swissmakers_gmbh/RHEL9-CIS
12
0
Fork 0
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-05-09 04:19:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

updated handlers

Browse Source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
2026-04-10 16:54:31 +01:00
parent 2d1ae800b3
commit 2ac71da85c
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers/main.yml
+8 -5
View File
@@ -246,18 +246,21 @@
## Auditd tasks note order for handlers to run
- name: Auditd immutable check
ansible.builtin.command: grep -c "^-e 2" /etc/audit/rules.d/99_auditd.rules
changed_when: false
register: discovered_auditd_immutable_check
- name: Auditd rules reload
when: prelim_auditd_immutable_check.rc == 1 or discovered_augenrules_check.stdout is search('No change')
ansible.builtin.command: augenrules --load
changed_when: true
failed_when: discovered_augenrule_check.rc not in [ 0, 1 ]
register: discovered_augenrule_check
- name: Audit immutable fact
when: discovered_auditd_immutable_check.stdout == '1'
when: prelim_auditd_immutable_check is defined
ansible.builtin.debug:
msg: "Reboot required for auditd to apply new rules as immutable set"
notify: Set reboot required
- name: Stop auditd process
when: prelim_auditd_immutable_check is defined
ansible.builtin.command: systemctl kill auditd
changed_when: true
listen: Restart auditd