From 6bc3c98a97d6d38701bad17a36c262b689013d6a Mon Sep 17 00:00:00 2001 From: Eric Lehmann Date: Thu, 18 Apr 2024 07:10:52 -0400 Subject: [PATCH 1/2] Loop over each task. import->includes Signed-off-by: Eric Lehmann --- tasks/Cat2/RHEL-09-25xxxx.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tasks/Cat2/RHEL-09-25xxxx.yml b/tasks/Cat2/RHEL-09-25xxxx.yml index 291db5b..ef7c1da 100644 --- a/tasks/Cat2/RHEL-09-25xxxx.yml +++ b/tasks/Cat2/RHEL-09-25xxxx.yml @@ -195,16 +195,18 @@ - name: "MEDIUM | RHEL-09-251040 | PATCH | RHEL 9 network interfaces must not be in promiscuous mode." when: - not rhel9stig_disruption_high - - item not in rhel9stig_promisc_if + - item in rhel9stig_promisc_if ansible.builtin.debug: msg: "Warning!! You have interfaces set to promicious mode no in the exception list" + loop: "{{ ansible_facts.interfaces }}" - name: "MEDIUM | RHEL-09-251040 | PATCH | RHEL 9 network interfaces must not be in promiscuous mode." when: - not rhel9stig_disruption_high - - item not in rhel9stig_promisc_if - ansible.builtin.import_tasks: + - item in rhel9stig_promisc_if + ansible.builtin.include_tasks: file: warning_facts.yml + loop: "{{ ansible_facts.interfaces }}" - name: "MEDIUM | RHEL-09-251045 | PATCH | RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler." when: From f41d649cde5b47e303d5cbaaa3e9f73b40a5d881 Mon Sep 17 00:00:00 2001 From: Eric Lehmann Date: Fri, 19 Apr 2024 07:21:21 -0400 Subject: [PATCH 2/2] Check for kdump before disabling it Signed-off-by: Eric Lehmann --- tasks/Cat2/RHEL-09-21xxxx.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/Cat2/RHEL-09-21xxxx.yml b/tasks/Cat2/RHEL-09-21xxxx.yml index cd569fe..7904b77 100644 --- a/tasks/Cat2/RHEL-09-21xxxx.yml +++ b/tasks/Cat2/RHEL-09-21xxxx.yml @@ -808,6 +808,7 @@ - name: "MEDIUM | RHEL-09-213115 | PATCH | The kdump service on RHEL 9 must be disabled." when: - rhel_09_213115 + - "'kdump' is in ansible_facts.packages" tags: - RHEL-09-213115 - CAT2