feat(baseline): do not expect global become true
This commit is contained in:
parent
c793b470b0
commit
6933aad1fa
8 changed files with 56 additions and 8 deletions
|
|
@ -23,16 +23,19 @@
|
|||
when: (baseline_epel_packages_allowed is defined) and (baseline_epel_packages_allowed | length > 0)
|
||||
block:
|
||||
- name: Baseline | PATCH | Install epel-release
|
||||
become: true
|
||||
ansible.builtin.dnf:
|
||||
name: epel-release
|
||||
state: present
|
||||
- name: Baseline | PATCH | Restrict packages to be installed from EPEL
|
||||
become: true
|
||||
community.general.ini_file:
|
||||
path: /etc/yum.repos.d/epel.repo
|
||||
section: epel
|
||||
option: includepkgs
|
||||
value: "{{ baseline_epel_packages_allowed | join(',') }}"
|
||||
- name: Baseline | PATCH | Disable EPEL openh264 repository
|
||||
become: true
|
||||
community.general.ini_file:
|
||||
path: /etc/yum.repos.d/epel-cisco-openh264.repo
|
||||
section: epel-cisco-openh264
|
||||
|
|
@ -40,12 +43,14 @@
|
|||
value: 0
|
||||
|
||||
- name: Baseline | PATCH | Remove EPEL repository
|
||||
become: true
|
||||
ansible.builtin.dnf:
|
||||
name: epel-release
|
||||
state: absent
|
||||
when: (baseline_epel_packages_allowed is not defined) or (baseline_epel_packages_allowed | length == 0)
|
||||
|
||||
- name: Baseline | PATCH | Remove cockpit-ws
|
||||
become: true
|
||||
ansible.builtin.dnf:
|
||||
name: cockpit-ws
|
||||
state: absent
|
||||
|
|
@ -59,6 +64,7 @@
|
|||
when: baseline_lockdown
|
||||
|
||||
- name: Baseline | PATCH | Ensure message of the day is configured properly (CIS 1.7.1, 1.7.4)
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: motd.j2
|
||||
dest: /etc/motd
|
||||
|
|
@ -67,6 +73,7 @@
|
|||
mode: 'u-x,go-wx'
|
||||
|
||||
- name: Baseline | PATCH | Remove dhcpv6-client service from firewalld
|
||||
become: true
|
||||
ansible.posix.firewalld:
|
||||
service: dhcpv6-client
|
||||
state: disabled
|
||||
|
|
@ -75,6 +82,7 @@
|
|||
zone: public
|
||||
|
||||
- name: Baseline | PATCH | Remove mdns service from firewalld
|
||||
become: true
|
||||
ansible.posix.firewalld:
|
||||
service: mdns
|
||||
state: disabled
|
||||
|
|
@ -83,6 +91,7 @@
|
|||
zone: public
|
||||
|
||||
- name: Baseline | PATCH | Remove cockpit service from firewalld
|
||||
become: true
|
||||
ansible.posix.firewalld:
|
||||
service: cockpit
|
||||
state: disabled
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue