RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00

Author	SHA1	Message	Date
Frederick Witty	de7555aa10	Update Changelog with fixes Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>	2025-09-02 17:14:30 -04:00
Mark Bolwell	82f7b53a67	Merge branch 'lint_dec24' into alignment Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-11 13:36:08 +00:00
Mark Bolwell	88ac5c3d65	Lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-11 11:49:02 +00:00
Mark Bolwell	2de8a39cdc	updated yamllint, company naming, linting and spacing Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-04 12:00:12 +00:00
Mark Bolwell	22a1955948	Updated nftables prereqs for table Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-09-09 13:59:31 +01:00
Mark Bolwell	ab3c9cc8aa	Updated 4.3.2 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-09-09 12:10:38 +01:00
Mark Bolwell	14d038e8eb	renamed variables Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-09-05 17:36:07 +01:00
Mark Bolwell	aa0f4d0f6d	section4 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-07-24 13:57:29 +01:00
Mark Bolwell	20e2986406	capture only configuratoin lines from rsyslog Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-06-05 17:10:22 +01:00
RoboPickle	6eeae19517	Address issues in 4.1.1.2 and 4.1.1.3 including idempotent status (#188 ) * Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent Signed-off-by: John Foster <robopickle@proton.me> * Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent Removed debug messages Signed-off-by: John Foster <robopickle@proton.me> --------- Signed-off-by: John Foster <robopickle@proton.me>	2024-03-14 17:13:34 +00:00
uk-bolly	7d7b6132f4	March 24 to devel (#186 ) * Issue #170, PR #181 thanks to @ipruteanu-sie * issue #182, PR #183 thansk to @ipruteanu-sie * PR #180 thanks to @ipruteanu-sie and @raabf * Addressed PR #165 thanks to @ipruteanu-sie * PT #184 addressed thansk to @ipruteanu-sie * updated credits * typo and ssh allow_deny comments * enable OS check --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 16:52:38 +00:00
uk-bolly	0f58436212	Gpg import for rhel servers (#185 ) * change logic thanks to @rjacobs1990 see #175 * 1.2.1 force gpg import rhel * fix missing facts --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:10:06 +00:00
uk-bolly	40bc7aa082	Feb24 updates (#179 ) * change logic thanks to @rjacobs1990 see #175 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @ipruteani-sie #134 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Thanks to @stwongst #125 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @sgomez86 #146 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added updates from #115 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed rp_filter in post added in error Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated yamllint precommit Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated fqcn fo json_query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo for virt type query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-02-20 15:43:43 +00:00
uk-bolly	06ec3de5c4	Merge pull request #175 from rjacobs1990/bugfix/fix-permissions-logfiles fix: idempotency molecule issue fixed for logfiles #173	2024-02-19 14:16:21 +00:00
rjacobs1990	742165cd72	fix: more readable condition and prevent skipping 0600 #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 16:21:31 +01:00
rjacobs1990	8652390beb	fix: idempotency molecule issue fixed for logfiles and prevent skipping 0600 #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 15:55:42 +01:00
rjacobs1990	c805ee398b	fix: idempotency molecule issue fixed for logfiles #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 14:47:12 +01:00
Ionut Pruteanu	e2738f0a44	Fixing indentation for lines reported by yamllint Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 21:31:14 +02:00
Ionut Pruteanu	18803420f0	Replacing secure-configuration of 'audit' and 'audit_backlog_limit' from the `/etc/default/grub` approach to `grubby`(actually used by CIS) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 21:27:00 +02:00
uk-bolly	df1aef8d31	Merge pull request #148 from siemens/siemens/feat/AuditVarsRefactoring Siemens/feat/audit vars refactoring	2024-01-26 12:34:30 +00:00
uk-bolly	6f8a95c73a	Merge pull request #143 from siemens/siemens/feat/4.2.1.3conditionalAndSectionHeader Siemens/feat/4.2.1.3conditional and section header	2023-12-21 08:40:41 +00:00
Ionut Pruteanu	ca41b128cd	Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2023-12-20 22:21:14 +02:00
Ionut Pruteanu	88ffe32137	Storing max_log_file under `rhel9cis_auditd` dict variable. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2023-12-20 21:58:49 +02:00
Corey Reid	8d85f178e2	find hidden files in /var/log for 4.3.2 Signed-off-by: Corey Reid <corey.nathan.reid@gmail.com>	2023-12-17 17:36:34 +00:00
Ionut Pruteanu	e0de491263	whole section defined in cis_4.2.1.x.yml gets executed only `when: rhel9cis_syslog == 'rsyslog'`, having same condition is redundant and may confuse users. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2023-12-08 12:03:00 +02:00
Ionut Pruteanu	d79bba53c6	Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2023-12-08 12:01:10 +02:00
Mark Bolwell	e82b2cefac	quoted file mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-09-21 16:25:59 +01:00
Mark Bolwell	580ee762ee	fix filename Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-09-21 15:35:35 +01:00
Mark Bolwell	c5ed197e03	import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-09-21 15:07:52 +01:00
Mark Bolwell	a67a484971	import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-09-21 14:55:55 +01:00
Mark Bolwell	c7d72b564b	4.1.3.6 command improvement Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-05-17 15:42:30 +01:00
Thomas Merkel	2380cd46c9	Use correct backtick for regex escape Depends on the ansible version regex escape (via slash) require correct backticks to work. Otherwise it would result in a syntax error. Signed-off-by: Thomas Merkel <tm@core.io>	2023-05-04 19:40:19 +02:00
Mark Bolwell	5e5174a5b0	updated marker Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-03-10 15:19:35 +00:00
Mark Bolwell	ebdb8b9129	Updated layout Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-03-10 15:08:12 +00:00
Mark Bolwell	5a928b4304	Issue #38 thanks to bdwyertech Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-03-07 11:02:15 +00:00
Mark Bolwell	7459f1d445	idempontency improvements Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-02-27 17:26:34 +00:00
Mark Bolwell	e52cc6ca6b	4.1.4.8 tidy title remove register not used Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-31 08:31:12 +00:00
Mark Bolwell	4b1956508a	updates control steps Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-26 08:30:43 +00:00
Mark Bolwell	e641780168	replace module dest -> path Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-26 08:29:30 +00:00
Mark Bolwell	f9267a389b	remove state file on file module Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-26 08:29:03 +00:00
Mark Bolwell	10a6a2e0dd	with_items to loop Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 11:36:12 +00:00
Mark Bolwell	7760f35161	with_items to loop Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 10:01:14 +00:00
Mark Bolwell	9e63393899	removed state presnet from infile as default Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 09:47:13 +00:00
Mark Bolwell	4adb0ec812	standardize handler naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 09:41:32 +00:00
Mark Bolwell	0350e234fe	rhel_09 updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-24 11:02:32 +00:00
Mark Bolwell	499b67ceb2	Updated rsyslog server variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-19 14:51:30 +00:00
Mark Bolwell	cb609c1f1a	fqcn update Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-19 13:31:53 +00:00
Mark Bolwell	163900e277	add file exclusions Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-19 11:29:03 +00:00
Mark Bolwell	6e77a3ced6	removed older version Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-18 16:22:30 +00:00
Mark Bolwell	50d4cd83aa	Removed -automated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-13 14:15:50 +00:00

1 2

90 commits