evolinux-base: compact multiple systctl tasks into one
This commit is contained in:
parent
5721282a9f
commit
b6fa349394
|
@ -50,36 +50,17 @@
|
||||||
reload: yes
|
reload: yes
|
||||||
when: evolinux_kernel_cve20165696
|
when: evolinux_kernel_cve20165696
|
||||||
|
|
||||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
- name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
|
||||||
sysctl:
|
sysctl:
|
||||||
name: net.ipv4.ipfrag_low_thresh
|
name: "{{ item.name }}"
|
||||||
value: 196608
|
value: "{{ item.value }}"
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
|
||||||
state: present
|
|
||||||
reload: yes
|
|
||||||
|
|
||||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
|
||||||
sysctl:
|
|
||||||
name: net.ipv6.ip6frag_low_thresh
|
|
||||||
value: 196608
|
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
|
||||||
state: present
|
|
||||||
reload: yes
|
|
||||||
|
|
||||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
|
||||||
sysctl:
|
|
||||||
name: net.ipv4.ipfrag_high_thresh
|
|
||||||
value: 262144
|
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
|
||||||
state: present
|
|
||||||
reload: yes
|
|
||||||
|
|
||||||
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
|
|
||||||
sysctl:
|
|
||||||
name: net.ipv6.ip6frag_high_thresh
|
|
||||||
value: 262144
|
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||||
state: present
|
state: present
|
||||||
reload: yes
|
reload: yes
|
||||||
|
with_items:
|
||||||
|
- { name: "net.ipv4.ipfrag_low_thresh", value: 196608 }
|
||||||
|
- { name: "net.ipv6.ip6frag_low_thresh", value: 196608 }
|
||||||
|
- { name: "net.ipv4.ipfrag_high_thresh", value: 262144 }
|
||||||
|
- { name: "net.ipv6.ip6frag_high_thresh", value: 262144 }
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
Loading…
Reference in a new issue