ansible-lockdown · uk-bolly · Jan 6, 2025 · Jan 6, 2025 · Jan 6, 2025
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
@@ -1,11 +1,5 @@
 ---
 
-- name: PRELIM | AUDIT | Set default values for facts
-  ansible.builtin.set_fact:
-    control_1_6_1_4_was_run: false
-    ubtu22cis_apparmor_enforce_only: false
-  changed_when: false
-
 - name: PRELIM | AUDIT | Register if snap being used
   when: ubtu22cis_rule_1_1_1_6
   tags:

diff --git a/tasks/section_3/cis_3.3.x.yml b/tasks/section_3/cis_3.3.x.yml
@@ -26,8 +26,7 @@
         state: present
         reload: true
         ignoreerrors: true
-      notify:
-        - Flush ipv4 route table
+      notify: Flush ipv4 route table
 
     - name: "3.3.1 | PATCH | Ensure IP forwarding is disabled | IPv6 settings"
       when: ubtu22cis_ipv6_disable == 'sysctl'
@@ -39,8 +38,7 @@
         state: present
         reload: true
         ignoreerrors: true
-      notify:
-        - Flush ipv6 route table
+      notify: Flush ipv6 route table
 
 - name: "3.3.2 | PATCH | Ensure packet redirect sending is disabled"
   when:

diff --git a/vars/main.yml b/vars/main.yml
@@ -3,6 +3,11 @@
 min_ansible_version: 2.12.1
 # Set default value for reboot value
 change_requires_reboot: false
+
+# Apparmor default settings
+control_1_3_1_4_was_run: false
+ubtu22cis_apparmor_enforce_only: false
+
 # The role discovers dynamically (in tasks/main.yml) whether it
 # is executed on a container image and sets the variable
 # system_is_container the true. Otherwise, the default value