added workaround for ssh-server patching breaks /run/ssh

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-02-21 11:15:52 +00:00 · 2025-02-21 11:15:52 +00:00 · 39507838e6
parent 0835a05b08
commit 39507838e6
1 changed files with 11 additions and 3 deletions
--- a/tasks/section_1/cis_1.2.2.x.yml
+++ b/tasks/section_1/cis_1.2.2.x.yml
@ -9,6 +9,14 @@
    - rule_1.2.2.1
    - NIST800-53R5_SI-2
    - patch
-  ansible.builtin.package:
-    name: "*"
-    state: latest
+  block:
+    - name: "1.2.2.1 | PATCH | Ensure updates, patches, and additional security software are installedi | Update"
+      ansible.builtin.package:
+        name: "*"
+        state: latest
+      register: discovered_pkg_updates
+
+    # Resetting connection as ssh stops if patched reset connection kickstarts it
+    - name: "1.2.2.1 | PATCH | Ensure updates, patches, and additional security software are installed | reset ansible connection if ssh updated"
+      when: "'openssh-server' in discovered_pkg_updates.stdout"
+      ansible.builtin.meta: reset_connection