13 lines
628 B
YAML
13 lines
628 B
YAML
---
|
|
- name: Configure System Cryptography Policy
|
|
when: os == "rhel" or os in ["almalinux", "rocky"]
|
|
ansible.builtin.command: "{{ chroot_command }} /usr/bin/update-crypto-policies --set DEFAULT:NO-SHA1"
|
|
register: cis_crypto_policy_result
|
|
changed_when: "'Setting system-wide crypto-policies to' in cis_crypto_policy_result.stdout"
|
|
|
|
- name: Mask Systemd Services
|
|
ansible.builtin.command: >
|
|
{{ chroot_command }} systemctl mask {{ 'nftables' if system_cfg.features.firewall.toolkit == 'iptables' else 'iptables' }} bluetooth rpcbind
|
|
register: cis_mask_services_result
|
|
changed_when: cis_mask_services_result.rc == 0
|