--- # Post tasks - name: Perform DNF package cleanup dnf: autoremove: true changed_when: false - name: Gather the package facts after remediation package_facts: manager: auto tags: - always - name: trigger update sysctl shell: /bin/true args: warn: false changed_when: true check_mode: false notify: update sysctl when: - rhel9cis_rule_3_1_1 or rhel9cis_rule_3_1_2 or rhel9cis_rule_3_1_3 or rhel9cis_rule_3_2_1 or rhel9cis_rule_3_2_2 or rhel9cis_rule_3_3_1 or rhel9cis_rule_3_3_2 or rhel9cis_rule_3_3_3 or rhel9cis_rule_3_3_4 or rhel9cis_rule_3_3_5 or rhel9cis_rule_3_3_6 or rhel9cis_rule_3_3_7 or rhel9cis_rule_3_3_8 or rhel9cis_rule_3_3_9 tags: - sysctl - name: trigger update auditd shell: /bin/true args: warn: false notify: update auditd changed_when: true check_mode: false when: - rhel9cis_rule_4_1_1_1 or rhel9cis_rule_4_1_1_2 or rhel9cis_rule_4_1_1_3 or rhel9cis_rule_4_1_2_1 or rhel9cis_rule_4_1_2_2 or rhel9cis_rule_4_1_2_3 or rhel9cis_rule_4_1_3 or rhel9cis_rule_4_1_4 or rhel9cis_rule_4_1_5 or rhel9cis_rule_4_1_6 or rhel9cis_rule_4_1_7 or rhel9cis_rule_4_1_8 or rhel9cis_rule_4_1_9 or rhel9cis_rule_4_1_10 or rhel9cis_rule_4_1_11 or rhel9cis_rule_4_1_12 tags: - auditd - name: flush handlers meta: flush_handlers - name: POST | reboot system if changes require it and not skipped block: - name: POST | Reboot system if changes require it and not skipped reboot: when: - change_requires_reboot - not skip_reboot - name: POST | Warning a reboot required but skip option set debug: msg: "Warning!! changes have been made that require a reboot to be implemented but skip reboot was set - Can affect compliance check results" changed_when: true when: - change_requires_reboot - skip_reboot tags: - grub - level1-server - level1-workstation - level2-server - level2-workstation - rhel9cis_section1 - rhel9cis_section2 - rhel9cis_section3 - rhel9cis_section4 - rhel9cis_section5 - rhel9cis_section6