diff --git a/README.md b/README.md index d2970e6..6ff9449 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,11 @@ Join us on our [Discord Server](https://discord.io/ansible-lockdown) to ask questions, discuss features, or just chat with other Ansible-Lockdown users. +### Contributing + +Issues and Pull requests are welcome please ensure that all commits are signed-off-by and gpg-signed. +Refer to [Contributing Guide](./CONTRIBUTING.rst) + --- ## Caution(s) @@ -60,10 +65,10 @@ To use release version please point to main branch and relevant release for the It is possible to to only run level 1 or level 2 controls for CIS. This is managed using tags: -- level1_server -- level1_workstation -- level2_server -- level2_workstation +- level1-server +- level1-workstation +- level2-server +- level2-workstation The control found in defaults main also need to reflect this as this control the testing thet takes place if you are using the audit component. @@ -123,7 +128,7 @@ OracleLinux 9 - jmespath ( complete list found in requirements.txt) - collections found in collections/requirememnts.yml -pre-commit is available if installed +pre-commit is available if installed on your host for pull request testing. ## Role Variables @@ -173,119 +178,8 @@ uses: ## Local Testing -ansible-base 2.10.17 - python 3.8 -ansible-core 2.13.4 - python 3.10 +- ansible-base 2.10.17 - python 3.8 +- ansible-core 2.13.4 - python 3.10 +- ansible-core 2.15.1 - python 3.11 -- makefile - this is there purely for testing and initial setup purposes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -## v1.0.0 - released Dec 2022 - -![Build Status](https://img.shields.io/github/workflow/status/ansible-lockdown/RHEL9-CIS/CommunityToDevel?label=Devel%20Build%20Status&style=plastic) -![Build Status](https://img.shields.io/github/workflow/status/ansible-lockdown/RHEL9-CIS/DevelToMain?label=Main%20Build%20Status&style=plastic) -![Release](https://img.shields.io/github/v/release/ansible-lockdown/RHEL9-CIS?style=plastic) - - - -## Join us - -On our [Discord Server](https://discord.io/ansible-lockdown) to ask questions, discuss features, or just chat with other Ansible-Lockdown users - -## Caution(s) - -This role **will make changes to the system** which may have unintended concequences. - -This role was developed against a clean install of the Operating System. If you are implimenting to an existing system please review this role for any site specific changes that are needed. - -To use release version please point to main branch - -## Documentation - -- [Readthedocs](https://ansible-lockdown.readthedocs.io/en/latest/) -- [Getting Started](https://www.lockdownenterprise.com/docs/getting-started-with-lockdown) -- [Customizing Roles](https://www.lockdownenterprise.com/docs/customizing-lockdown-enterprise) -- [Per-Host Configuration](https://www.lockdownenterprise.com/docs/per-host-lockdown-enterprise-configuration) -- [Getting the Most Out of the Role](https://www.lockdownenterprise.com/docs/get-the-most-out-of-lockdown-enterprise) - -## Requirements - -RHEL 9 -Almalinux 9 -Rocky 9 -OracleLinux 9 - -ansible 2.10 -jmespath -relevant collections - -- Access to download or add the goss binary and content to the system if using auditing (other options are available on how to get the content to the system.) - -## Tested with - -ansible-base 2.10.17 - python 3.8 -ansible-core 2.13.4 - python 3.10 - -- makefile - this is there purely for testing and initial setup purposes. - -## General - -- Basic knowledge of Ansible, below are some links to the Ansible documentation to help get started if you are unfamiliar with Ansible - - [Main Ansible documentation page](https://docs.ansible.com) - - [Ansible Getting Started](https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html) - - [Tower User Guide](https://docs.ansible.com/ansible-tower/latest/html/userguide/index.html) - - [Ansible Community Info](https://docs.ansible.com/ansible/latest/community/index.html) - -- Functioning Ansible and/or Tower Installed, configured, and running. This includes all of the base Ansible/Tower configurations, needed packages installed, and infrastructure setup. -- Please read through the tasks in this role to gain an understanding of what each control is doing. - - Some of the tasks are disruptive and can have unintended consiquences in a live production system. Also familiarize yourself with the variables in the defaults/main.yml file - -## Dependencies - -- Python3 -- Ansible 2.9+ -- python-def (should be included in RHEL 9) -- libselinux-python -- pip packages - - jmespath ( complete list found in requirements.txt) -- collections found in collections/requirememnts.yml - - - - - -### Known Issues - -CIS 1.2.4 - repo_gpgcheck is not carried out for RedHat hosts as the default repos do not have this function. This also affect EPEL(not covered by var). - - Rocky and Alma not affected. -Variable used to unset. -rhel9cis_rhel_default_repo: true # to be set to false if using repo that does have this ability +makefile - this is there purely for testing and initial setup purposes.