search

gonoph / ansible-mitigation

Ansible Playbooks to mitigate certain CVEs
GNU General Public License v3.0
0 stars 0 forks source link

masks and disabled service, unapply is idempotent #3

Closed gonoph closed 5 hours ago

gonoph commented 5 hours ago

resolves #1 and #2

Need to run the systemd_service module twice:

  1. to disable and stop the service
  2. to disable, stop, and mask the service

Failing to mask the service last renders the service automatically enabled if it was enabled previously, and then manually unmasked.

Added service_facts module to ensure idempotency of playbook when mitigation is unapplied and then further configuration changes are performed on the host.