From 87cd0f3eb5096aa3e5d195f7806c60816524bad5 Mon Sep 17 00:00:00 2001 From: Frederick Witty Date: Thu, 8 Jan 2026 09:40:08 -0500 Subject: [PATCH 1/3] fix for #418 and update Lic year Signed-off-by: Frederick Witty --- Changelog.md | 1 + LICENSE | 2 +- tasks/section_6/cis_6.2.2.x.yml | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index 429faa0..3871be2 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,6 +2,7 @@ ## 2.0.4 - Based on CIS v2.0.0 +- addressed issue #418 thank you @bbaassssiiee - addressed issue #416 thank you @georgenalen and @bbaassssiiee - addressed issue #393 thank you to @fragglexarmy - addressed issue #394 thank you to @dbeuker diff --git a/LICENSE b/LICENSE index 7e51eb7..bed11b4 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2025 Mindpoint Group - A Tyto Athene Company / Ansible Lockdown +Copyright (c) 2026 Mindpoint Group - A Tyto Athene Company / Ansible Lockdown Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/tasks/section_6/cis_6.2.2.x.yml b/tasks/section_6/cis_6.2.2.x.yml index fe0f8c4..82302ed 100644 --- a/tasks/section_6/cis_6.2.2.x.yml +++ b/tasks/section_6/cis_6.2.2.x.yml @@ -25,7 +25,7 @@ - name: "6.2.2.2 | PATCH | Ensure journald ForwardToSyslog is disabled | comment out current entries" ansible.builtin.replace: path: /etc/systemd/journald.conf - regexp: ^(\s*ForwardToSyslog) + regexp: ^(\s*ForwardToSyslog\s*=.*) replace: '#\1' - name: "6.2.2.3 | PATCH | Ensure journald Compress is configured" @@ -50,7 +50,7 @@ - name: "6.2.2.3 | PATCH | Ensure journald Compress is configured | comment out current entries" ansible.builtin.replace: path: /etc/systemd/journald.conf - regexp: (?i)(\s*compress=) + regexp: ^(\s*Compress\s*=.*) replace: '#\1' - name: "6.2.2.4 | PATCH | Ensure journald Storage is configured" @@ -76,5 +76,5 @@ - name: "6.2.2.4 | PATCH | Ensure journald Storage is configured | comment out current entries" ansible.builtin.replace: path: /etc/systemd/journald.conf - regexp: (?i)(\s*storage=) + regexp: ^(\s*Storage\s*=.*) replace: '#\1' From 22a9b085d77b20893623d8fa7935ff45e1a62165 Mon Sep 17 00:00:00 2001 From: Frederick Witty Date: Thu, 8 Jan 2026 12:23:40 -0500 Subject: [PATCH 2/3] fix for #419, thank you @aaronk1 Signed-off-by: Frederick Witty --- tasks/section_5/cis_5.1.x.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/section_5/cis_5.1.x.yml b/tasks/section_5/cis_5.1.x.yml index dc450ea..9600a1c 100644 --- a/tasks/section_5/cis_5.1.x.yml +++ b/tasks/section_5/cis_5.1.x.yml @@ -431,6 +431,8 @@ path: "{{ rhel9cis_sshd_config_file }}" regexp: (?i)^(#|)\s*MaxStartups line: 'MaxStartups {{ rhel9cis_ssh_maxstartups }}' + insertbefore: "^Match" + firstmatch: true validate: sshd -t -f %s notify: Restart sshd From 02132181e69d5600c00142a556a3f6a44a207883 Mon Sep 17 00:00:00 2001 From: Frederick Witty Date: Thu, 8 Jan 2026 12:24:44 -0500 Subject: [PATCH 3/3] update changelog Signed-off-by: Frederick Witty --- Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Changelog.md b/Changelog.md index 3871be2..70c3d00 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,6 +2,7 @@ ## 2.0.4 - Based on CIS v2.0.0 +- addressed issue #419, thank you @aaronk1 - addressed issue #418 thank you @bbaassssiiee - addressed issue #416 thank you @georgenalen and @bbaassssiiee - addressed issue #393 thank you to @fragglexarmy