--- - name: Collect current AIX network tunables ansible.builtin.command: no -a changed_when: false failed_when: false check_mode: false register: cis_aix_no_current - name: Query configured AIX network tunables ansible.builtin.command: "no -o {{ item.key }}" changed_when: false failed_when: false check_mode: false loop: "{{ cis_network_no_settings | dict2items }}" register: cis_aix_no_query - name: Apply configured AIX network tunables ansible.builtin.command: "no -p -o {{ item.item.key }}={{ item.item.value }}" changed_when: true loop: "{{ cis_aix_no_query.results }}" when: - item.rc == 0 - item.stdout is not search('=\\s*' ~ (item.item.value | string) ~ '\\b') - name: Warn about unsupported AIX network tunables ansible.builtin.debug: msg: "WARNING: AIX network tunable {{ item.item.key }} is not supported on this host." loop: "{{ cis_aix_no_query.results }}" when: item.rc != 0 - name: Check nfso availability ansible.builtin.shell: "command -v nfso >/dev/null 2>&1 || whence nfso >/dev/null 2>&1" args: executable: /bin/ksh changed_when: false failed_when: false check_mode: false register: cis_aix_nfso_available - name: Query configured AIX NFS tunables ansible.builtin.command: "nfso -o {{ item.key }}" changed_when: false failed_when: false check_mode: false loop: "{{ cis_network_nfso_settings | dict2items }}" register: cis_aix_nfso_query when: - cis_aix_nfso_available.rc == 0 - cis_network_nfso_settings | length > 0 - name: Apply configured AIX NFS tunables ansible.builtin.command: "nfso -p -o {{ item.item.key }}={{ item.item.value }}" changed_when: true loop: "{{ cis_aix_nfso_query.results | default([]) }}" when: - item.rc == 0 - item.stdout is not search('=\\s*' ~ (item.item.value | string) ~ '\\b') - name: Report network hardening status ansible.builtin.debug: msg: - "OK: AIX network tunables were validated before changes." - >- {{ 'OK: nfso is available for optional NFS network tunables.' if cis_aix_nfso_available.rc == 0 else 'WARNING: nfso was not found; NFS tunables were skipped.' }}