evolinux-base: compact multiple systctl tasks into one
This commit is contained in:
parent
5721282a9f
commit
b6fa349394
|
@ -50,36 +50,17 @@
|
|||
reload: yes
|
||||
when: evolinux_kernel_cve20165696
|
||||
|
||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
||||
- name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
|
||||
sysctl:
|
||||
name: net.ipv4.ipfrag_low_thresh
|
||||
value: 196608
|
||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
||||
sysctl:
|
||||
name: net.ipv6.ip6frag_low_thresh
|
||||
value: 196608
|
||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
||||
sysctl:
|
||||
name: net.ipv4.ipfrag_high_thresh
|
||||
value: 262144
|
||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
||||
sysctl:
|
||||
name: net.ipv6.ip6frag_high_thresh
|
||||
value: 262144
|
||||
name: "{{ item.name }}"
|
||||
value: "{{ item.value }}"
|
||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: present
|
||||
reload: yes
|
||||
with_items:
|
||||
- { name: "net.ipv4.ipfrag_low_thresh", value: 196608 }
|
||||
- { name: "net.ipv6.ip6frag_low_thresh", value: 196608 }
|
||||
- { name: "net.ipv4.ipfrag_high_thresh", value: 262144 }
|
||||
- { name: "net.ipv6.ip6frag_high_thresh", value: 262144 }
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
Loading…
Reference in a new issue