ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated yamllint, company naming, linting and spacing

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-04 11:45:13 +00:00
parent 1b694832bb
commit 2de8a39cdc
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
66 changed files with 461 additions and 675 deletions
Download patch file Download diff file Expand all files Collapse all files

14
tasks/section_7/cis_7.1.x.yml
View file

@ -83,7 +83,7 @@
path: /etc/shadow
owner: root
group: root
mode: '0000'
mode: 'ugo-rwx'
- name: "7.1.6 | PATCH | Ensure permissions on /etc/shadow- are configured"
when:
@ -100,7 +100,7 @@
path: /etc/shadow-
owner: root
group: root
mode: '0000'
mode: 'ugo-rwx'
- name: "7.1.7 | PATCH | Ensure permissions on /etc/gshadow are configured"
when:
@ -117,7 +117,7 @@
path: /etc/gshadow
owner: root
group: root
mode: '0000'
mode: 'ugo-rwx'
- name: "7.1.8 | PATCH | Ensure permissions on /etc/gshadow- are configured"
when:
@ -134,7 +134,7 @@
path: /etc/gshadow-
owner: root
group: root
mode: '0000'
mode: 'ugo-rwx'
- name: "7.1.9 | PATCH | Ensure permissions on /etc/shells are configured"
when:
@ -196,7 +196,7 @@
- rhel9cis_no_world_write_adjust
ansible.builtin.file:
path: '{{ item }}'
mode: o-w
mode: 'o-w'
state: touch
loop: "{{ discovered_world_writable.stdout_lines }}"
@ -221,7 +221,7 @@
warn_control_id: '7.1.12'
block:
- name: "7.1.12 | AUDIT | Ensure no files or directories without an owner and a group exist | Get list files or directories"
ansible.builtin.shell: find {{ rhel9cis_exclude_unowned_search_path }} {{ item.mount }} -xdev \( -nouser -o -nogroup \) -not -fstype nfs
ansible.builtin.command: find {{ rhel9cis_exclude_unowned_search_path }} {{ item.mount }} -xdev \( -nouser -o -nogroup \) -not -fstype nfs
changed_when: false
failed_when: false
check_mode: false
@ -283,7 +283,7 @@
warn_control_id: '7.1.13'
block:
- name: "7.1.13 | AUDIT | Ensure SUID and SGID files are reviewed | Find SUID and SGID"
ansible.builtin.shell: find {{ item.mount }} -xdev -type f -perm \( -02000 or -04000 \) -not -fstype nfs
ansible.builtin.command: find {{ item.mount }} -xdev -type f -perm \( -02000 or -04000 \) -not -fstype nfs
changed_when: false
failed_when: false
check_mode: false

2
tasks/section_7/cis_7.2.x.yml
View file

@ -237,7 +237,7 @@
- users
- rule_7.2.8
block:
- name: "7.2.8 | PATCH | Ensure local interactive user home directories are configured | Create dir if absent"
- name: "7.2.8 | PATCH | Ensure local interactive user home directories are configured | Create dir if absent" # noqa risky-file-permissions
ansible.builtin.file:
path: "{{ item.dir }}"
state: directory