--- # handlers file for RHEL9-CIS - name: reload sysctl shell: sysctl --system args: warn: false - name: sysctl flush ipv4 route table become: true sysctl: name: net.ipv4.route.flush value: '1' sysctl_set: true ignore_errors: true when: - flush_ipv4_route - not system_is_container tags: - skip_ansible_lint - name: sysctl flush ipv6 route table become: true sysctl: name: net.ipv6.route.flush value: '1' sysctl_set: true when: - flush_ipv6_route - not system_is_container - name: systemd restart tmp.mount become: true systemd: name: tmp.mount daemon_reload: true enabled: true masked: false state: reloaded - name: systemd restart var-tmp.mount become: true systemd: name: var-tmp.mount daemon_reload: true enabled: true masked: false state: reloaded - name: remount tmp shell: mount -o remount /tmp args: warn: false - name: restart firewalld service: name: firewalld state: restarted - name: restart sshd service: name: sshd state: restarted - name: restart postfix service: name: postfix state: restarted - name: reload dconf shell: dconf update args: warn: false - name: update auditd template: src: audit/99_auditd.rules.j2 dest: /etc/audit/rules.d/99_auditd.rules owner: root group: root mode: 0600 register: auditd_template_update notify: restart auditd - name: restart auditd shell: service auditd restart args: warn: false when: - audit_rules_updated.changed or rule_4_1_2_1.changed or rule_4_1_2_2.changed or rule_4_1_2_3.changed tags: - skip_ansible_lint - name: grub2cfg shell: "grub2-mkconfig -o /boot/grub2/grub.cfg" args: warn: false ignore_errors: True tags: - skip_ansible_lint - name: restart rsyslog become: true service: name: rsyslog state: restarted - name: restart journald service: name: systemd-journald state: restarted - name: restart systemd_journal_upload service: name: systemd-journal-upload state: restarted - name: systemd_daemon_reload systemd: daemon-reload: true - name: change_requires_reboot set_fact: change_requires_reboot: true