--- - name: "1.1.1.1 | PATCH | Ensure mounting of cramfs filesystems is disabled" block: - name: "1.1.1.1 | PATCH | Ensure mounting of cramfs filesystems is disabled | Edit modprobe config" lineinfile: dest: /etc/modprobe.d/CIS.conf regexp: "^(#)?install cramfs(\\s|$)" line: "install cramfs /bin/true" create: yes mode: 0600 - name: "1.1.1.1 | PATCH | Ensure mounting of cramfs filesystems is disabled | Disable cramfs" modprobe: name: cramfs state: absent when: ansible_connection != 'docker' when: - rhel9cis_rule_1_1_1_1 tags: - level1-server - level1-workstation - automated - patch - rule_1.1.1.1 - cramfs - name: "1.1.1.2 | PATCH | Ensure mounting of squashfs filesystems is disabled" block: - name: "1.1.1.2 | PATCH | Ensure mounting of squashfs filesystems is disabled | Edit modprobe config" lineinfile: dest: /etc/modprobe.d/CIS.conf regexp: "^(#)?install squashfs(\\s|$)" line: "install squashfs /bin/true" create: yes mode: 0600 - name: "1.1.1.2 | PATCH | Ensure mounting of squashfs filesystems is disabled | Disable squashfs" modprobe: name: squashfs state: absent when: ansible_connection != 'docker' when: - rhel9cis_rule_1_1_1_2 tags: - level2-server - level2-workstation - automated - patch - rule_1.1.1.2 - squashfs - name: "1.1.1.3 | PATCH | Ensure mounting of udf filesystems is disabled" block: - name: "1.1.1.3 | PATCH | Ensure mounting of udf filesystems is disable | Edit modprobe config" lineinfile: dest: /etc/modprobe.d/CIS.conf regexp: "^(#)?install udf(\\s|$)" line: "install udf /bin/true" create: yes mode: 0600 - name: "1.1.1.3 | PATCH | Ensure mounting of udf filesystems is disable | Disable udf" modprobe: name: udf state: absent when: ansible_connection != 'docker' when: - rhel9cis_rule_1_1_1_3 tags: - level2-server - level2-workstation - automated - patch - rule_1.1.1.3 - udf