ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

updated tags

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-02-01 17:53:09 +00:00
parent aa8bcecbc7
commit ad6c88b7f9
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
6 changed files with 37 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tasks/main.yml
View file

@ -108,9 +108,12 @@
- name: capture /etc/password variables - name: capture /etc/password variables
include_tasks: parse_etc_password.yml include_tasks: parse_etc_password.yml
when: rhel9cis_section6 when:
- rhel9cis_section6
tags: tags:
- rule_5.5.2 - rule_5.5.2
- rule_6.2.7
- rule_6.2.20
- rhel9cis_section6 - rhel9cis_section6
- name: run Section 1 tasks - name: run Section 1 tasks

24
tasks/section_1/main.yml
View file

@ -2,41 +2,41 @@
- name: "SECTION | 1.1 | FileSystem Configurations\n - name: "SECTION | 1.1 | FileSystem Configurations\n
SECTION | 1.1.1.x | Disable unused filesystems" SECTION | 1.1.1.x | Disable unused filesystems"
include_tasks: cis_1.1.1.x.yml import_tasks: cis_1.1.1.x.yml
- include_tasks: cis_1.1.x.yml - import_tasks: cis_1.1.x.yml
- name: "SECTION | 1.2 | Configure Software Updates" - name: "SECTION | 1.2 | Configure Software Updates"
include_tasks: cis_1.2.x.yml import_tasks: cis_1.2.x.yml
- name: "SECTION | 1.3 | Configure sudo" - name: "SECTION | 1.3 | Configure sudo"
include_tasks: cis_1.3.x.yml import_tasks: cis_1.3.x.yml
- name: "SECTION | 1.4 | Filesystem Integrity" - name: "SECTION | 1.4 | Filesystem Integrity"
import_tasks: cis_1.4.x.yml include_tasks: cis_1.4.x.yml
when: rhel9cis_config_aide when: rhel9cis_config_aide
- name: "SECTION | 1.5 | Secure Boot Settings" - name: "SECTION | 1.5 | Secure Boot Settings"
include_tasks: cis_1.5.x.yml import_tasks: cis_1.5.x.yml
- name: "SECTION | 1.6 | Additional Process Hardening" - name: "SECTION | 1.6 | Additional Process Hardening"
include_tasks: cis_1.6.x.yml import_tasks: cis_1.6.x.yml
- name: "SECTION | 1.7 | bootloader and Mandatory Access Control" - name: "SECTION | 1.7 | bootloader and Mandatory Access Control"
import_tasks: cis_1.7.1.x.yml include_tasks: cis_1.7.1.x.yml
when: not rhel9cis_selinux_disable when: not rhel9cis_selinux_disable
- name: "SECTION | 1.8 | Warning Banners" - name: "SECTION | 1.8 | Warning Banners"
include_tasks: cis_1.8.1.x.yml import_tasks: cis_1.8.1.x.yml
- name: "SECTION | 1.9 | Updated and Patches" - name: "SECTION | 1.9 | Updated and Patches"
include_tasks: cis_1.9.yml import_tasks: cis_1.9.yml
- name: "SECTION | 1.10 | Crypto policies" - name: "SECTION | 1.10 | Crypto policies"
import_tasks: cis_1.10.yml include_tasks: cis_1.10.yml
when: when:
- not system_is_ec2 - not system_is_ec2
- name: "SECTION | 1.11 | FIPS/FUTURE Crypto policies" - name: "SECTION | 1.11 | FIPS/FUTURE Crypto policies"
import_tasks: cis_1.11.yml include_tasks: cis_1.11.yml
when: when:
- not system_is_ec2 - not system_is_ec2

8
tasks/section_2/main.yml
View file

@ -1,13 +1,13 @@
--- ---
- name: "SECTION | 2.1 | xinetd" - name: "SECTION | 2.1 | xinetd"
include_tasks: cis_2.1.1.yml import_tasks: cis_2.1.1.yml
- name: "SECTION | 2.2.1 | Time Synchronization" - name: "SECTION | 2.2.1 | Time Synchronization"
include_tasks: cis_2.2.1.x.yml import_tasks: cis_2.2.1.x.yml
- name: "SECTION | 2.2 | Special Purpose Services" - name: "SECTION | 2.2 | Special Purpose Services"
include_tasks: cis_2.2.x.yml import_tasks: cis_2.2.x.yml
- name: "SECTION | 2.3 | Service Clients" - name: "SECTION | 2.3 | Service Clients"
include_tasks: cis_2.3.x.yml import_tasks: cis_2.3.x.yml

20
tasks/section_3/main.yml
View file

@ -1,41 +1,41 @@
--- ---
- name: "SECTION | 3.1.x | Packet and IP redirection" - name: "SECTION | 3.1.x | Packet and IP redirection"
include_tasks: cis_3.1.x.yml import_tasks: cis_3.1.x.yml
- name: "SECTION | 3.2.x | Network Parameters (Host Only)" - name: "SECTION | 3.2.x | Network Parameters (Host Only)"
include_tasks: cis_3.2.x.yml import_tasks: cis_3.2.x.yml
- name: "SECTION | 3.3.x | Uncommon Network Protocols" - name: "SECTION | 3.3.x | Uncommon Network Protocols"
include_tasks: cis_3.3.x.yml import_tasks: cis_3.3.x.yml
- name: "SECTION | 3.4.1.x | firewall defined" - name: "SECTION | 3.4.1.x | firewall defined"
include_tasks: cis_3.4.1.1.yml import_tasks: cis_3.4.1.1.yml
- name: "SECTION | 3.4.2.x | firewalld firewall" - name: "SECTION | 3.4.2.x | firewalld firewall"
import_tasks: cis_3.4.2.x.yml include_tasks: cis_3.4.2.x.yml
when: when:
- rhel9cis_firewall == "firewalld" - rhel9cis_firewall == "firewalld"
- name: "SECTION | 3.4.3.x | Configure nftables firewall" - name: "SECTION | 3.4.3.x | Configure nftables firewall"
import_tasks: cis_3.4.3.x.yml include_tasks: cis_3.4.3.x.yml
when: when:
- rhel9cis_firewall == "nftables" - rhel9cis_firewall == "nftables"
- name: "SECTION | 3.4.4.1.x | Configure iptables IPv4" - name: "SECTION | 3.4.4.1.x | Configure iptables IPv4"
import_tasks: cis_3.4.4.1.x.yml include_tasks: cis_3.4.4.1.x.yml
when: when:
- rhel9cis_firewall == "iptables" - rhel9cis_firewall == "iptables"
- name: "SECTION | 3.4.4.2.x | Configure iptables IPv6" - name: "SECTION | 3.4.4.2.x | Configure iptables IPv6"
import_tasks: cis_3.4.4.2.x.yml include_tasks: cis_3.4.4.2.x.yml
when: when:
- ( rhel9cis_firewall == "iptables" and rhel9cis_ipv6_required ) - ( rhel9cis_firewall == "iptables" and rhel9cis_ipv6_required )
- name: "SECTION | 3.5 | Configure wireless" - name: "SECTION | 3.5 | Configure wireless"
include_tasks: cis_3.5.yml import_tasks: cis_3.5.yml
- name: "SECTION | 3.5 | disable IPv6" - name: "SECTION | 3.5 | disable IPv6"
import_tasks: cis_3.5.yml include_tasks: cis_3.5.yml
when: when:
- not rhel9cis_ipv6_required - not rhel9cis_ipv6_required

10
tasks/section_4/main.yml
View file

@ -6,20 +6,20 @@
- not system_is_container - not system_is_container
- name: "SECTION | 4.1.2.x| Configure Data Retention" - name: "SECTION | 4.1.2.x| Configure Data Retention"
include_tasks: cis_4.1.2.x.yml import_tasks: cis_4.1.2.x.yml
- name: "SECTION | 4.1.x| Auditd rules" - name: "SECTION | 4.1.x| Auditd rules"
include_tasks: cis_4.1.x.yml import_tasks: cis_4.1.x.yml
- name: "SECTION | 4.2.x| Configure Logging" - name: "SECTION | 4.2.x| Configure Logging"
import_tasks: cis_4.2.1.x.yml import_tasks: cis_4.2.1.x.yml
when: rhel9cis_syslog == 'rsyslog' when: rhel9cis_syslog == 'rsyslog'
- name: "SECTION | 4.2.2.x| Configure journald" - name: "SECTION | 4.2.2.x| Configure journald"
include_tasks: cis_4.2.2.x.yml import_tasks: cis_4.2.2.x.yml
- name: "SECTION | 4.2.3 | Configure logile perms" - name: "SECTION | 4.2.3 | Configure logile perms"
include_tasks: cis_4.2.3.yml import_tasks: cis_4.2.3.yml
- name: "SECTION | 4.3 | Configure logrotate" - name: "SECTION | 4.3 | Configure logrotate"
include_tasks: cis_4.3.yml import_tasks: cis_4.3.yml

4
tasks/section_6/main.yml
View file

@ -1,7 +1,7 @@
--- ---
- name: "SECTION | 6.1 | System File Permissions" - name: "SECTION | 6.1 | System File Permissions"
include_tasks: cis_6.1.x.yml import_tasks: cis_6.1.x.yml
- name: "SECTION | 6.2 | User and Group Settings" - name: "SECTION | 6.2 | User and Group Settings"
include_tasks: cis_6.2.x.yml import_tasks: cis_6.2.x.yml