File: ansible.template

package info (click to toggle)
scap-security-guide 0.1.65-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 71,936 kB
  • sloc: xml: 179,374; sh: 69,771; python: 23,819; makefile: 23
file content (43 lines) | stat: -rw-r--r-- 1,160 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# platform = multi_platform_all
# reboot = true
# strategy = disable
# complexity = low
# disruption = medium

- name: List /etc/sysctl.d/*.conf files
  find:
    paths:
      - "/etc/sysctl.d/"
      - "/run/sysctl.d/"
      - "/usr/local/lib/sysctl.d/"
{{% if product not in [ "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9"] %}}
      - "/usr/lib/sysctl.d/"
{{% endif %}}
    contains: '^[\s]*{{{ SYSCTLVAR }}}.*$'
    patterns: "*.conf"
    file_type: any
  register: find_sysctl_d

- name: Comment out any occurrences of {{{ SYSCTLVAR }}} from config files
  replace:
    path: "{{ item.path }}"
    regexp: '^[\s]*{{{ SYSCTLVAR }}}'
    replace: '#{{{ SYSCTLVAR }}}'
  loop: "{{ find_sysctl_d.files }}"

{{%- if SYSCTLVAL == "" or SYSCTLVAL is not string  %}}
- (xccdf-var sysctl_{{{ SYSCTLID }}}_value)

- name: Ensure sysctl {{{ SYSCTLVAR }}} is set
  sysctl:
    name: "{{{ SYSCTLVAR }}}"
    value: "{{ sysctl_{{{ SYSCTLID }}}_value }}"
{{%- else %}}
- name: Ensure sysctl {{{ SYSCTLVAR }}} is set to {{{ SYSCTLVAL }}}
  sysctl:
    name: "{{{ SYSCTLVAR }}}"
    value: "{{{ SYSCTLVAL }}}"
{{%- endif %}}
    state: present
    reload: yes