61 lines
1.6 KiB
YAML
61 lines
1.6 KiB
YAML
---
|
|
|
|
- name: "2.3.3.1 | PATCH | Ensure chrony is configured with authorized timeserver"
|
|
when: ubtu24cis_rule_2_3_3_1
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- rule_2.3.3.1
|
|
- NIST800-53R5_AU-3
|
|
- NIST800-53R5_AU-12
|
|
- chrony
|
|
block:
|
|
- name: "2.3.3.1 | PATCH | Ensure chrony is configured with authorized timeserver | sources"
|
|
ansible.builtin.template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/{{ item }}"
|
|
mode: 'go-r'
|
|
owner: root
|
|
group: root
|
|
loop:
|
|
- etc/chrony/sources.d/pool.sources
|
|
- etc/chrony/sources.d/server.sources
|
|
notify: Restart timeservice
|
|
|
|
- name: "2.3.3.1 | PATCH | Ensure chrony is configured with authorized timeserver | load sources"
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/chrony/chrony.conf
|
|
regexp: '^sourcedir /etc/chrony/sources.d'
|
|
line: sourcedir /etc/chrony/sources.d
|
|
notify: Restart timeservice
|
|
|
|
- name: "2.3.3.2 | PATCH | Ensure chrony is running as user _chrony"
|
|
when: ubtu24cis_rule_2_3_3_2
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- patch
|
|
- rule_2.3.3.2
|
|
- NIST800-53R5_AU-8
|
|
- chrony
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/chrony/chrony.conf
|
|
regexp: '^user _chrony'
|
|
line: 'user _chrony'
|
|
|
|
- name: "2.3.3.3 | PATCH | Ensure chrony is enabled and running"
|
|
when: ubtu24cis_rule_2_3_3_3
|
|
tags:
|
|
- level1-server
|
|
- level1-workstation
|
|
- rule_2.3.3.3
|
|
- NIST800-53R5_AU-8
|
|
- chrony
|
|
block:
|
|
- name: "2.3.3.3 | PATCH | Ensure chrony is enabled and running"
|
|
ansible.builtin.systemd:
|
|
name: chrony
|
|
state: started
|
|
enabled: true
|