Skip to content

Commit 3b69097

Browse files
author
Joshua Hemmings
committed
fix cis hardening for separate partition
1 parent 626725a commit 3b69097

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

tasks/cis.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,13 @@
1313
comment: etcd user
1414
state: present
1515

16+
- name: Check if separate partition
17+
command: grep '/usr/local ' /proc/mounts
18+
register: partition_result
19+
1620
- name: Copy systemctl config file for kernel hardening
1721
ansible.builtin.copy:
18-
src: "{{ '/usr/local/share/rke2/rke2-cis-sysctl.conf' if usr_local.stat.writeable == True else '/opt/rke2/share/rke2/rke2-cis-sysctl.conf' }}"
22+
src: "{{ '/usr/local/share/rke2/rke2-cis-sysctl.conf' if (usr_local.stat.writeable) and (partition_result.rc == 1) else '/opt/rke2/share/rke2/rke2-cis-sysctl.conf' }}"
1923
dest: /etc/sysctl.d/60-rke2-cis.conf
2024
mode: 0600
2125
remote_src: true

0 commit comments

Comments
 (0)