infra-run/ansible/roles/cis-rhel9-hardening/tasks/services.yml

---
- name: Enable chronyd service
  ansible.builtin.systemd:
    name: chronyd
    enabled: true
    state: started
  when: cis_enable_chrony | bool

- name: Enable rsyslog service
  ansible.builtin.systemd:
    name: rsyslog
    enabled: true
    state: started
  when: cis_enable_rsyslog | bool

- name: Enable auditd service
  ansible.builtin.systemd:
    name: auditd
    enabled: true
    state: started
  when: cis_install_auditd | bool

- name: Gather service facts
  ansible.builtin.service_facts:

- name: Disable unnecessary legacy services when present
  ansible.builtin.systemd:
    name: "{{ item }}"
    enabled: false
    state: stopped
  loop: "{{ cis_legacy_services }}"
  loop_control:
    label: "{{ item }}"
  when:
    - cis_remove_legacy_packages | bool
    - item in ansible_facts.services
Add RHEL 9 CIS-inspired hardening playbook 2026-05-06 08:45:33 +00:00			`---`
			`- name: Enable chronyd service`
			`ansible.builtin.systemd:`
			`name: chronyd`
			`enabled: true`
			`state: started`
			`when: cis_enable_chrony \| bool`

			`- name: Enable rsyslog service`
			`ansible.builtin.systemd:`
			`name: rsyslog`
			`enabled: true`
			`state: started`
			`when: cis_enable_rsyslog \| bool`

			`- name: Enable auditd service`
			`ansible.builtin.systemd:`
			`name: auditd`
			`enabled: true`
			`state: started`
			`when: cis_install_auditd \| bool`

			`- name: Gather service facts`
			`ansible.builtin.service_facts:`

			`- name: Disable unnecessary legacy services when present`
			`ansible.builtin.systemd:`
			`name: "{{ item }}"`
			`enabled: false`
			`state: stopped`
			`loop: "{{ cis_legacy_services }}"`
			`loop_control:`
			`label: "{{ item }}"`
			`when:`
			`- cis_remove_legacy_packages \| bool`
			`- item in ansible_facts.services`