I am trying to write some compliance tasksto check if insecure configurations are presents and remedy them, one issue i am facing with the below snippet is that it fails as service is not installed, should there be another state=removed? or shouldn’t the state disabled in the case of software removed return success as in reality the service is not installed so it is disabled in a way
name: disable insecure services “rsh, rlogin, and rexec”
to remove them i would use the appropriate package module, the service module does and should not install/uninstall.
Make sure you remove AFTER you disable as some systems will not stop the service on removal and might leave it running and any init scripts (or alternatives) will have been removed.
First as you said I would like to make sure if the service exists and make sure its disabled and remove it or just disable it notify its existence, however the service module will fail if they are not installed. i can not just “ignore_errors” as what if it ignores a service that can not be disabled.