fix(cis): strengthen kernel module blacklist and sysctl hardening

2026-02-21 01:18:52 +01:00
parent dea01cc8a0
commit 9e3688ae2b
2 changed files with 9 additions and 1 deletions
--- a/roles/cis/tasks/modules.yml
+++ b/roles/cis/tasks/modules.yml
@@ -13,6 +13,9 @@
      - sctp
      - rds
      - tipc
+      - firewire-core
+      - firewire-sbp2
+      - thunderbolt
    cis_modules_squashfs: "{{ [] if os in ['ubuntu', 'ubuntu-lts'] else ['squashfs'] }}"
    cis_modules_all: "{{ cis_modules_base + cis_modules_squashfs }}"
  ansible.builtin.copy: