mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-26 15:13:05 +00:00
Merge branch 'lint_dec24' into alignment
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
commit
82f7b53a67
49 changed files with 375 additions and 606 deletions
|
|
@ -33,9 +33,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.2 | PATCH | Ensure avahi daemon services are not in use"
|
||||
when:
|
||||
- rhel9cis_rule_2_1_2
|
||||
- "'avahi' in ansible_facts.packages or 'avahi-autopd' in ansible_facts.packages"
|
||||
when: rhel9cis_rule_2_1_2
|
||||
tags:
|
||||
- level1-server
|
||||
- level2-workstation
|
||||
|
|
@ -70,9 +68,7 @@
|
|||
- avahi-daemon.service
|
||||
|
||||
- name: "2.1.3 | PATCH | Ensure dhcp server services are not in use"
|
||||
when:
|
||||
- "'dhcp-server' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_3
|
||||
when: rhel9cis_rule_2_1_3
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -105,9 +101,7 @@
|
|||
- dhcpd6.service
|
||||
|
||||
- name: "2.1.4 | PATCH | Ensure dns server services are not in use"
|
||||
when:
|
||||
- "'bind' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_4
|
||||
when: rhel9cis_rule_2_1_4
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -137,9 +131,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.5 | PATCH | Ensure dnsmasq server services are not in use"
|
||||
when:
|
||||
- "'dnsmasq' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_5
|
||||
when: rhel9cis_rule_2_1_5
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -169,9 +161,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.6 | PATCH | Ensure samba file server services are not in use"
|
||||
when:
|
||||
- "'samba' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_6
|
||||
when: rhel9cis_rule_2_1_6
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -202,9 +192,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.7 | PATCH | Ensure ftp server services are not in use"
|
||||
when:
|
||||
- "'ftp' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_7
|
||||
when: rhel9cis_rule_2_1_7
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -235,9 +223,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.8 | PATCH | Ensure message access server services are not in use"
|
||||
when:
|
||||
- "'dovecot' in ansible_facts.packages or 'cyrus-imapd' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_8
|
||||
when: rhel9cis_rule_2_1_8
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -275,9 +261,7 @@
|
|||
- "cyrus-imapd.service"
|
||||
|
||||
- name: "2.1.9 | PATCH | Ensure network file system services are not in use"
|
||||
when:
|
||||
- "'nfs-utils' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_9
|
||||
when: rhel9cis_rule_2_1_9
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -309,9 +293,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.10 | PATCH | Ensure nis server services are not in use"
|
||||
when:
|
||||
- "'ypserv' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_10
|
||||
when: rhel9cis_rule_2_1_10
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -341,9 +323,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.11 | PATCH | Ensure print server services are not in use"
|
||||
when:
|
||||
- "'cups' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_11
|
||||
when: rhel9cis_rule_2_1_11
|
||||
tags:
|
||||
- level1-server
|
||||
- automated
|
||||
|
|
@ -375,9 +355,7 @@
|
|||
- "cups.service"
|
||||
|
||||
- name: "2.1.12 | PATCH | Ensure rpcbind services are not in use"
|
||||
when:
|
||||
- "'rpcbind' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_12
|
||||
when: rhel9cis_rule_2_1_12
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -411,9 +389,7 @@
|
|||
- rpcbind.socket
|
||||
|
||||
- name: "2.1.13 | PATCH | Ensure rsync services are not in use"
|
||||
when:
|
||||
- "'rsync-daemon' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_13
|
||||
when: rhel9cis_rule_2_1_13
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -447,9 +423,7 @@
|
|||
- 'rsyncd.service'
|
||||
|
||||
- name: "2.1.14 | PATCH | Ensure snmp services are not in use"
|
||||
when:
|
||||
- "'net-snmp' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_14
|
||||
when: rhel9cis_rule_2_1_14
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -479,9 +453,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.15 | PATCH | Ensure telnet server services are not in use"
|
||||
when:
|
||||
- "'telnet-server' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_15
|
||||
when: rhel9cis_rule_2_1_15
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -512,9 +484,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.16 | PATCH | Ensure tftp server services are not in use"
|
||||
when:
|
||||
- "'tftp-server' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_16
|
||||
when: rhel9cis_rule_2_1_16
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -547,9 +517,7 @@
|
|||
- 'tftp.service'
|
||||
|
||||
- name: "2.1.17 | PATCH | Ensure web proxy server services are not in use"
|
||||
when:
|
||||
- "'squid' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_117
|
||||
when: rhel9cis_rule_2_1_17
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -580,8 +548,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.18 | PATCH | Ensure web server services are not in use"
|
||||
when:
|
||||
- rhel9cis_rule_2_1_18
|
||||
when: rhel9cis_rule_2_1_18
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -597,7 +564,6 @@
|
|||
when:
|
||||
- not rhel9cis_httpd_server
|
||||
- not rhel9cis_httpd_mask
|
||||
- "'httpd' in ansible_facts.packages"
|
||||
ansible.builtin.package:
|
||||
name: httpd
|
||||
state: absent
|
||||
|
|
@ -606,7 +572,6 @@
|
|||
when:
|
||||
- not rhel9cis_nginx_server
|
||||
- not rhel9cis_nginx_mask
|
||||
- "'nginx' in ansible_facts.packages"
|
||||
ansible.builtin.package:
|
||||
name: nginx
|
||||
state: absent
|
||||
|
|
@ -615,7 +580,6 @@
|
|||
when:
|
||||
- not rhel9cis_httpd_server
|
||||
- rhel9cis_httpd_mask
|
||||
- "'httpd' in ansible_facts.packages"
|
||||
notify: Systemd_daemon_reload
|
||||
ansible.builtin.systemd:
|
||||
name: httpd.service
|
||||
|
|
@ -627,7 +591,6 @@
|
|||
when:
|
||||
- not rhel9cis_nginx_server
|
||||
- rhel9cis_nginx_mask
|
||||
- "'nginx' in ansible_facts.packages"
|
||||
notify: Systemd_daemon_reload
|
||||
ansible.builtin.systemd:
|
||||
name: ngnix.service
|
||||
|
|
@ -636,9 +599,7 @@
|
|||
masked: true
|
||||
|
||||
- name: "2.1.19 | PATCH | Ensure xinetd services are not in use"
|
||||
when:
|
||||
- "'xinetd' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_19
|
||||
when: rhel9cis_rule_2_1_19
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
@ -670,7 +631,6 @@
|
|||
- name: "2.1.20 | PATCH | Ensure X window server services are not in use"
|
||||
when:
|
||||
- not rhel9cis_xwindow_server
|
||||
- "'xorg-x11-server-common' in ansible_facts.packages"
|
||||
- rhel9cis_rule_2_1_20
|
||||
tags:
|
||||
- level1-server
|
||||
|
|
@ -704,8 +664,7 @@
|
|||
line: "inet_interfaces = loopback-only"
|
||||
|
||||
- name: "2.1.22 | AUDIT | Ensure only approved services are listening on a network interface"
|
||||
when:
|
||||
- rhel9cis_rule_2_1_22
|
||||
when: rhel9cis_rule_2_1_22
|
||||
tags:
|
||||
- level1-server
|
||||
- level1-workstation
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue