Merge pull request #27 from ansible-lockdown/benchmark_v2.0.0

May 15th 2025 QA Fixes from Benchmark v2.0.0

Changelog.md

@@ -1,5 +1,10 @@
 # Changes to rhel9CIS
 
+## 2.0.0 - Based on CIS v2.0.0
+
+- May 2025 QA Fixes
+ - Typo fixes and Banner verbiage
+
 ## 1.1.6 - Based on CIS v1.0.0
 
 - #190 - thanks to @ipruteanu-sie
@@ -14,7 +19,7 @@
   - updated controls 6.2.10-6.2.14
 - audit
   - steps moved to prelim
-  - update to coipy and archive logic and variables
+  - update to copy and archive logic and variables
 - removed vars not used
 - updated quotes used in mode tasks
 - pre-commit update
@@ -48,7 +53,7 @@
 - lint updates
 - .secrets updated
 - file mode quoted
-- updated 5.6.5 thansk to feedback from S!ghs on discord community
+- updated 5.6.5 thanks to feedback from S!ghs on discord community
 
 ## 1.1.1 - Based on CIS v1.0.0
 
@@ -80,7 +85,7 @@
 ## 1.0.10
 
 - [#72](https://github.com/ansible-lockdown/RHEL9-CIS/issues/72)
-  - Only run check when paybook user not a superuser
+  - Only run check when playbook user not a superuser
 - fix for 5.5.3 thanks to @nrg-fv
 
 ## 1.0.9
@@ -152,7 +157,7 @@ Jan-2023 release
 
 - updated ansible minimum to 2.10
 - Lint file updates and improvements
-- auditd now shows diff ater initial template added
+- auditd now shows diff after initial template added
 - many control rewritten
 - Many controls moved ID references
 - Audit updates aligned
@@ -217,11 +222,11 @@ Jan-2023 release
 - not all controls work with rhel8 releases any longer
   - selinux disabled 1.6.1.4
   - logrotate - 4.3.x
-- updated to rhel8cis v2.0 benchamrk requirements
+- updated to rhel8cis v2.0 benchmark requirements
 - removed iptables firewall controls (not valid on rhel9)
-- added more to logrotate 4.3.x - sure to logrotate now a seperate package
+- added more to logrotate 4.3.x - sure to logrotate now a separate package
 - grub path now standard to /boot/grub2/grub.cfg
-- 1.6.1.4 from rh8 removed as selinux.cfg doesnt disable selinux any longer
+- 1.6.1.4 from rh8 removed as selinux.cfg doesn't disable selinux any longer
 - workflow update
 - removed doc update
 

defaults/main.yml

@@ -116,7 +116,7 @@ audit_log_dir: '/opt'
 fetch_audit_output: false
 
 # Method of getting,uploading the summary files
-## Ensure access and permissions are avaiable for these to occur.
+## Ensure access and permissions are available for these to occur.
 ## options are
 # fetch - fetches from server and moves to location on the ansible controller (could be a mount point available to controller)
 # copy - copies file to a location available to the managed node
@@ -587,7 +587,7 @@ rhel9cis_crypto_policy_module: ''
 # - 1.7.2 - Ensure local login warning banner is configured properly
 # - 1.7.3 - Ensure remote login warning banner is configured properly
 # This variable  stores the content for the Warning Banner(relevant for issue, issue.net, motd).
-rhel9cis_warning_banner: Authorized uses only. All activity may be monitored and reported.
+rhel9cis_warning_banner: Authorized users only. All activity may be monitored and reported.
 # End Banner
 
 ## Control 1.8.x - Settings for GDM

tasks/LE_audit_setup.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Pre Audit Setup | Set audit package name
   block:
     - name: Pre Audit Setup | Set audit package name | 64bit

tasks/audit_only.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Audit_Only | Create local Directories for hosts
   when: fetch_audit_files
   ansible.builtin.file:

tasks/main.yml

@@ -17,9 +17,7 @@
     success_msg: "This role is running a supported version of ansible {{ ansible_version.full }} >= {{ min_ansible_version }}"
 
 - name: "Setup rules if container"
-  when:
-    - ansible_connection == 'docker' or
-      ansible_facts.virtualization_type in ["docker", "lxc", "openvz", "podman", "container"]
+  when: ansible_connection == 'docker' or ansible_facts.virtualization_type in ["docker", "lxc", "openvz", "podman", "container"]
   tags:
     - container_discovery
     - always

tasks/post.yml

@@ -28,8 +28,7 @@
 
 - name: POST | reboot system if changes require it and not skipped
   when: change_requires_reboot
-  tags:
-    - always
+  tags: always
   vars:
     warn_control_id: Reboot_required
   block:

tasks/prelim.yml

@@ -200,7 +200,7 @@
   tags:
     - always
   block:
-    - name: "PRELIM | AUDIT | Discover is wirelss adapter on system"
+    - name: "PRELIM | AUDIT | Discover is wireless adapter on system"
       ansible.builtin.command: find /sys/class/net/*/ -type d -name wireless
       register: discover_wireless_adapters
       changed_when: false

vars/is_container.yml

@@ -2,7 +2,7 @@
 
 # File to skip controls if container
 # Based on standard image no changes
-# it expected all pkgs required for the container are alreday installed
+# it expected all pkgs required for the container are already installed
 
 ## controls