1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux,multi_platform_rhv,SUSE Linux Enterprise 15
# reboot = false
# strategy = enable
# complexity = low
# disruption = low
{{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9', 'rhel10'] %}}
{{% set PACKAGE_NAME = "python3-libsemanage" %}}
{{% elif product == "sle15" %}}
{{% set PACKAGE_NAME = "policycoreutils" %}}
{{% else %}}
{{% set PACKAGE_NAME = "libsemanage-python" %}}
{{% endif %}}
- name: "{{{ rule_title }}} - Ensure {{{ PACKAGE_NAME }}} Installed"
package:
name: "{{{ PACKAGE_NAME }}}"
state: present
{{% if product == "sle15" %}}
- name: "{{{ rule_title }}} - Ensure Additional Packages Installed"
become: yes
package:
name:
- policycoreutils-python-utils
- selinux-tools
- python3-selinux
- python3-semanage
state: present
{{% endif %}}
{{% if SEBOOL_BOOL %}}
- name: "{{{ rule_title }}} - Set SELinux Boolean {{{ SEBOOLID }}} to {{{ SEBOOL_BOOL }}}"
seboolean:
name: "{{{ SEBOOLID }}}"
state: "{{{ SEBOOL_BOOL }}}"
persistent: yes
when: ansible_facts.selinux.status == 'enabled'
{{% else %}}
- (xccdf-var var_{{{ SEBOOLID }}})
- name: "{{{ rule_title }}} - Set SELinux Boolean {{{ SEBOOLID }}} Accordingly"
seboolean:
name: {{{ SEBOOLID }}}
state: "{{ var_{{{ SEBOOLID }}} }}"
persistent: yes
when: ansible_facts.selinux.status == 'enabled'
{{% endif %}}
|
