Update spacing 311

Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
2026-06-07 21:52:57 +00:00 · 2025-12-24 17:17:30 -05:00
parent 4faa1d45af
commit 66d06c2118
1 changed files with 73 additions and 73 deletions
@@ -2,63 +2,81 @@

 {{ if .Vars.rhel9cis_level_1 }}
  {{ if .Vars.rhel9cis_rule_3_1_1 }}
-command:
-  {{ if not .Vars.rhel9cis_ipv6_required }}
-  ipv6_disabled:
-    title: 3.1.1 | Ensure IPv6 status is identified | IPv6 disabled
-    exec: |
-      if [ `grep 1 /proc/sys/net/ipv6/conf/all/disable_ipv6` ] || [ `grep 1 /proc/sys/net/ipv6/conf/default/disable_ipv6` ] || [ `cat /sys/module/ipv6/parameters/disable` == 1 ]; \
-      then \
-      echo 'ipv6_disabled'; \
-      else echo 'fail'; \
-      fi
-    exit-status: 0
-    stdout:
-    - 'ipv6_disabled'
-    meta:
-      server: 1
-      workstation: 1
-      CIS_ID:
-      - 3.1.1
-      CISv8: 4.8
-      CISv8_IG1: false
-      CISv8_IG2: true
-      CISv8_IG3: true
-      NIST800-53R5:
-      - CM-7
-  {{ end }}
-  {{ if .Vars.rhel9cis_ipv6_required }}
-  ipv6_required:
-    title: 3.1.1 | Ensure IPv6 status is identified | IPv6 enabled
-    exec: |
-      if [ `grep 0 /proc/sys/net/ipv6/conf/all/disable_ipv6` ] || [ `grep 0 /proc/sys/net/ipv6/conf/default/disable_ipv6` ] || [ `cat /sys/module/ipv6/parameters/disable` == 0 ]; \
-      then \
-      echo 'ipv6_enabled'; \
-      else echo 'fail'; \
-      fi
-    exit-status: 0
-    stdout:
-    - 'ipv6_enabled'
-    meta:
-      server: 1
-      workstation: 1
-      CIS_ID:
-      - 3.1.1
-      CISv8: 4.8
-      CISv8_IG1: false
-      CISv8_IG2: true
-      CISv8_IG3: true
-      NIST800-53R5:
-      - CM-7
-    {{ end }}
-    {{ if eq .Vars.rhel9cis_ipv6_disable_method "sysctl" }}
-    ipv6_disabled_sysctl:
-      title: 3.1.1 | Ensure IPv6 status is identified | IPv6 disabled via sysctl
-      exec: sysctl -w net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1
+  command:
+    {{ if not .Vars.rhel9cis_ipv6_required }}
+    ipv6_disabled:
+      title: 3.1.1 | Ensure IPv6 status is identified | IPv6 disabled
+      exec: |
+        if [ `grep 1 /proc/sys/net/ipv6/conf/all/disable_ipv6` ] || [ `grep 1 /proc/sys/net/ipv6/conf/default/disable_ipv6` ] || [ `cat /sys/module/ipv6/parameters/disable` == 1 ]; \
+        then \
+        echo 'ipv6_disabled'; \
+        else echo 'fail'; \
+        fi
      exit-status: 0
      stdout:
-      - 'net.ipv6.conf.all.disable_ipv6 = 1'
-      - 'net.ipv6.conf.default.disable_ipv6 = 1'
+      - 'ipv6_disabled'
+      meta:
+        server: 1
+        workstation: 1
+        CIS_ID:
+        - 3.1.1
+        CISv8: 4.8
+        CISv8_IG1: false
+        CISv8_IG2: true
+        CISv8_IG3: true
+        NIST800-53R5:
+        - CM-7
+    {{ end }}
+    {{ if .Vars.rhel9cis_ipv6_required }}
+    ipv6_required:
+      title: 3.1.1 | Ensure IPv6 status is identified | IPv6 enabled
+      exec: |
+        if [ `grep 0 /proc/sys/net/ipv6/conf/all/disable_ipv6` ] || [ `grep 0 /proc/sys/net/ipv6/conf/default/disable_ipv6` ] || [ `cat /sys/module/ipv6/parameters/disable` == 0 ]; \
+        then \
+        echo 'ipv6_enabled'; \
+        else echo 'fail'; \
+        fi
+      exit-status: 0
+      stdout:
+      - 'ipv6_enabled'
+      meta:
+        server: 1
+        workstation: 1
+        CIS_ID:
+        - 3.1.1
+        CISv8: 4.8
+        CISv8_IG1: false
+        CISv8_IG2: true
+        CISv8_IG3: true
+        NIST800-53R5:
+        - CM-7
+      {{ end }}
+      {{ if eq .Vars.rhel9cis_ipv6_disable_method "sysctl" }}
+      ipv6_disabled_sysctl:
+        title: 3.1.1 | Ensure IPv6 status is identified | IPv6 disabled via sysctl
+        exec: sysctl -w net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1
+        exit-status: 0
+        stdout:
+        - 'net.ipv6.conf.all.disable_ipv6 = 1'
+        - 'net.ipv6.conf.default.disable_ipv6 = 1'
+        meta:
+          server: 1
+          workstation: 1
+          CIS_ID:
+          - 3.1.1
+          CISv8: 4.8
+          CISv8_IG1: false
+          CISv8_IG2: true
+          CISv8_IG3: true
+          NIST800-53R5:
+          - CM-7
+      {{ end }}
+      {{ if eq .Vars.rhel9cis_ipv6_disable_method "kernel" }}
+  kernel-param:
+    ipv6.disable:
+      title: 3.1.1 | Ensure IPv6 status is identified | IPv6 disabled via kernel parameter
+      value: '1'
+      name: ipv6.disable
      meta:
        server: 1
        workstation: 1
@@ -71,23 +89,5 @@ command:
        NIST800-53R5:
        - CM-7
    {{ end }}
-    {{ if eq .Vars.rhel9cis_ipv6_disable_method "kernel" }}
-kernel-param:
-  ipv6.disable:
-    title: 3.1.1 | Ensure IPv6 status is identified | IPv6 disabled via kernel parameter
-    value: '1'
-    name: ipv6.disable
-    meta:
-      server: 1
-      workstation: 1
-      CIS_ID:
-      - 3.1.1
-      CISv8: 4.8
-      CISv8_IG1: false
-      CISv8_IG2: true
-      CISv8_IG3: true
-      NIST800-53R5:
-      - CM-7
-  {{ end }}
  {{ end }}
 {{ end }}