ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-02-07 22:27:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #425 from ansible-lockdown/2026Jan_Updates
Some checks failed
Export Public Repo Badges / export-badges (push) Has been cancelled
Details

Browse source 
2026 Jan Updates
This commit is contained in:
Frederick Witty 2026-01-08 13:50:20 -05:00 committed by GitHub
commit b2d08552c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Changelog.md
View file

@ -2,6 +2,8 @@
## 2.0.4 - Based on CIS v2.0.0 ## 2.0.4 - Based on CIS v2.0.0
- addressed issue #419, thank you @aaronk1
- addressed issue #418 thank you @bbaassssiiee
- addressed issue #416 thank you @georgenalen and @bbaassssiiee - addressed issue #416 thank you @georgenalen and @bbaassssiiee
- addressed issue #393 thank you to @fragglexarmy - addressed issue #393 thank you to @fragglexarmy
- addressed issue #394 thank you to @dbeuker - addressed issue #394 thank you to @dbeuker

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2025 Mindpoint Group - A Tyto Athene Company / Ansible Lockdown Copyright (c) 2026 Mindpoint Group - A Tyto Athene Company / Ansible Lockdown
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

2
tasks/section_5/cis_5.1.x.yml
View file

@ -431,6 +431,8 @@
path: "{{ rhel9cis_sshd_config_file }}" path: "{{ rhel9cis_sshd_config_file }}"
regexp: (?i)^(#|)\s*MaxStartups regexp: (?i)^(#|)\s*MaxStartups
line: 'MaxStartups {{ rhel9cis_ssh_maxstartups }}' line: 'MaxStartups {{ rhel9cis_ssh_maxstartups }}'
insertbefore: "^Match"
firstmatch: true
validate: sshd -t -f %s validate: sshd -t -f %s
notify: Restart sshd notify: Restart sshd

6
tasks/section_6/cis_6.2.2.x.yml
View file

@ -25,7 +25,7 @@
- name: "6.2.2.2 | PATCH | Ensure journald ForwardToSyslog is disabled | comment out current entries" - name: "6.2.2.2 | PATCH | Ensure journald ForwardToSyslog is disabled | comment out current entries"
ansible.builtin.replace: ansible.builtin.replace:
path: /etc/systemd/journald.conf path: /etc/systemd/journald.conf
regexp: ^(\s*ForwardToSyslog) regexp: ^(\s*ForwardToSyslog\s*=.*)
replace: '#\1' replace: '#\1'
- name: "6.2.2.3 | PATCH | Ensure journald Compress is configured" - name: "6.2.2.3 | PATCH | Ensure journald Compress is configured"
@ -50,7 +50,7 @@
- name: "6.2.2.3 | PATCH | Ensure journald Compress is configured | comment out current entries" - name: "6.2.2.3 | PATCH | Ensure journald Compress is configured | comment out current entries"
ansible.builtin.replace: ansible.builtin.replace:
path: /etc/systemd/journald.conf path: /etc/systemd/journald.conf
regexp: (?i)(\s*compress=) regexp: ^(\s*Compress\s*=.*)
replace: '#\1' replace: '#\1'
- name: "6.2.2.4 | PATCH | Ensure journald Storage is configured" - name: "6.2.2.4 | PATCH | Ensure journald Storage is configured"
@ -76,5 +76,5 @@
- name: "6.2.2.4 | PATCH | Ensure journald Storage is configured | comment out current entries" - name: "6.2.2.4 | PATCH | Ensure journald Storage is configured | comment out current entries"
ansible.builtin.replace: ansible.builtin.replace:
path: /etc/systemd/journald.conf path: /etc/systemd/journald.conf
regexp: (?i)(\s*storage=) regexp: ^(\s*Storage\s*=.*)
replace: '#\1' replace: '#\1'