sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

updated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-03-30 11:08:18 +01:00
parent efdcb0b6f5
commit f808f30173
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
24 changed files with 769 additions and 923 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tasks/section_1/cis_1.1.8.x.yml
View file

@ -14,7 +14,7 @@
changed_when: false
failed_when: false
check_mode: no
register: rhel9cis_1_1_8_x_dev_shm_status
register: rhel8cis_1_1_8_x_dev_shm_status
- name: |
"1.1.8.1 | PATCH | Ensure nodev option set on /dev/shm partition | Set nodev option
@ -25,13 +25,13 @@
src: tmpfs
fstype: tmpfs
state: mounted
opts: defaults,{% if rhel9cis_rule_1_1_8_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_8_1 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_8_3 %}nosuid{% endif %}
when: "'dev/shm' in rhel9cis_1_1_8_x_dev_shm_status.stdout"
opts: defaults,{% if rhel8cis_rule_1_1_8_2 %}noexec,{% endif %}{% if rhel8cis_rule_1_1_8_1 %}nodev,{% endif %}{% if rhel8cis_rule_1_1_8_3 %}nosuid{% endif %}
when: "'dev/shm' in rhel8cis_1_1_8_x_dev_shm_status.stdout"
notify: change_requires_reboot
when:
- rhel9cis_rule_1_1_8_1 or
rhel9cis_rule_1_1_8_2 or
rhel9cis_rule_1_1_8_3
- rhel8cis_rule_1_1_8_1 or
rhel8cis_rule_1_1_8_2 or
rhel8cis_rule_1_1_8_3
tags:
- level1-server
- level1-workstation