sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

updated ipv6 rules

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-03-30 11:36:36 +01:00
parent 8c79bfe7fb
commit c85e9ba43f
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 5 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
tasks/section_3/cis_3.1.x.yml
View file

@ -3,15 +3,11 @@
# The CIS Control wants IPv6 disabled if not in use.
# We are using the rhel9cis_ipv6_required to specify if you have IPv6 in use
- name: "3.1.1 | PATCH | Verify if IPv6 is enabled on the system"
sysctl:
name: "{{ item }}"
value: '1'
state: present
reload: yes
with_items:
- net.ipv6.conf.all.disable_ipv6
- net.ipv6.conf.default.disable_ipv6
- net.ipv6.conf.lo.disable_ipv6
debug:
msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/99-sysctl.conf"
notify:
- update sysctl
- sysctl flush ipv6 route table
when:
- not rhel9cis_ipv6_required
- rhel9cis_rule_3_1_1