Skip to content

Commit

Permalink
adds feature to allow rsync install CIS compliant
Browse files Browse the repository at this point in the history
  • Loading branch information
dderemiah committed Oct 19, 2023
1 parent 0e78bb2 commit e9478b4
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 8 deletions.
1 change: 1 addition & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,7 @@ ubtu20cis_smb_server: false
ubtu20cis_squid_server: false
ubtu20cis_snmp_server: false
ubtu20cis_rsync_server: false
ubtu20cis_rsync_masked: false
ubtu20cis_nis_server: false
ubtu20cis_nfs_client: false
# rpcbind is required by nfs-common which is required on client and server
Expand Down
29 changes: 21 additions & 8 deletions tasks/section_2/cis_2.2.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -328,14 +328,27 @@
- rule_2.2.16
- postfix

- name: "2.2.17 | PATCH | Ensure rsync service is not installed"
ansible.builtin.package:
name: rsync
state: absent
when:
- ubtu20cis_rule_2_2_17
- not ubtu20cis_rsync_server
- "'rsync' in ansible_facts.packages"
- name: "2.2.17 | PATCH | Ensure rsync service is not installed or masked"
block:
- name: "2.2.17 | PATCH | Ensure rsync service is disabled and masked"
ansible.builtin.service:
name: rsync.service
state: stopped
enabled: false
masked: true
when:
- ubtu20cis_rule_2_2_17
- ubtu20cis_rsync_masked
- "'rsync' in ansible_facts.packages"
- name: "2.2.17 | PATCH | Ensure rsync service is not installed"
ansible.builtin.package:
name: rsync
state: absent
when:
- ubtu20cis_rule_2_2_17
- not ubtu20cis_rsync_masked
- not ubtu20cis_rsync_server
- "'rsync' in ansible_facts.packages"
tags:
- level1-server
- level1-workstation
Expand Down

0 comments on commit e9478b4

Please sign in to comment.