nikdoof/ansible-cis
1
0
Fork 0
mirror of https://github.com/nikdoof/ansible-cis.git synced 2025-12-22 14:29:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial import of existing role

Browse Source
This commit is contained in:
Andrew Williams
2022-07-02 11:03:13 +01:00
commit 87dee9b3fa
11 changed files with 226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
tasks/sysctl.yaml Normal file
View File

@@ -0,0 +1,31 @@
---
- name: Add disable sysctl values
sysctl:
name: "{{ item }}"
value: "0"
state: present
sysctl_file: /etc/sysctl.d/00-cis-rules
loop:
- net.ipv4.conf.all.accept_redirects
- net.ipv4.conf.default.accept_redirects
- net.ipv6.conf.all.accept_redirects
- net.ipv6.conf.default.accept_redirects
- net.ipv4.conf.all.secure_redirects
- net.ipv4.conf.default.secure_redirects
- net.ipv4.conf.all.send_redirects
- net.ipv4.conf.default.send_redirects
- net.ipv4.conf.all.accept_source_route
- net.ipv4.conf.default.accept_source_route
- net.ipv6.conf.all.accept_source_route
- net.ipv6.conf.default.accept_source_route
- fs.suid_dumpable
- name: Add enable sysctl values
sysctl:
name: "{{ item }}"
value: "1"
state: present
sysctl_file: /etc/sysctl.d/00-cis-rules
loop:
- net.ipv4.conf.all.log_martians
- net.ipv4.conf.default.log_martians
- net.ipv4.conf.default.rp_filter