forked from ansible-lockdown/RHEL9-CIS
59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
---
|
|
|
|
- name: "4.1.1 | PATCH | Ensure nftables is installed"
|
|
when:
|
|
- rhel9cis_rule_4_1_1
|
|
- rhel9cis_firewall == 'nftables'
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- nftables
|
|
- rule_4.1.1
|
|
- NIST800-53R5_CA-9
|
|
ansible.builtin.package:
|
|
name:
|
|
- nftables
|
|
state: present
|
|
|
|
- name: "4.1.2 | PATCH | Ensure a single firewall configuration utility is in use"
|
|
when:
|
|
- rhel9cis_rule_4_1_2
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- firewalld
|
|
- nftables
|
|
- rule_4.1.2
|
|
block:
|
|
- name: "4.1.2 | PATCH | Ensure a single firewall configuration utility is in use | nftables"
|
|
when:
|
|
- item in ansible_facts.packages
|
|
- rhel9cis_firewall == 'nftables'
|
|
ansible.builtin.systemd:
|
|
name: "{{ item }}"
|
|
masked: true
|
|
loop:
|
|
- firewalld
|
|
|
|
- name: "4.1.2 | PATCH | Ensure a single firewall configuration utility is in use | firewalld"
|
|
when:
|
|
- item in ansible_facts.packages
|
|
- rhel9cis_firewall == 'firewalld'
|
|
ansible.builtin.systemd:
|
|
name: "{{ item }}"
|
|
masked: true
|
|
loop:
|
|
- nftables
|
|
|
|
- name: "4.1.2 | PATCH | Ensure a single firewall configuration utility is in use | package installed"
|
|
ansible.builtin.package:
|
|
name: "{{ rhel9cis_firewall }}"
|
|
state: installed
|
|
|
|
- name: "4.1.2 | PATCH | Ensure a single firewall configuration utility is in use | {{ rhel9cis_firewall }} started and enabled"
|
|
ansible.builtin.systemd:
|
|
name: "{{ rhel9cis_firewall }}"
|
|
enabled: true
|
|
state: started
|