true
|
||||
listen: "Remount /boot/efi"
|
||||
|
||||
- name: Reload sysctl
|
||||
|
|
@ -260,12 +276,14 @@
|
|||
- name: Stop auditd process
|
||||
ansible.builtin.command: systemctl kill auditd
|
||||
changed_when: true
|
||||
become: true
|
||||
listen: Restart auditd
|
||||
|
||||
- name: Start auditd process
|
||||
ansible.builtin.systemd:
|
||||
name: auditd
|
||||
state: started
|
||||
become: true
|
||||
listen: Restart auditd
|
||||
|
||||
- name: Set reboot required
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
# tasks file for RHEL9-CIS
|
||||
|
||||
- name: "RHEL9-CIS"
|
||||
become: true
|
||||
block:
|
||||
- name: "Check OS version and family"
|
||||
when: os_check
|
||||
tags: always
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue