From ad6c88b7f9aee89f407196851c41a99712ae52b0 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 1 Feb 2022 17:53:09 +0000 Subject: [PATCH] updated tags Signed-off-by: Mark Bolwell --- tasks/main.yml | 5 ++++- tasks/section_1/main.yml | 24 ++++++++++++------------ tasks/section_2/main.yml | 8 ++++---- tasks/section_3/main.yml | 20 ++++++++++---------- tasks/section_4/main.yml | 10 +++++----- tasks/section_6/main.yml | 4 ++-- 6 files changed, 37 insertions(+), 34 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 62c6512..47de414 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -108,9 +108,12 @@ - name: capture /etc/password variables include_tasks: parse_etc_password.yml - when: rhel9cis_section6 + when: + - rhel9cis_section6 tags: - rule_5.5.2 + - rule_6.2.7 + - rule_6.2.20 - rhel9cis_section6 - name: run Section 1 tasks diff --git a/tasks/section_1/main.yml b/tasks/section_1/main.yml index b8c8e8e..933804e 100644 --- a/tasks/section_1/main.yml +++ b/tasks/section_1/main.yml @@ -2,41 +2,41 @@ - name: "SECTION | 1.1 | FileSystem Configurations\n SECTION | 1.1.1.x | Disable unused filesystems" - include_tasks: cis_1.1.1.x.yml -- include_tasks: cis_1.1.x.yml + import_tasks: cis_1.1.1.x.yml +- import_tasks: cis_1.1.x.yml - name: "SECTION | 1.2 | Configure Software Updates" - include_tasks: cis_1.2.x.yml + import_tasks: cis_1.2.x.yml - name: "SECTION | 1.3 | Configure sudo" - include_tasks: cis_1.3.x.yml + import_tasks: cis_1.3.x.yml - name: "SECTION | 1.4 | Filesystem Integrity" - import_tasks: cis_1.4.x.yml + include_tasks: cis_1.4.x.yml when: rhel9cis_config_aide - name: "SECTION | 1.5 | Secure Boot Settings" - include_tasks: cis_1.5.x.yml + import_tasks: cis_1.5.x.yml - name: "SECTION | 1.6 | Additional Process Hardening" - include_tasks: cis_1.6.x.yml + import_tasks: cis_1.6.x.yml - name: "SECTION | 1.7 | bootloader and Mandatory Access Control" - import_tasks: cis_1.7.1.x.yml + include_tasks: cis_1.7.1.x.yml when: not rhel9cis_selinux_disable - name: "SECTION | 1.8 | Warning Banners" - include_tasks: cis_1.8.1.x.yml + import_tasks: cis_1.8.1.x.yml - name: "SECTION | 1.9 | Updated and Patches" - include_tasks: cis_1.9.yml + import_tasks: cis_1.9.yml - name: "SECTION | 1.10 | Crypto policies" - import_tasks: cis_1.10.yml + include_tasks: cis_1.10.yml when: - not system_is_ec2 - name: "SECTION | 1.11 | FIPS/FUTURE Crypto policies" - import_tasks: cis_1.11.yml + include_tasks: cis_1.11.yml when: - not system_is_ec2 diff --git a/tasks/section_2/main.yml b/tasks/section_2/main.yml index f2ed232..2b705ae 100644 --- a/tasks/section_2/main.yml +++ b/tasks/section_2/main.yml @@ -1,13 +1,13 @@ --- - name: "SECTION | 2.1 | xinetd" - include_tasks: cis_2.1.1.yml + import_tasks: cis_2.1.1.yml - name: "SECTION | 2.2.1 | Time Synchronization" - include_tasks: cis_2.2.1.x.yml + import_tasks: cis_2.2.1.x.yml - name: "SECTION | 2.2 | Special Purpose Services" - include_tasks: cis_2.2.x.yml + import_tasks: cis_2.2.x.yml - name: "SECTION | 2.3 | Service Clients" - include_tasks: cis_2.3.x.yml + import_tasks: cis_2.3.x.yml diff --git a/tasks/section_3/main.yml b/tasks/section_3/main.yml index 7d6af68..13b42fc 100644 --- a/tasks/section_3/main.yml +++ b/tasks/section_3/main.yml @@ -1,41 +1,41 @@ --- - name: "SECTION | 3.1.x | Packet and IP redirection" - include_tasks: cis_3.1.x.yml + import_tasks: cis_3.1.x.yml - name: "SECTION | 3.2.x | Network Parameters (Host Only)" - include_tasks: cis_3.2.x.yml + import_tasks: cis_3.2.x.yml - name: "SECTION | 3.3.x | Uncommon Network Protocols" - include_tasks: cis_3.3.x.yml + import_tasks: cis_3.3.x.yml - name: "SECTION | 3.4.1.x | firewall defined" - include_tasks: cis_3.4.1.1.yml + import_tasks: cis_3.4.1.1.yml - name: "SECTION | 3.4.2.x | firewalld firewall" - import_tasks: cis_3.4.2.x.yml + include_tasks: cis_3.4.2.x.yml when: - rhel9cis_firewall == "firewalld" - name: "SECTION | 3.4.3.x | Configure nftables firewall" - import_tasks: cis_3.4.3.x.yml + include_tasks: cis_3.4.3.x.yml when: - rhel9cis_firewall == "nftables" - name: "SECTION | 3.4.4.1.x | Configure iptables IPv4" - import_tasks: cis_3.4.4.1.x.yml + include_tasks: cis_3.4.4.1.x.yml when: - rhel9cis_firewall == "iptables" - name: "SECTION | 3.4.4.2.x | Configure iptables IPv6" - import_tasks: cis_3.4.4.2.x.yml + include_tasks: cis_3.4.4.2.x.yml when: - ( rhel9cis_firewall == "iptables" and rhel9cis_ipv6_required ) - name: "SECTION | 3.5 | Configure wireless" - include_tasks: cis_3.5.yml + import_tasks: cis_3.5.yml - name: "SECTION | 3.5 | disable IPv6" - import_tasks: cis_3.5.yml + include_tasks: cis_3.5.yml when: - not rhel9cis_ipv6_required diff --git a/tasks/section_4/main.yml b/tasks/section_4/main.yml index de1643c..8e84241 100644 --- a/tasks/section_4/main.yml +++ b/tasks/section_4/main.yml @@ -6,20 +6,20 @@ - not system_is_container - name: "SECTION | 4.1.2.x| Configure Data Retention" - include_tasks: cis_4.1.2.x.yml + import_tasks: cis_4.1.2.x.yml - name: "SECTION | 4.1.x| Auditd rules" - include_tasks: cis_4.1.x.yml + import_tasks: cis_4.1.x.yml - name: "SECTION | 4.2.x| Configure Logging" import_tasks: cis_4.2.1.x.yml when: rhel9cis_syslog == 'rsyslog' - name: "SECTION | 4.2.2.x| Configure journald" - include_tasks: cis_4.2.2.x.yml + import_tasks: cis_4.2.2.x.yml - name: "SECTION | 4.2.3 | Configure logile perms" - include_tasks: cis_4.2.3.yml + import_tasks: cis_4.2.3.yml - name: "SECTION | 4.3 | Configure logrotate" - include_tasks: cis_4.3.yml + import_tasks: cis_4.3.yml diff --git a/tasks/section_6/main.yml b/tasks/section_6/main.yml index 479b9c8..b6acabf 100644 --- a/tasks/section_6/main.yml +++ b/tasks/section_6/main.yml @@ -1,7 +1,7 @@ --- - name: "SECTION | 6.1 | System File Permissions" - include_tasks: cis_6.1.x.yml + import_tasks: cis_6.1.x.yml - name: "SECTION | 6.2 | User and Group Settings" - include_tasks: cis_6.2.x.yml + import_tasks: cis_6.2.x.yml