mirror of
https://github.com/nikdoof/ansible-cis.git
synced 2025-12-17 20:09:24 +00:00
32 lines
972 B
YAML
32 lines
972 B
YAML
---
|
|
- name: Add disable sysctl values
|
|
sysctl:
|
|
name: "{{ item }}"
|
|
value: "0"
|
|
state: present
|
|
sysctl_file: /etc/sysctl.d/00-cis-rules
|
|
loop:
|
|
- net.ipv4.conf.all.accept_redirects
|
|
- net.ipv4.conf.default.accept_redirects
|
|
- net.ipv6.conf.all.accept_redirects
|
|
- net.ipv6.conf.default.accept_redirects
|
|
- net.ipv4.conf.all.secure_redirects
|
|
- net.ipv4.conf.default.secure_redirects
|
|
- net.ipv4.conf.all.send_redirects
|
|
- net.ipv4.conf.default.send_redirects
|
|
- net.ipv4.conf.all.accept_source_route
|
|
- net.ipv4.conf.default.accept_source_route
|
|
- net.ipv6.conf.all.accept_source_route
|
|
- net.ipv6.conf.default.accept_source_route
|
|
- fs.suid_dumpable
|
|
- name: Add enable sysctl values
|
|
sysctl:
|
|
name: "{{ item }}"
|
|
value: "1"
|
|
state: present
|
|
sysctl_file: /etc/sysctl.d/00-cis-rules
|
|
loop:
|
|
- net.ipv4.conf.all.log_martians
|
|
- net.ipv4.conf.default.log_martians
|
|
- net.ipv4.conf.default.rp_filter
|