Improvements (#5)

* container standards Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic on handlers Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * initial container ignore Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tags and containder discovery Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic on auditd task Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tags and crypto logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * distro update for rocky Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * system_is_container updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * ssh pkg check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logrotate pkg check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic in container check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * add pkg fact and audit conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up crypto step Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added missing tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * container vars file now a variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added uid discovery and usage Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Updated OS checks and conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed empty become Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * change audit to include task Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added OS_specific vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated import/include Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * OS Specific vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated changed_when Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed UID logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added github templates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated layout Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added .github ignore again Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2022-02-02 11:34:50 +00:00 · 2022-02-02 11:34:50 +00:00 · 9db4b7fd81
commit 9db4b7fd81
parent 02a36f7f8d
7 changed files with 168 additions and 0 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,34 @@
+---
+name: Report Issue
+about: Create a bug issue ticket to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the Issue**
+A clear and concise description of what the bug is.
+
+**Expected Behavior**
+A clear and concise description of what you expected to happen.
+
+**Actual Behavior**
+A clear and concise description of what's happening.
+
+**Control(s) Affected**
+What controls are being affected by the issue
+
+**Environment (please complete the following information):**
+
+- branch being used: [e.g. devel]
+- Ansible Version: [e.g. 2.10]
+- Host Python Version: [e.g. Python 3.7.6]
+- Ansible Server Python Version: [e.g. Python 3.7.6]
+- Additional Details:
+
+**Additional Notes**
+Anything additional goes here
+
+**Possible Solution**
+Enter a suggested fix here
--- a/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
+++ b/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
@ -0,0 +1,22 @@
+---
+name: Feature Request or Enhancement
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+## Feature Request or Enhancement
+
+- Feature []
+- Enhancement []
+
+**Summary of Request**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Suggested Code**
+Please provide any code you have in mind to fulfill the request
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@ -0,0 +1,18 @@
+---
+name: Question
+about: Ask away.......
+title: ''
+labels: question
+assignees: ''
+
+---
+
+**Question**
+Pose question here.
+
+**Environment (please complete the following information):**
+
+- Ansible Version: [e.g. 2.10]
+- Host Python Version: [e.g. Python 3.7.6]
+- Ansible Server Python Version: [e.g. Python 3.7.6]
+- Additional Details:
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -0,0 +1,12 @@
+**Overall Review of Changes:**
+A general description of the changes made that are being requested for merge
+
+**Issue Fixes:**
+Please list (using linking) any open issues this PR addresses
+
+**Enhancements:**
+Please list any enhancements/features that are not open issue tickets
+
+**How has this been tested?:**
+Please give an overview of how these changes were tested. If they were not please use N/A
+
--- a/.github/workflows/communitytodevel.yml
+++ b/.github/workflows/communitytodevel.yml
@ -0,0 +1,39 @@
+---
+# This is a basic workflow to help you get started with Actions
+
+name: CommunityToDevel
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the devel branch
+on:
+    pull_request:
+        branches: [ devel ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+    # This workflow contains a single job called "build"
+    build:
+        # The type of runner that the job will run on
+        runs-on: ubuntu-latest
+
+        # Steps represent a sequence of tasks that will be executed as part of the job
+        steps:
+            # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+            - uses: actions/checkout@v2
+
+            # Refactr pipeline for devel pull request/merge
+            - name: Refactr - Run Pipeline (to devel)
+              # You may pin to the exact commit or the version.
+              # uses: refactr/action-run-pipeline@be91e2796aa225268e4685c0e01a26d5f800cd53
+              uses: refactr/action-run-pipeline@v0.1.2
+              with:
+                  # API token
+                  api_token: '${{ secrets.REFACTR_KEY }}'
+                  # Project ID
+                  project_id: 5f47f0c4a13c7b18373e5556
+                  # Job ID
+                  job_id: 5f933cbcf9c74e86b1609c00
+                  # Variables
+                  variables: '{ "gitrepo": "https://github.com/ansible-lockdown/RHEL9-CIS.git", "image": "ami-04483b15b4268d18d", "githubBranch": "${{ github.head_ref }}", "username": "centos" }'
+                  # Refactr API base URL
+                  api_url:  # optional
--- a/.github/workflows/develtomain.yml
+++ b/.github/workflows/develtomain.yml
@ -0,0 +1,40 @@
+---
+# This is a basic workflow to help you get started with Actions
+
+name: DevelToMain
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the devel branch
+on:
+    pull_request:
+        branches: [ main ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+
+jobs:
+    # This workflow contains a single job called "build"
+    build:
+        # The type of runner that the job will run on
+        runs-on: ubuntu-latest
+
+        # Steps represent a sequence of tasks that will be executed as part of the job
+        steps:
+            # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+            - uses: actions/checkout@v2
+
+            # Refactr pipeline for devel pull request/merge
+            - name: Refactr - Run Pipeline (to main)
+              # You may pin to the exact commit or the version.
+              # uses: refactr/action-run-pipeline@be91e2796aa225268e4685c0e01a26d5f800cd53
+              uses: refactr/action-run-pipeline@v0.1.2
+              with:
+                  # API token
+                  api_token: '${{ secrets.REFACTR_KEY }}'
+                  # Project ID
+                  project_id: 5f47f0c4a13c7b18373e5556
+                  # Job ID
+                  job_id: 5f90ad90f9c74e6d1e606e33
+                  # Variables
+                  variables: '{ "gitrepo": "https://github.com/ansible-lockdown/RHEL9-CIS.git", "image": "ami-04483b15b4268d18d", "username": "centos" }'
+                  # Refactr API base URL
+                  api_url:  # optional
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@ -137,6 +137,9 @@
        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int) | selectattr('uid', '<', max_int_uid | int) | selectattr('dir', '!=', '/') | map(attribute='dir') | list }}"
        register: rhel_09_6_2_7_audit

+      - debug:
+          var: rhel_09_6_2_7_audit
+
      - name: "6.2.7 | L1 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive"
        shell: find -H {{ item.0 | quote }} -not -type l -perm /027
        args: