We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHEL8-CIS/tasks/section_1/cis_1.9.yml
Line 3 in 5bafd20
Updating all packages is fine, but when the kernel is updated, older, possibly vulnerable, versions could be removed to mitigate booting with them.
In the spirit of CIS 1.9, maybe not valid in the strict interpretation...
The text was updated successfully, but these errors were encountered:
hi @bbaassssiiee
Great idea, we could make this an optional. I would probably look at keeping the last 2(as default)? just for rollback purposes? Good enhancement.
Cheers
uk-bolly
Sorry, something went wrong.
Hi @uk-bolly
At work we use the following playbook include in our maintenance plays:
--- - name: 'Remove old kernel packages' hosts: 'all' tasks: - name: 'Uninstall old kernels' ansible.builtin.shell: yum remove $(yum repoquery --installonly --latest-limit=-2 -q) when: ansible_facts['os_family'] == 'RedHat'
That might give you a head stat ;-)
#287
8a42b2d
new option to limit installed kernels Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Does not seem to work yet. Cannot effectuate 1 kernel.
No branches or pull requests
RHEL8-CIS/tasks/section_1/cis_1.9.yml
Line 3 in 5bafd20
Updating all packages is fine, but when the kernel is updated, older, possibly vulnerable, versions could be removed to mitigate booting with them.
In the spirit of CIS 1.9, maybe not valid in the strict interpretation...
The text was updated successfully, but these errors were encountered: