RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00

Author	SHA1	Message	Date
Mark Bolwell	1457ea01e2	updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-15 09:44:24 +01:00
Mark Bolwell	8622a26b95	fixed naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-15 09:43:01 +01:00
Mark Bolwell	05fee15cb4	updates for audit section Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-15 09:29:19 +01:00
Mark Bolwell	f83e73c1a1	addressed #197 thanks to @mark-tomich Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-12 10:38:40 +01:00
Mark Bolwell	ff296e7e9b	Merge branch 'devel' into April_24 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 08:29:21 +01:00
Mark Bolwell	7c75856fc2	updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 08:25:35 +01:00
Mark Bolwell	2413eb3d4d	fixed logic 6.2.10 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 08:16:19 +01:00
Mark Bolwell	4baa4d735b	improved new variable usage Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 07:56:52 +01:00
Mark Bolwell	af2ffa2368	tidy up Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 07:56:11 +01:00
Mark Bolwell	be9ee540d1	audit moved to prelim Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 07:55:20 +01:00
Mark Bolwell	0803f90da2	removed unneeded vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 07:52:59 +01:00
Mark Bolwell	c9071b361d	moved audit added discoveries Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-10 07:51:31 +01:00
Mark Bolwell	7ed5c9c6bb	consistent quotes around mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-09 16:36:53 +01:00
Mark Bolwell	4ade48536f	updated pre-commit version Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-09 16:34:30 +01:00
Mark Bolwell	2d5ec1d474	Additional vars for issue #190 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-09 16:31:41 +01:00
Mark Bolwell	44911b81c3	Addressed issue #190 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-09 16:30:56 +01:00
Mark Bolwell	7c53c0d96e	PR - #198 addressed thanks to @brakkio86 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-09 16:29:49 +01:00
pre-commit-ci[bot]	e87d637eb2	[pre-commit.ci] pre-commit autoupdate (#192 ) updates: - [github.com/ansible-community/ansible-lint: v24.2.0 → v24.2.1](https://github.com/ansible-community/ansible-lint/compare/v24.2.0...v24.2.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>	2024-03-25 11:10:05 +00:00
RoboPickle	6eeae19517	Address issues in 4.1.1.2 and 4.1.1.3 including idempotent status (#188 ) * Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent Signed-off-by: John Foster <robopickle@proton.me> * Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent Removed debug messages Signed-off-by: John Foster <robopickle@proton.me> --------- Signed-off-by: John Foster <robopickle@proton.me>	2024-03-14 17:13:34 +00:00
uk-bolly	7d7b6132f4	March 24 to devel (#186 ) * Issue #170, PR #181 thanks to @ipruteanu-sie * issue #182, PR #183 thansk to @ipruteanu-sie * PR #180 thanks to @ipruteanu-sie and @raabf * Addressed PR #165 thanks to @ipruteanu-sie * PT #184 addressed thansk to @ipruteanu-sie * updated credits * typo and ssh allow_deny comments * enable OS check --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 16:52:38 +00:00
Mark Bolwell	f3ec4bd2bf	enable OS check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 15:48:24 +00:00
Mark Bolwell	c636e774c2	typo and ssh allow_deny comments Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 15:47:43 +00:00
Mark Bolwell	2d9b93d9de	updated credits Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 10:29:55 +00:00
Mark Bolwell	91b272baee	PT #184 addressed thansk to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 10:27:58 +00:00
Mark Bolwell	112cf5ae8c	Addressed PR #165 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 10:23:27 +00:00
Mark Bolwell	1b655bb473	PR #180 thanks to @ipruteanu-sie and @raabf Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:28:18 +00:00
Mark Bolwell	bf7df3fea2	issue #182 , PR #183 thansk to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:21:46 +00:00
Mark Bolwell	b31ece0ce8	Issue #170 , PR #181 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:19:30 +00:00
uk-bolly	0f58436212	Gpg import for rhel servers (#185 ) * change logic thanks to @rjacobs1990 see #175 * 1.2.1 force gpg import rhel * fix missing facts --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:10:06 +00:00
pre-commit-ci[bot]	0215412e9b	[pre-commit.ci] pre-commit autoupdate (#178 ) updates: - [github.com/adrienverge/yamllint.git: v1.34.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.34.0...v1.35.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>	2024-03-05 18:39:12 +00:00
uk-bolly	40bc7aa082	Feb24 updates (#179 ) * change logic thanks to @rjacobs1990 see #175 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @ipruteani-sie #134 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Thanks to @stwongst #125 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @sgomez86 #146 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added updates from #115 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed rp_filter in post added in error Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated yamllint precommit Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated fqcn fo json_query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo for virt type query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-02-20 15:43:43 +00:00
uk-bolly	06ec3de5c4	Merge pull request #175 from rjacobs1990/bugfix/fix-permissions-logfiles fix: idempotency molecule issue fixed for logfiles #173	2024-02-19 14:16:21 +00:00
uk-bolly	96536cc908	Merge pull request #177 from RoboPickle/bugfix_5_3_4 Bugfix 5 3 4 against issue #176	2024-02-19 12:16:51 +00:00
John Foster	467434a56f	Added blank line between each named task for consistency. Signed-off-by: John Foster <robopickle@proton.me>	2024-02-19 12:03:08 +00:00
uk-bolly	3313a1f2c3	Merge pull request #131 from siemens/siemens/feat/replacingVarAuditCopyPath Replacing vars according to Audit needs	2024-02-19 11:53:01 +00:00
uk-bolly	03e2a28653	Merge pull request #174 from bbaassssiiee/bugfix/sshd oscap scan found 2 issues in sshd configuration override files	2024-02-19 11:44:42 +00:00
uk-bolly	21f24b45a1	Merge pull request #169 from Illibur/patch-1 Update cis_6.1.x.yml	2024-02-19 11:37:29 +00:00
uk-bolly	f9dbbee1ec	Merge pull request #167 from ansible-lockdown/pre-commit-ci-update-config [pre-commit.ci] pre-commit autoupdate	2024-02-19 11:35:19 +00:00
uk-bolly	e3f5522824	Merge pull request #166 from siemens/siemens/feat/BgrubbyUsageForParams Siemens/feat/bgrubby usage for params	2024-02-19 11:34:52 +00:00
uk-bolly	cc6522f276	Merge pull request #164 from siemens/siemens/feat/Refactor_Document_main_variables Using a patch to refactor doc-extension	2024-02-19 11:29:34 +00:00
uk-bolly	488a4d5bff	Merge pull request #150 from numericillustration/devel fixing some mismatched tags and tasks in 5.6.1.x	2024-02-19 11:27:29 +00:00
John Foster	e100b02f44	Updated cis_6.1.x.yml to avoid deprecation warning as per Illibur's findings in issue #168. Changed vars on line 233 to use dictionary. Signed-off-by: John Foster <robopickle@proton.me>	2024-02-16 15:06:27 +00:00
John Foster	0e89fedfca	Adjusted tasks/main.yml indentation after running precommit checks Signed-off-by: John Foster <robopickle@proton.me>	2024-02-15 10:17:41 +00:00
Michael Hicks	1c7990cecd	fixing some mismatched tags and tasks in 5.6.1.x Signed-off-by: Michael Hicks <nooneofconsequence@gmail.com>	2024-02-14 13:39:15 -08:00
John Foster	7fde313f85	Main task was failing when using an AD account to connect to host. With an AD account there isn't an entry in the /etc/shadow file. This caused the password length check to treat it as a zero length password. Now local password check is skipped for AD account. Also added an additional check for a locked local account for the sudo user. Signed-off-by: John Foster <robopickle@proton.me>	2024-02-13 15:37:39 +00:00
pre-commit-ci[bot]	0a98ad4aea	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/gitleaks/gitleaks: v8.18.1 → v8.18.2](https://github.com/gitleaks/gitleaks/compare/v8.18.1...v8.18.2) - [github.com/ansible-community/ansible-lint: v6.22.2 → v24.2.0](https://github.com/ansible-community/ansible-lint/compare/v6.22.2...v24.2.0) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.34.0](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.34.0)	2024-02-12 17:38:29 +00:00
rjacobs1990	742165cd72	fix: more readable condition and prevent skipping 0600 #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 16:21:31 +01:00
rjacobs1990	8652390beb	fix: idempotency molecule issue fixed for logfiles and prevent skipping 0600 #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 15:55:42 +01:00
rjacobs1990	c805ee398b	fix: idempotency molecule issue fixed for logfiles #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 14:47:12 +01:00
Bas Meijer	cc7f9ccfd0	X11Forwarding found in /etc/ssh/sshd_config.d/50-redhat.conf Signed-off-by: Bas Meijer <bas.meijer@me.com>	2024-02-10 00:43:17 +01:00

1 2 3 4 5 ...

750 commits