nikdoof/ansible-cis
1
0
Fork 0
mirror of https://github.com/nikdoof/ansible-cis.git synced 2025-12-18 12:29:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1cd5371d44f138b00b0978b87616b5fd8bb7d2fc
ansible-cis/tasks/sysctl.yaml

32 lines
972 B
YAML
Raw Blame History

---
- name: Add disable sysctl values
sysctl:
name: "{{ item }}"
value: "0"
state: present
sysctl_file: /etc/sysctl.d/00-cis-rules
loop:
- net.ipv4.conf.all.accept_redirects
- net.ipv4.conf.default.accept_redirects
- net.ipv6.conf.all.accept_redirects
- net.ipv6.conf.default.accept_redirects
- net.ipv4.conf.all.secure_redirects
- net.ipv4.conf.default.secure_redirects
- net.ipv4.conf.all.send_redirects
- net.ipv4.conf.default.send_redirects
- net.ipv4.conf.all.accept_source_route
- net.ipv4.conf.default.accept_source_route
- net.ipv6.conf.all.accept_source_route
- net.ipv6.conf.default.accept_source_route
- fs.suid_dumpable
- name: Add enable sysctl values
sysctl:
name: "{{ item }}"
value: "1"
state: present
sysctl_file: /etc/sysctl.d/00-cis-rules
loop:
- net.ipv4.conf.all.log_martians
- net.ipv4.conf.default.log_martians
- net.ipv4.conf.default.rp_filter
Reference in New Issue View Git Blame Copy Permalink