---

- name: "1.5.1 | PATCH | Ensure core dump storage is disabled"
  lineinfile:
      path: /etc/systemd/coredump.conf
      regexp: 'Storage='
      line: 'Storage=none'
  notify: systemd_daemon_reload
  when:
      - rhel9cis_rule_1_5_1
      - systemd_coredump.stat.exists
  tags:
      - level1-server
      - level1-workstation
      - automated
      - patch
      - rule_1.5.1

- name: "1.5.2 | PATCH | Ensure core dump backtraces are disabled"
  lineinfile:
      path: /etc/systemd/coredump.conf
      regexp: 'ProcessSizeMax='
      line: 'ProcessSizeMax=0'
  when:
      - rhel9cis_rule_1_5_2
  tags:
      - level1-server
      - level1-workstation
      - automated
      - patch
      - sysctl
      - rule_1.5.2

- name: "1.5.3 | PATCH | Ensure address space layout randomization (ASLR) is enabled"
  sysctl:
      name: kernel.randomize_va_space
      value: '2'
      state: present
      reload: yes
      sysctl_set: yes
      ignoreerrors: yes
  when:
      - rhel9cis_rule_1_5_3
  tags:
      - level1-server
      - level1-workstation
      - automated
      - patch
      - sysctl
      - rule_1.5.3