Mark Bolwell
|
b68e8a3cdd
|
Added Managed by Ansible Changes will be lost
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-22 09:53:27 +01:00 |
|
Mark Bolwell
|
cf6e08c390
|
added legacy mount check again
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-21 14:16:58 +01:00 |
|
Mark Bolwell
|
a8ec3e343a
|
updated timeout test
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-21 13:23:34 +01:00 |
|
Mark Bolwell
|
1836ae14d7
|
fix typo
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-21 09:15:26 +01:00 |
|
Mark Bolwell
|
c02024ef69
|
changed to check ssh for all hosts
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-21 09:01:14 +01:00 |
|
Mark Bolwell
|
1ab63c73d6
|
added pause for rhel9 aswell
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:33:06 +01:00 |
|
Mark Bolwell
|
6165191c08
|
updates
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:08:14 +01:00 |
|
Mark Bolwell
|
4336bbf6b6
|
auditd, sysctl, become tidy up
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:07:39 +01:00 |
|
Mark Bolwell
|
b934cbef3f
|
suditd improvements
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:06:56 +01:00 |
|
Mark Bolwell
|
1dd2b46be6
|
logrotate process update
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:06:41 +01:00 |
|
Mark Bolwell
|
97a6a61997
|
container var usage
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:06:16 +01:00 |
|
Mark Bolwell
|
02c843f110
|
sysctl improvements, become usage
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:05:59 +01:00 |
|
Mark Bolwell
|
d2684c1e9d
|
auditd, sysctl vars goss version update
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:05:23 +01:00 |
|
Mark Bolwell
|
c3c668bb8e
|
crypto idempotency
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:04:44 +01:00 |
|
Mark Bolwell
|
b0e038bd45
|
container var usage improvement
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:03:45 +01:00 |
|
Mark Bolwell
|
33ebfea653
|
sysctl control improvements
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-20 17:03:18 +01:00 |
|
Mark Bolwell
|
fb1c6e9232
|
added libselinux requirement
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-17 11:24:14 +01:00 |
|
Mark Bolwell
|
91da6ffaa2
|
updated testing
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-17 11:23:57 +01:00 |
|
Mark Bolwell
|
c0c24ec8ef
|
improved test with idempotency
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-17 11:23:44 +01:00 |
|
Mark Bolwell
|
70942f45ea
|
updated to use almalinux image
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-13 17:05:20 +01:00 |
|
Mark Bolwell
|
193fded908
|
removed tfstate files
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-13 17:04:43 +01:00 |
|
uk-bolly
|
cbe3ca1585
|
Merge pull request #17 from ansible-lockdown/improvements
Improvements
|
2022-06-09 13:52:36 +01:00 |
|
Mark Bolwell
|
333e1d2329
|
updted syslog logic for audit
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-08 12:31:29 +01:00 |
|
Mark Bolwell
|
fdb3eb6286
|
terraform format
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-07 12:01:30 +01:00 |
|
Mark Bolwell
|
a8446b989b
|
added latest rhel9 image
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-07 10:23:18 +01:00 |
|
Mark Bolwell
|
2090cc4a45
|
not required file
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-07 10:07:26 +01:00 |
|
Mark Bolwell
|
2c4718fb75
|
fix title
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-06-07 10:07:19 +01:00 |
|
uk-bolly
|
0212c6aec3
|
Merge pull request #16 from ansible-lockdown/improvements
Improvements
removed all legacy OS checks
|
2022-05-17 14:49:52 +01:00 |
|
Mark Bolwell
|
93e3f7bf46
|
conditional and warning msg std
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-11 11:20:12 +01:00 |
|
Mark Bolwell
|
2ecc61649e
|
Std Warning msg
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-11 11:19:50 +01:00 |
|
Mark Bolwell
|
cbb5ff7cc2
|
Added git install to step
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-11 11:19:33 +01:00 |
|
Mark Bolwell
|
9368c1e17e
|
updated for rh9
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-11 09:57:44 +01:00 |
|
Mark Bolwell
|
5ce4b873d7
|
removed rh8 checks
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-11 09:57:33 +01:00 |
|
Mark Bolwell
|
63c82f8305
|
Removed python 2/3 checks for rh7/8
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-11 09:42:31 +01:00 |
|
uk-bolly
|
d5cce24f00
|
Merge pull request #14 from alewando/umask_fix
Fix UMASK hardening
workflow failure expected until RH9 GA
|
2022-05-11 09:38:42 +01:00 |
|
Adam Lewandowski
|
b9a3e3d2c6
|
Fix UMASK hardening
Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
|
2022-05-09 14:12:41 -04:00 |
|
uk-bolly
|
0348777c0b
|
Merge pull request #12 from alewando/var_defaults
Add missing variable defaults for 'rhel9cis_pam_faillock'
adding a variable not breaking pipeline OK to approve
|
2022-05-06 16:39:09 +01:00 |
|
Adam Lewandowski
|
581eb70b48
|
Restore rhel9cis_pam_faillock.remember, as it is used by rules 5.5.3 and 5.5.4
Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
|
2022-05-06 11:04:23 -04:00 |
|
Adam Lewandowski
|
62649cb6c5
|
Updated rhel9cis_pam_faillock defaults to only those needed for RHEL9
Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
|
2022-05-06 11:04:23 -04:00 |
|
Adam Lewandowski
|
85afda6413
|
Add missing variable defaults for 'rhel9cis_pam_faillock'
Signed-off-by: Adam Lewandowski <adam.lewandowski@plxis.com>
|
2022-05-06 11:04:23 -04:00 |
|
uk-bolly
|
e93d1ca735
|
Merge pull request #11 from ansible-lockdown/audit_vars
Add the ability to pass/change environment variable- current workflow failure expected
|
2022-05-04 16:32:07 +01:00 |
|
Mark Bolwell
|
3fc813361f
|
fixed typo
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-03 16:34:31 +01:00 |
|
Mark Bolwell
|
627f6e291d
|
updated environment options
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-05-03 10:22:00 +01:00 |
|
uk-bolly
|
33cfc54a5e
|
Merge pull request #9 from ansible-lockdown/lint
linting
|
2022-04-27 09:09:11 +01:00 |
|
Mark Bolwell
|
91600af889
|
yamllint
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-04-26 16:01:56 +01:00 |
|
uk-bolly
|
8361791c51
|
Merge pull request #8 from ansible-lockdown/rh8_2.0
Rh8 2.0
|
2022-04-26 15:58:05 +01:00 |
|
Mark Bolwell
|
32f5817007
|
added missing test to 3.3.7
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-04-26 12:01:20 +01:00 |
|
Mark Bolwell
|
83f0fb30ec
|
updated regex
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-04-26 12:01:06 +01:00 |
|
Mark Bolwell
|
e807498ed8
|
updated for correct service name
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-04-25 18:32:33 +01:00 |
|
Mark Bolwell
|
2c9587e666
|
updated for rh9 only
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2022-04-25 18:30:43 +01:00 |
|