ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

QA Fixes

Browse source 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
This commit is contained in:
Frederick Witty 2026-02-10 16:01:05 -05:00
parent 2863be6c02
commit 11becb32c5
No known key found for this signature in database
GPG key ID: 0CFA99C02DE4D8C3
17 changed files with 132 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

42
Changelog.md
View file

@ -1,5 +1,29 @@
# Changes to RHEL9CIS
## 2.0.5 - Based on CIS v2.0.0
- QA Fixes
- Added rhel9cis_uses_root variable definition for 5.4.2.5 root PATH integrity task
- fixed spelling and grammar across defaults/main.yml, Changelog.md, README.md, tasks/main.yml, and vars/main.yml
- Fixed incorrect product reference in vars/main.yml comment (ubtu24cis -> rhel9cis)
- Fixed broken Changelog link in README.md (case mismatch)
- Added var-naming[read-only] to ansible-lint skip list for molecule files
- Bootloader password logic updated with salt and hash options
- Added passlib dependency documentation for bootloader password hash
- Updated company title
- Tidied up comments and variables for bootloader password
- Removed scheduled tasks
- Fixed typo thanks to Eugene @Frequentis
- Unused variable audit: wired up all unused variables, removed legacy references
- Updated chrony template to use rhel9cis_chrony_server_makestep, rtcsync, and minsources variables instead of hardcoded values
- Wired up rhel9cis_authselect_custom_profile_create toggle in authselect profile creation task
- Fixed task 5.3.3.2.7/5.3.3.2.8 mislabeling: separated password quality enforce and root enforce into correct tasks
- Wired up audit_capture_files_dir in audit_only workflow for file capture to control node
- Clarified rhel9cis_root_unlock_time documentation for commented-out alternative usage
- Removed legacy rhel9cis_rule_1_1_10 from molecule converge files and is_container.yml
- Fixed wrong variable name rhel9cis_unowned_group to rhel9cis_ungrouped_group in tasks/section_7/cis_7.1.x.yml
- Added rhel9cis_install_network_manager toggle to 3.1.2 wireless interfaces task
## 2.0.4 - Based on CIS v2.0.0
addressed issue #419, thank you @aaronk1
@ -17,7 +41,7 @@ Audit improvements and max-concurrent option added
Benchmark version variable in audit template
fixed typo thanks to @fragglexarmy #393
fixed typo thanks to @trumbaut #397 & #399
updated auditd template to be 2.19 complaint
updated auditd template to be 2.19 compliant
PR345 thanks to thulium-drake boot password hash - if used needs passlib module
tidy up tags on tasks/main.yml
@ -88,7 +112,7 @@ tidy up tags on tasks/main.yml
- updated controls 6.2.10-6.2.14
- audit
- steps moved to prelim
- update to coipy and archive logic and variables
- update to copy and archive logic and variables
- removed vars not used
- updated quotes used in mode tasks
- pre-commit update
@ -122,7 +146,7 @@ tidy up tags on tasks/main.yml
- lint updates
- .secrets updated
- file mode quoted
- updated 5.6.5 thansk to feedback from S!ghs on discord community
- updated 5.6.5 thanks to feedback from S!ghs on discord community
## 1.1.1 - Based on CIS v1.0.0
@ -154,7 +178,7 @@ tidy up tags on tasks/main.yml
## 1.0.10
- [#72](https://github.com/ansible-lockdown/RHEL9-CIS/issues/72)
- Only run check when paybook user not a superuser
- Only run check when playbook user not a superuser
- fix for 5.5.3 thanks to @nrg-fv
## 1.0.9
@ -226,7 +250,7 @@ Jan-2023 release
- updated ansible minimum to 2.10
- Lint file updates and improvements
- auditd now shows diff ater initial template added
- auditd now shows diff after initial template added
- many control rewritten
- Many controls moved ID references
- Audit updates aligned
@ -251,7 +275,7 @@ Jan-2023 release
- #209 5.6.5 rewrite umask settings
- #220 tidy up and align variables
- #226 Thanks to Thulium-Drake
-Extended the auditd config required value for auditd space left percentage (not part of CIS Benchmark but required fopr auditd to run correctly in some cases)
-Extended the auditd config required value for auditd space left percentage (not part of CIS Benchmark but required for auditd to run correctly in some cases)
- #227 thanks to OscarElits
- chrony files now RH expected locations
@ -291,9 +315,9 @@ Jan-2023 release
- not all controls work with rhel8 releases any longer
- selinux disabled 1.6.1.4
- logrotate - 4.3.x
- updated to rhel8cis v2.0 benchamrk requirements
- updated to rhel8cis v2.0 benchmark requirements
- removed iptables firewall controls (not valid on rhel9)
- added more to logrotate 4.3.x - sure to logrotate now a seperate package
- added more to logrotate 4.3.x - sure to logrotate now a separate package
- grub path now standard to /boot/grub2/grub.cfg
- 1.6.1.4 from rh8 removed as selinux.cfg doesnt disable selinux any longer
- workflow update
@ -312,7 +336,7 @@ args:
```
- update boolean values to true/false
- 3.4.2 improved checks for p[ackage presence
- 3.4.2 improved checks for package presence
- changed to assert for OS/release and ansible version
## Initial