13 lines
543 B
YAML
13 lines
543 B
YAML
---
|
|
- name: Configure System Cryptography Policy
|
|
when: os in ["almalinux", "rhel9", "rhel10", "rocky"]
|
|
ansible.builtin.command: arch-chroot /mnt /usr/bin/update-crypto-policies --set DEFAULT:NO-SHA1
|
|
register: cis_crypto_policy_result
|
|
changed_when: "'Setting system-wide crypto-policies to' in cis_crypto_policy_result.stdout"
|
|
|
|
- name: Mask Systemd Services
|
|
ansible.builtin.command: >
|
|
arch-chroot /mnt systemctl mask nftables bluetooth rpcbind
|
|
register: cis_mask_services_result
|
|
changed_when: cis_mask_services_result.rc == 0
|