---

- name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked"
  block:
      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Get list of services"
        ansible.builtin.shell: systemctl list-units --type=service
        changed_when: false
        failed_when: false
        check_mode: false
        register: rhel9cis_2_4_services

      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Get list of sockets"
        ansible.builtin.shell: systemctl list-units --type=sockets
        changed_when: false
        failed_when: false
        check_mode: false
        register: rhel9cis_2_4_sockets

      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Display list of services"
        ansible.builtin.debug:
            msg:
                - "Warning!! Below are the list of services and sockets, both active and inactive"
                - "Please review to make sure all are essential"
                - "{{ rhel9cis_2_4_services.stdout_lines }}"
                - "{{ rhel9cis_2_4_sockets.stdout_lines }}"

      - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Warn Count"
        ansible.builtin.import_tasks:
            file: warning_facts.yamlfacts.yml
  vars:
      warn_control_id: '2.4'
  when:
      - rhel9cis_rule_2_4
  tags:
      - level1-server
      - level1-workstation
      - manual
      - audit
      - services
      - rule_2.4