Skip to content

Commit

Permalink
Merge pull request #213 from jLemmings/main
Browse files Browse the repository at this point in the history 
Add partition check for /usr/local
  • Loading branch information
@MonolithProjects
MonolithProjects authored May 14, 2024
2 parents 457b145 + 361f9f5 commit 56be8d5
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion tasks/cis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,14 @@
comment: etcd user
state: present

- name: Check if separate partition
ansible.builtin.command: grep '/usr/local ' /proc/mounts
changed_when: false
register: partition_result

- name: Copy systemctl config file for kernel hardening
ansible.builtin.copy:
src: "{{ '/usr/local/share/rke2/rke2-cis-sysctl.conf' if usr_local.stat.writeable == True else '/opt/rke2/share/rke2/rke2-cis-sysctl.conf' }}"
src: "{{ '/usr/local/share/rke2/rke2-cis-sysctl.conf' if (usr_local.stat.writeable) and (partition_result.rc == 1) else '/opt/rke2/share/rke2/rke2-cis-sysctl.conf' }}"
dest: /etc/sysctl.d/60-rke2-cis.conf
mode: 0600
remote_src: true
Expand Down

0 comments on commit 56be8d5

Please sign in to comment.