From 2c4718fb75729889da8ac3f310194f685895ed4a Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 7 Jun 2022 10:07:19 +0100
Subject: [PATCH 1/5] fix title

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_6/cis_6.2.x.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml
index a1558db..31dafa8 100644
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@@ -189,7 +189,7 @@
                 - "The following paths have colon end: {{ rhel9cis_6_2_7_path_colon_end.stdout_lines }}"
                 - "The following paths have a dot in the path: {{ rhel9cis_6_2_7_dot_in_path.stdout_lines }}"
 
-      - name: "6.2.7 | PATCH | Ensure root PATH Integrity (Scored) | Determine rights and owner"
+      - name: "6.2.7 | PATCH | Ensure root PATH Integrity | Determine rights and owner"
         file: >
           path='{{ item }}'
           follow=yes
@@ -230,7 +230,7 @@
         stat:
             path: "{{ item }}"
         register: rhel_08_6_2_9_audit
-        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int ) | selectattr('uid', '!=', 65534) | map(attribute='dir') | list }}"
+        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int ) | selectattr('uid', '<', max_int_uid | int ) | map(attribute='dir') | list }}"
 
       - name: "6.2.9 | AUDIT | Ensure all users' home directories exist"
         command: find -H {{ item.0 | quote }} -not -type l -perm /027
@@ -315,7 +315,7 @@
       - name: "6.2.11 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive"
         stat:
             path: "{{ item }}"
-        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int ) | selectattr('uid', '!=', 65534) | map(attribute='dir') | list }}"
+        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int ) | selectattr('uid', '<', max_int_uid | int ) | map(attribute='dir') | list }}"
         register: rhel_08_6_2_11_audit
 
       - name: "6.2.11 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive"

From 2090cc4a45d84488225e7a29ebfc1a7f621909f1 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 7 Jun 2022 10:07:26 +0100
Subject: [PATCH 2/5] not required file

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/audit_homedirperms.yml | 46 ------------------------------------
 1 file changed, 46 deletions(-)
 delete mode 100644 tasks/audit_homedirperms.yml

diff --git a/tasks/audit_homedirperms.yml b/tasks/audit_homedirperms.yml
deleted file mode 100644
index 596fed5..0000000
--- a/tasks/audit_homedirperms.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-- name: "SCORED | 6.2.8 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
-  find:
-      paths:
-          - "{{ homedir }}"
-      recurse: true
-      file_type: any
-  register: rhel_09_6_2_8_results
-  when:
-      - rhel9cis_rule_6_2_8|bool
-  tags:
-      - level1
-      - patch
-      - rule_6.2.8
-
-- name: "SCORED | 6.2.8 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
-  file:
-      path: "{{ line_item.path }}"
-      mode: 0640
-  loop: "{{ rhel_09_6_2_8_results.files }}"
-  loop_control:
-      label: "{{ line_item.path }}"
-      loop_var: line_item
-  when:
-      - rhel_09_6_2_8_results.files.isreg is defined
-      - rhel9cis_rule_6_2_8|bool
-  tags:
-      - level1
-      - patch
-      - rule_6.2.8
-
-- name: "SCORED | 6.2.8 | PATCH | Ensure users' home directories permissions are 750 or more restrictive"
-  file:
-      path: "{{ line_item.path }}"
-      mode: 0750
-  loop: "{{ rhel_09_6_2_8_results.files }}"
-  loop_control:
-      label: "{{ line_item.path }}"
-      loop_var: line_item
-  when:
-      - rhel_09_6_2_8_results.files.isdir is defined
-      - rhel9cis_rule_6_2_8|bool
-  tags:
-      - level1
-      - patch
-      - rule_6.2.8

From a8446b989b53156d9e62820f1bbb105f4d915944 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 7 Jun 2022 10:23:18 +0100
Subject: [PATCH 3/5] added latest rhel9 image

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 .github/workflows/OS.tfvars | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/OS.tfvars b/.github/workflows/OS.tfvars
index 99064fb..5baddfc 100644
--- a/.github/workflows/OS.tfvars
+++ b/.github/workflows/OS.tfvars
@@ -1,8 +1,8 @@
 #Ami Rocky 85
-ami_id        = "ami-043ceee68871e0bb5"
-ami_os        = "rocky8"
-ami_username  = "rocky"
-ami_user_home = "/home/rocky"
+ami_id        = "ami-0c41531b8d18cc72b"
+ami_os        = "rhel9"
+ami_username  = "ec2-user"
+ami_user_home = "/home/ec2-user"
 instance_tags = {
   Name        = "RHEL9-CIS"
   Environment = "lockdown_github_repo_workflow"

From fdb3eb62862f3aba5fccbdf753d8049bf52d3a31 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 7 Jun 2022 12:01:30 +0100
Subject: [PATCH 4/5] terraform format

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 .github/workflows/github_networks.tf       |   4 +-
 .github/workflows/github_vars.tfvars       |   2 +-
 .github/workflows/main.tf                  |  10 +-
 .github/workflows/terraform.tfstate        |   8 +
 .github/workflows/terraform.tfstate.backup | 370 +++++++++++++++++++++
 .github/workflows/variables.tf             |   2 +-
 6 files changed, 387 insertions(+), 9 deletions(-)
 create mode 100644 .github/workflows/terraform.tfstate
 create mode 100644 .github/workflows/terraform.tfstate.backup

diff --git a/.github/workflows/github_networks.tf b/.github/workflows/github_networks.tf
index d5a0db0..4db9025 100644
--- a/.github/workflows/github_networks.tf
+++ b/.github/workflows/github_networks.tf
@@ -1,11 +1,11 @@
 resource "aws_vpc" "Main" {
   cidr_block = var.main_vpc_cidr
-  tags = var.instance_tags
+  tags       = var.instance_tags
 }
 
 resource "aws_internet_gateway" "IGW" {
   vpc_id = aws_vpc.Main.id
   tags = {
-    Name      = "${var.namespace}-IGW"
+    Name = "${var.namespace}-IGW"
   }
 }
diff --git a/.github/workflows/github_vars.tfvars b/.github/workflows/github_vars.tfvars
index 38be3ed..4d40f72 100644
--- a/.github/workflows/github_vars.tfvars
+++ b/.github/workflows/github_vars.tfvars
@@ -3,7 +3,7 @@
 // Declared in variables.tf
 // 
 
-namespace         = "github_actions"
+namespace = "github_actions"
 
 // Matching pair name found in AWS for keypairs PEM key
 ami_key_pair_name = "github_actions"
diff --git a/.github/workflows/main.tf b/.github/workflows/main.tf
index 9ad9240..29fd6f3 100644
--- a/.github/workflows/main.tf
+++ b/.github/workflows/main.tf
@@ -28,7 +28,7 @@ resource "aws_security_group" "github_actions" {
     protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
-  
+
   ingress {
     from_port   = 80
     to_port     = 80
@@ -44,7 +44,7 @@ resource "aws_security_group" "github_actions" {
   }
   tags = {
     Name = "${var.namespace}-SG"
- }
+  }
 }
 
 // instance setup
@@ -57,16 +57,16 @@ resource "aws_instance" "testing_vm" {
   tags                        = var.instance_tags
   vpc_security_group_ids      = [aws_security_group.github_actions.id]
   root_block_device {
-        delete_on_termination = true
+    delete_on_termination = true
   }
 }
 
 // generate inventory file
 resource "local_file" "inventory" {
-  filename = "./hosts.yml"
+  filename             = "./hosts.yml"
   directory_permission = "0755"
   file_permission      = "0644"
-  content  = <<EOF
+  content              = <<EOF
     # benchmark host
     all:
       hosts:
diff --git a/.github/workflows/terraform.tfstate b/.github/workflows/terraform.tfstate
new file mode 100644
index 0000000..6a8982d
--- /dev/null
+++ b/.github/workflows/terraform.tfstate
@@ -0,0 +1,8 @@
+{
+  "version": 4,
+  "terraform_version": "1.2.2",
+  "serial": 15,
+  "lineage": "826bcba6-7d74-b65e-f687-a6f4945dd69e",
+  "outputs": {},
+  "resources": []
+}
diff --git a/.github/workflows/terraform.tfstate.backup b/.github/workflows/terraform.tfstate.backup
new file mode 100644
index 0000000..ffbb4b0
--- /dev/null
+++ b/.github/workflows/terraform.tfstate.backup
@@ -0,0 +1,370 @@
+{
+  "version": 4,
+  "terraform_version": "1.2.2",
+  "serial": 7,
+  "lineage": "826bcba6-7d74-b65e-f687-a6f4945dd69e",
+  "outputs": {},
+  "resources": [
+    {
+      "mode": "data",
+      "type": "aws_vpc",
+      "name": "default",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:ec2:us-east-1:817651307868:vpc/vpc-05ef27c517862c3b1",
+            "cidr_block": "172.31.0.0/16",
+            "cidr_block_associations": [
+              {
+                "association_id": "vpc-cidr-assoc-0a0f361027d9f91f3",
+                "cidr_block": "172.31.0.0/16",
+                "state": "associated"
+              }
+            ],
+            "default": true,
+            "dhcp_options_id": "dopt-c5dfccbe",
+            "enable_dns_hostnames": true,
+            "enable_dns_support": true,
+            "filter": null,
+            "id": "vpc-05ef27c517862c3b1",
+            "instance_tenancy": "default",
+            "ipv6_association_id": "",
+            "ipv6_cidr_block": "",
+            "main_route_table_id": "rtb-0a40eb856c7d79f1d",
+            "owner_id": "817651307868",
+            "state": null,
+            "tags": {
+              "Name": "Default VPC"
+            }
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_instance",
+      "name": "testing_vm",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "ami": "ami-0c41531b8d18cc72b",
+            "arn": "arn:aws:ec2:us-east-1:817651307868:instance/i-0d997714170ce8898",
+            "associate_public_ip_address": true,
+            "availability_zone": "us-east-1a",
+            "capacity_reservation_specification": [
+              {
+                "capacity_reservation_preference": "open",
+                "capacity_reservation_target": []
+              }
+            ],
+            "cpu_core_count": 1,
+            "cpu_threads_per_core": 2,
+            "credit_specification": [
+              {
+                "cpu_credits": "unlimited"
+              }
+            ],
+            "disable_api_termination": false,
+            "ebs_block_device": [],
+            "ebs_optimized": false,
+            "enclave_options": [
+              {
+                "enabled": false
+              }
+            ],
+            "ephemeral_block_device": [],
+            "get_password_data": false,
+            "hibernation": false,
+            "host_id": null,
+            "iam_instance_profile": "",
+            "id": "i-0d997714170ce8898",
+            "instance_initiated_shutdown_behavior": "stop",
+            "instance_state": "running",
+            "instance_type": "t3.micro",
+            "ipv6_address_count": 0,
+            "ipv6_addresses": [],
+            "key_name": "github_actions",
+            "launch_template": [],
+            "maintenance_options": [
+              {
+                "auto_recovery": "default"
+              }
+            ],
+            "metadata_options": [
+              {
+                "http_endpoint": "enabled",
+                "http_put_response_hop_limit": 1,
+                "http_tokens": "optional",
+                "instance_metadata_tags": "disabled"
+              }
+            ],
+            "monitoring": false,
+            "network_interface": [],
+            "outpost_arn": "",
+            "password_data": "",
+            "placement_group": "",
+            "placement_partition_number": null,
+            "primary_network_interface_id": "eni-0417127dc77918518",
+            "private_dns": "ip-172-31-8-170.ec2.internal",
+            "private_ip": "172.31.8.170",
+            "public_dns": "ec2-3-238-53-150.compute-1.amazonaws.com",
+            "public_ip": "3.238.53.150",
+            "root_block_device": [
+              {
+                "delete_on_termination": true,
+                "device_name": "/dev/sda1",
+                "encrypted": false,
+                "iops": 100,
+                "kms_key_id": "",
+                "tags": null,
+                "throughput": 0,
+                "volume_id": "vol-0392840b878024a68",
+                "volume_size": 10,
+                "volume_type": "gp2"
+              }
+            ],
+            "secondary_private_ips": [],
+            "security_groups": [
+              "github_actions-5eb7d7f8d9c46a1c"
+            ],
+            "source_dest_check": true,
+            "subnet_id": "subnet-0ad8888b9fd53204f",
+            "tags": {
+              "Environment": "lockdown_github_repo_workflow",
+              "Name": "RHEL9-CIS"
+            },
+            "tags_all": {
+              "Environment": "lockdown_github_repo_workflow",
+              "Name": "RHEL9-CIS"
+            },
+            "tenancy": "default",
+            "timeouts": null,
+            "user_data": null,
+            "user_data_base64": null,
+            "user_data_replace_on_change": false,
+            "volume_tags": null,
+            "vpc_security_group_ids": [
+              "sg-054e3f94c98fc64f2"
+            ]
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMCwidXBkYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
+          "dependencies": [
+            "aws_security_group.github_actions",
+            "data.aws_vpc.default",
+            "random_id.server"
+          ]
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_internet_gateway",
+      "name": "IGW",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:ec2:us-east-1:817651307868:internet-gateway/igw-0ef39abda6f14481d",
+            "id": "igw-0ef39abda6f14481d",
+            "owner_id": "817651307868",
+            "tags": {
+              "Name": "github_actions-IGW"
+            },
+            "tags_all": {
+              "Name": "github_actions-IGW"
+            },
+            "vpc_id": "vpc-068452c798d98b17f"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "aws_vpc.Main"
+          ]
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_security_group",
+      "name": "github_actions",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "arn": "arn:aws:ec2:us-east-1:817651307868:security-group/sg-054e3f94c98fc64f2",
+            "description": "Managed by Terraform",
+            "egress": [
+              {
+                "cidr_blocks": [
+                  "0.0.0.0/0"
+                ],
+                "description": "",
+                "from_port": 0,
+                "ipv6_cidr_blocks": [],
+                "prefix_list_ids": [],
+                "protocol": "-1",
+                "security_groups": [],
+                "self": false,
+                "to_port": 0
+              }
+            ],
+            "id": "sg-054e3f94c98fc64f2",
+            "ingress": [
+              {
+                "cidr_blocks": [
+                  "0.0.0.0/0"
+                ],
+                "description": "",
+                "from_port": 22,
+                "ipv6_cidr_blocks": [],
+                "prefix_list_ids": [],
+                "protocol": "tcp",
+                "security_groups": [],
+                "self": false,
+                "to_port": 22
+              },
+              {
+                "cidr_blocks": [
+                  "0.0.0.0/0"
+                ],
+                "description": "",
+                "from_port": 80,
+                "ipv6_cidr_blocks": [],
+                "prefix_list_ids": [],
+                "protocol": "tcp",
+                "security_groups": [],
+                "self": false,
+                "to_port": 80
+              }
+            ],
+            "name": "github_actions-5eb7d7f8d9c46a1c",
+            "name_prefix": "",
+            "owner_id": "817651307868",
+            "revoke_rules_on_delete": false,
+            "tags": {
+              "Name": "github_actions-SG"
+            },
+            "tags_all": {
+              "Name": "github_actions-SG"
+            },
+            "timeouts": null,
+            "vpc_id": "vpc-05ef27c517862c3b1"
+          },
+          "sensitive_attributes": [],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=",
+          "dependencies": [
+            "data.aws_vpc.default",
+            "random_id.server"
+          ]
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "aws_vpc",
+      "name": "Main",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 1,
+          "attributes": {
+            "arn": "arn:aws:ec2:us-east-1:817651307868:vpc/vpc-068452c798d98b17f",
+            "assign_generated_ipv6_cidr_block": false,
+            "cidr_block": "172.22.0.0/24",
+            "default_network_acl_id": "acl-08a831aefd0ff6f65",
+            "default_route_table_id": "rtb-09ae50e860e80fb1f",
+            "default_security_group_id": "sg-01ff3ec71f0cd3115",
+            "dhcp_options_id": "dopt-c5dfccbe",
+            "enable_classiclink": false,
+            "enable_classiclink_dns_support": false,
+            "enable_dns_hostnames": false,
+            "enable_dns_support": true,
+            "id": "vpc-068452c798d98b17f",
+            "instance_tenancy": "default",
+            "ipv4_ipam_pool_id": null,
+            "ipv4_netmask_length": null,
+            "ipv6_association_id": "",
+            "ipv6_cidr_block": "",
+            "ipv6_cidr_block_network_border_group": "",
+            "ipv6_ipam_pool_id": "",
+            "ipv6_netmask_length": 0,
+            "main_route_table_id": "rtb-09ae50e860e80fb1f",
+            "owner_id": "817651307868",
+            "tags": {
+              "Environment": "lockdown_github_repo_workflow",
+              "Name": "RHEL9-CIS"
+            },
+            "tags_all": {
+              "Environment": "lockdown_github_repo_workflow",
+              "Name": "RHEL9-CIS"
+            }
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "local_file",
+      "name": "inventory",
+      "provider": "provider[\"registry.terraform.io/hashicorp/local\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "content": "    # benchmark host\n    all:\n      hosts:\n        rhel9:\n          ansible_host: 3.238.53.150\n          ansible_user: ec2-user\n      vars:\n        setup_audit: true\n        run_audit: true\n        system_is_ec2: true\n        audit_git_version: devel\n",
+            "content_base64": null,
+            "directory_permission": "0755",
+            "file_permission": "0644",
+            "filename": "./hosts.yml",
+            "id": "697bfe9ff397a4b5e3f46caf3c48481a3d485375",
+            "sensitive_content": null,
+            "source": null
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "aws_instance.testing_vm",
+            "aws_security_group.github_actions",
+            "data.aws_vpc.default",
+            "random_id.server"
+          ]
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "random_id",
+      "name": "server",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "b64_std": "XrfX+NnEahw=",
+            "b64_url": "XrfX-NnEahw",
+            "byte_length": 8,
+            "dec": "6825161224108665372",
+            "hex": "5eb7d7f8d9c46a1c",
+            "id": "XrfX-NnEahw",
+            "keepers": {
+              "ami_id": "ami-0c41531b8d18cc72b"
+            },
+            "prefix": null
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    }
+  ]
+}
diff --git a/.github/workflows/variables.tf b/.github/workflows/variables.tf
index eabec24..58544fc 100644
--- a/.github/workflows/variables.tf
+++ b/.github/workflows/variables.tf
@@ -29,7 +29,7 @@ variable "ami_os" {
 
 variable "ami_id" {
   description = "AMI ID reference"
-  type = string
+  type        = string
 }
 
 variable "ami_username" {

From 333e1d23298737a7158ae878069e3c3e0677885e Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 8 Jun 2022 12:31:29 +0100
Subject: [PATCH 5/5] updted syslog logic for audit

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 templates/ansible_vars_goss.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/ansible_vars_goss.yml.j2 b/templates/ansible_vars_goss.yml.j2
index 0947ce3..6654add 100644
--- a/templates/ansible_vars_goss.yml.j2
+++ b/templates/ansible_vars_goss.yml.j2
@@ -448,7 +448,7 @@ rhel9cis_nft_tables_autochaincreate: {{ rhel9cis_nft_tables_autochaincreate }}
 # Section 4
 
 ## syslog
-rhel9_cis_rsyslog: {{ rhel9cis_syslog }}
+rhel9cis_syslog: {{ rhel9cis_preferred_log_capture }}
 
 # Section 5
 ## 5.2.4 Note the following to understand precedence and layout