diff --git a/defaults/main.yml b/defaults/main.yml index 836f16f..7ea583d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -343,7 +343,6 @@ rhel9cis_rule_6_2_14: true rhel9cis_rule_6_2_15: true rhel9cis_rule_6_2_16: true - ## Section 1 vars #### 1.1.2 @@ -413,7 +412,6 @@ rhel9cis_selinux_enforce: enforcing ## 2. Services - ### 2.1 Time Synchronization #### 2.1.2 Time Synchronization servers - used in template file chrony.conf.j2 rhel9cis_time_synchronization_servers: @@ -461,7 +459,6 @@ rhel9cis_openldap_clients_required: false rhel9cis_tftp_client: false rhel9cis_ftp_client: false - ## Section3 vars ## Sysctl rhel9cis_sysctl_update: false @@ -478,7 +475,6 @@ rhel9cis_firewall: firewalld ##### firewalld rhel9cis_default_zone: public - # These are added to demonstrate how this can be done rhel9cis_firewalld_ports: - number: 80 @@ -514,7 +510,6 @@ update_audit_template: false ## Advanced option found in auditd post rhel9cis_allow_auditd_uid_user_exclusions: false - # This can be used to configure other keys in auditd.conf rhel9cis_auditd_extra_conf: {} # Example: @@ -535,7 +530,6 @@ rhel9cis_remote_log_protocol: tcp rhel9cis_remote_log_retrycount: 100 rhel9cis_remote_log_queuesize: 1000 - #### 4.2.1.7 rhel9cis_system_is_log_server: false @@ -584,7 +578,6 @@ rhel9cis_ssh_maxsessions: 4 rhel9cis_inactivelock: lock_days: 30 - rhel9cis_use_authconfig: false # 5.3.1/5.3.2 Custom authselect profile settings. Settings in place now will fail, they are place holders from the control example # Due to the way many multiple options and ways to configure this control needs to be enabled and settings adjusted to minimise risk @@ -599,7 +592,6 @@ rhel9cis_authselect_custom_profile_create: false # 5.3.2 Enable automation to select custom profile options, using the settings above rhel9cis_authselect_custom_profile_select: false - rhel9cis_pass: max_days: 365 min_days: 7 @@ -648,7 +640,6 @@ rhel9cis_futurepwchgdate_autofix: true # 5.3.7 rhel9cis_sugroup: nosugroup - ## Section6 vars # RHEL-09_6.1.1 @@ -669,7 +660,6 @@ audit_run_script_environment: AUDIT_FILE: 'goss.yml' AUDIT_CONTENT_LOCATION: "{{ audit_out_dir }}" - ### Goss binary settings ### goss_version: release: v0.3.21 diff --git a/tasks/main.yml b/tasks/main.yml index d083319..2bb0f3f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -102,7 +102,6 @@ tags: - always - - name: Gather the package facts ansible.builtin.package_facts: manager: auto diff --git a/tasks/section_2/cis_2.2.x.yml b/tasks/section_2/cis_2.2.x.yml index 496a92f..e592d17 100644 --- a/tasks/section_2/cis_2.2.x.yml +++ b/tasks/section_2/cis_2.2.x.yml @@ -1,6 +1,5 @@ --- - - name: "2.2.1 | PATCH | Ensure xorg-x11-server-common is not installed" ansible.builtin.package: name: xorg-x11-server-common diff --git a/tasks/section_3/cis_3.4.2.x.yml b/tasks/section_3/cis_3.4.2.x.yml index 540bda0..865fe59 100644 --- a/tasks/section_3/cis_3.4.2.x.yml +++ b/tasks/section_3/cis_3.4.2.x.yml @@ -157,7 +157,6 @@ - nftables - rule_3.4.2.4 - - name: "3.4.2.4 | PATCH | Ensure host based firewall loopback traffic is configured | firewalld" ansible.posix.firewalld: rich_rule: "{{ item }}" diff --git a/vars/is_container.yml b/vars/is_container.yml index 32504ee..1a69784 100644 --- a/vars/is_container.yml +++ b/vars/is_container.yml @@ -6,14 +6,12 @@ ## controls - # Firewall rhel9cis_firewall: None # SElinux rhel9cis_selinux_disable: true - ## Related individual rules # Aide rhel9cis_rule_1_4_1: false @@ -42,7 +40,6 @@ rhel9cis_rule_5_1_8: false # crypto rhel9cis_rule_1_10: false - # grub rhel9cis_rule_1_5_1: false rhel9cis_rule_1_5_2: false @@ -88,6 +85,5 @@ rhel9cis_rule_4_2_2_3: false # systemd - # Users/passwords/accounts rhel9cis_rule_5_5_2: false