--- - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled" block: - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | Edit modprobe config" ansible.builtin.lineinfile: path: /etc/modprobe.d/CIS.conf regexp: "^(#)?install squashfs(\\s|$)" line: "install squashfs /bin/true" create: true mode: 0600 - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | blacklist" ansible.builtin.lineinfile: path: /etc/modprobe.d/blacklist.conf regexp: "^(#)?blacklist squashfs(\\s|$)" line: "blacklist squashfs" create: true mode: 0600 - name: "1.1.1.1 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs" community.general.modprobe: name: squashfs state: absent when: not system_is_container when: - rhel9cis_rule_1_1_1_1 tags: - level2-server - level2-workstation - patch - rule_1.1.1.1 - squashfs - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disabled" block: - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disable | Edit modprobe config" ansible.builtin.lineinfile: path: /etc/modprobe.d/CIS.conf regexp: "^(#)?install udf(\\s|$)" line: "install udf /bin/true" create: true mode: 0600 - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disabled | blacklist" ansible.builtin.lineinfile: path: /etc/modprobe.d/blacklist.conf regexp: "^(#)?blacklist udf(\\s|$)" line: "blacklist udf" create: true mode: 0600 - name: "1.1.1.2 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf" community.general.modprobe: name: udf state: absent when: not system_is_container when: - rhel9cis_rule_1_1_1_2 tags: - level2-server - level2-workstation - patch - rule_1.1.1.2 - udf