From 259aa1ed7b29b0625a1a4434bdb0f83a59feb97a Mon Sep 17 00:00:00 2001 From: Dominik Meyer Date: Tue, 22 Mar 2022 23:16:42 +0100 Subject: [PATCH] FIX: prevent bpf hardening on kernels < 5.8 --- tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 97bd221..a481494 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -405,7 +405,7 @@ name: kernel.unprivileged_bpf_disabled value: '1' state: present - when: BasicHardeningEnable and (ansible_facts.distribution_release == "bullseye" or ansible_facts.distribution_release == "buster") + when: BasicHardeningEnable and ansible_kernel is version_compare('5.8','>=') - name: harden den bpf jit compilter @@ -413,4 +413,4 @@ name: net.core.bpf_jit_harden value: '2' state: present - when: BasicHardeningEnable and ansible_facts.distribution_release == "bullseye" \ No newline at end of file + when: BasicHardeningEnable and ansible_kernel is version_compare('5.8','>=') \ No newline at end of file