Review set_nftables_loopback_traffic for RHEL7

[marcusburghardt]

Description of problem:

The set_nftables_loopback_traffic apparently was never used in RHEL 7, specially when iptables is the default backend for RHEL 7. RHEL8 also uses firewald and this rule is not included in any RHEL8 profile. But the rule is supported on these systems and is included in the Datastream.

Recently the Ansible remediation for this rule was updated (#11465) because the Ansible module sysctl belongs to different collections depending on the system version:

• ansible.posix collection in RHEL8
• ansible.builtin collection in RHEL7.

So, the mentioned PR makes it correct for both versions.

This is not an issue when executing the respective playbooks for a local system, but could be a problema when the Ansible controller in one version tries to execute the Playbook for a client in another version.

SCAP Security Guide Version:

master and stabilization-0.1.72 as of 2024-02-01

Operating System Version:

RHEL7 and RHEL8

Steps to Reproduce:

Execute this process both on RHEL 7 and RHEL 8

1. ./build_product rhel7 rhel8
   2.a. ansible-playbook --syntax-check build/rhel7/fixes/ansible/set_nftables_loopback_traffic.yml
   2.b. ansible-playbook --syntax-check build/rhel8/fixes/ansible/set_nftables_loopback_traffic.yml

Actual Results:

Example in RHEL 7:
ERROR! couldn't resolve module/action 'ansible.posix.sysctl'. This often indicates a misspelling, missing collection, or incorrect module path.

Expected Results:

No errors detected by ansible-playbook --syntax-check

Additional Information/Debugging Steps:

One option would be to not use FQCN for sysctl, but this is going against the Ansible best practices and might not be a good solution for the long-term. Also changing the module in this specific remediation doesn't seem worthwhile.