ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Support section 5 modularization

Browse source 
Signed-off-by: polski-g <polski_g@sent.at>
This commit is contained in:
polski-g 2025-09-02 12:15:45 -04:00
parent 88507f9516
commit 49670f729e
No known key found for this signature in database
GPG key ID: C077F64D3FFD4D39
2 changed files with 44 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
defaults/main.yml
View file

@ -18,11 +18,17 @@ rhel9cis_disruption_high: true
# These variables govern whether the tasks of a particular section are to be executed when running the role.
# E.g: If you want to execute the tasks of Section 1 you should set the "_section1" variable to true.
# If you do not want the tasks from that section to get executed you simply set the variable to "false".
# Some sections support sub-section modularization. The super-section and sub-section must both be true
# for the sub-section to execute.
rhel9cis_section1: true
rhel9cis_section2: true
rhel9cis_section3: true
rhel9cis_section4: true
rhel9cis_section5: true
rhel9cis_section5_1: true
rhel9cis_section5_2: true
rhel9cis_section5_3: true
rhel9cis_section5_4: true
rhel9cis_section6: true
rhel9cis_section7: true

29
tasks/section_5/main.yml
View file

@ -5,45 +5,56 @@
- name: "SECTION | 5.1 | Configure SSH Server"
when:
- "'openssh-server' in ansible_facts.packages"
- rhel9cis_section5_1
ansible.builtin.import_tasks:
file: cis_5.1.x.yml
- name: "SECTION | 5.2 | Configure privilege escalation"
when:
- - rhel9cis_section5_2
ansible.builtin.import_tasks:
file: cis_5.2.x.yml
- name: "SECTION | 5.3.1.x | Configure PAM software packages"
- name: "SECTION | 5.3"
when:
- rhel9cis_section5_3
block:
- name: "SECTION | 5.3.1.x | Configure PAM software packages"
ansible.builtin.import_tasks:
file: cis_5.3.1.x.yml
- name: "SECTION | 5.3.2.x | Configure authselect"
- name: "SECTION | 5.3.2.x | Configure authselect"
ansible.builtin.import_tasks:
file: cis_5.3.2.x.yml
- name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
- name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
ansible.builtin.import_tasks:
file: cis_5.3.3.1.x.yml
- name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
- name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
ansible.builtin.import_tasks:
file: cis_5.3.3.2.x.yml
- name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
- name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
ansible.builtin.import_tasks:
file: cis_5.3.3.3.x.yml
- name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
- name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
ansible.builtin.import_tasks:
file: cis_5.3.3.4.x.yml
- name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
- name: "SECTION | 5.4"
when:
- rhel9cis_section5_4
block:
- name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
ansible.builtin.import_tasks:
file: cis_5.4.1.x.yml
- name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
- name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
ansible.builtin.import_tasks:
file: cis_5.4.2.x.yml
- name: "SECTION | 5.4.3.x | Configure user default environment"
- name: "SECTION | 5.4.3.x | Configure user default environment"
ansible.builtin.import_tasks:
file: cis_5.4.3.x.yml