ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
1082 commits 5 branches 14 tags 2.6 MiB
Commit graph

1082 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tomuta, Diana Maria (T CST SCC-RO)
55744fe599
Fixing documentation of the vars. 
Signed-off-by: Diana-Maria Dumitru <diana.dumitru@siemens.com>
 2025-07-02 13:48:17 +03:00
uk-bolly
48fd578ee1
Merge pull request #351 from ansible-lockdown/audit_only_fetch 
Audit only fetch
 2025-06-20 14:41:15 +02:00
Mark Bolwell
37f4d0c9f0
fixed crypto logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-20 12:15:13 +01:00
Mark Bolwell
bd1547313a
Fix logic and notes for in crypto policy building 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-20 11:29:53 +01:00
uk-bolly
055cb35603
Merge branch 'devel' into audit_only_fetch 
Signed-off-by: uk-bolly <mark.bollyuk@gmail.com>
 2025-06-20 11:21:28 +02:00
uk-bolly
3dfa4f7e86
Merge pull request #348 from ansible-lockdown/root_user_check 
root password and other improvements
 2025-06-19 17:28:45 +02:00
Mark Bolwell
72dfe581e9
updated 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-19 16:27:53 +01:00
Mark Bolwell
515d5c3bf7
added changed_when to resolve false warning message 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-19 16:26:48 +01:00
Mark Bolwell
908ac57db7
enabled fetch report and updated title 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-19 16:26:01 +01:00
Mark Bolwell
3ea5b92259
updated 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 17:22:31 +01:00
Mark Bolwell
3173b74481
updated grep command 1.3.1.6 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 17:21:45 +01:00
Mark Bolwell
35d0bf9c4b
updated auditing conditionals 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 13:19:14 +01:00
Mark Bolwell
ca14eeb147
updated 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 10:18:26 +01:00
uk-bolly
27dc592c12
Merge pull request #343 from polski-g/auditd_check_mode 
auditd: ensure check mode runs non-destructive call to ausyscall --dump
 2025-06-16 11:15:30 +02:00
Mark Bolwell
7bef2eda62
added check_mode false 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 10:12:27 +01:00
Mark Bolwell
18fc4ea585
updated conditional var name and regex best practices 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 10:08:56 +01:00
Mark Bolwell
b2308ac310
fixed typos in logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 10:07:55 +01:00
Mark Bolwell
51b20d383d
Renamed variable to prelim 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 10:07:27 +01:00
Mark Bolwell
9f50effd30
updated logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-16 10:01:10 +01:00
Mark Bolwell
30bb04b1d4
updates root password check 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-06-12 12:10:44 +01:00
uk-bolly
2f5caf836b
Merge pull request #347 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-06-12 12:25:49 +02:00
pre-commit-ci[bot]
2ce05a345d
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/gitleaks/gitleaks: v8.27.0 → v8.27.2](https://github.com/gitleaks/gitleaks/compare/v8.27.0...v8.27.2)
 2025-06-09 17:24:11 +00:00
Fred W.
f86803b1a7
Merge pull request #346 from ansible-lockdown/May2025Fixes 
Fix for #325 thank you @mindrb
 2025-06-09 12:23:28 -04:00
Fred W.
dce6303302
Merge pull request #342 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-06-09 08:33:20 -04:00
polski-g
5226f14b3e
fetch of auditd logfile should run in check_mode 
Signed-off-by: polski-g <polski_g@sent.at>
 2025-06-06 10:03:47 -04:00
polski-g
1bff329a05
auditd: ensure check mode runs non-destructive call to ausyscall --dump 
Signed-off-by: polski-g <polski_g@sent.at>
 2025-06-03 11:35:05 -04:00
pre-commit-ci[bot]
30d7e3a761
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/gitleaks/gitleaks: v8.26.0 → v8.27.0](https://github.com/gitleaks/gitleaks/compare/v8.26.0...v8.27.0)
 2025-06-02 17:25:10 +00:00
uk-bolly
f70821bf7e
Merge pull request #340 from ansible-lockdown/interactive_user_update 
Updated variable naming for interactive_users
 2025-05-28 18:42:20 +01:00
Mark Bolwell
cb475d3368
fixed typo on post audit file name 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-28 16:10:28 +01:00
Mark Bolwell
f740d89b54
Added user home discovery 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-28 15:36:39 +01:00
Mark Bolwell
210535bf4f
updated loop var name 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-28 15:36:04 +01:00
Mark Bolwell
c4070c341b
Updated logic on 7.2.9 tasks 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-28 15:35:34 +01:00
Mark Bolwell
5dc2541731
Updated passwd variable name 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-28 14:57:29 +01:00
Mark Bolwell
d136bfa381
Updated variable naming for interactive_users 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-28 10:22:30 +01:00
uk-bolly
96d054b0d2
Merge pull request #338 from polski-g/groupgroup_typo 
Fix typo in variable name discovered_group_check
 2025-05-28 10:02:28 +01:00
uk-bolly
4b4033e072
Merge pull request #337 from polski-g/network_manager_package_name 
Variablize network-manager package name
 2025-05-28 10:01:44 +01:00
uk-bolly
9c69d1f9e0
Merge pull request #336 from polski-g/sshd_redhat_cfg_exists 
Check for existence of sshd_config.d/50-redhat.conf
 2025-05-28 10:00:57 +01:00
Fred W.
e7e1f70494
Merge pull request #339 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2025-05-27 13:11:13 -04:00
pre-commit-ci[bot]
68579ae85e
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/ansible-community/ansible-lint: v25.4.0 → v25.5.0](https://github.com/ansible-community/ansible-lint/compare/v25.4.0...v25.5.0)
 2025-05-26 17:23:15 +00:00
polski_g
fb9577f7d9
Fix typo in variable name discovered_group_check 
Signed-off-by: polski-g <polski_g@sent.at>
 2025-05-23 12:34:44 -04:00
polski_g
4e49532e20
Variablize network-manager package name 
Signed-off-by: polski-g <polski_g@sent.at>
 2025-05-23 12:33:55 -04:00
polski_g
f564135e72
Check for existence of sshd_config.d/50-redhat.conf before trying to modify it 
Signed-off-by: polski-g <polski_g@sent.at>
 2025-05-23 12:32:02 -04:00
uk-bolly
9ee1498c98
Merge pull request #332 from ansible-lockdown/may25_issues 
May25 issues
 2025-05-23 16:56:52 +01:00
Mark Bolwell
f83e5a69a2
interactive users ilogic improvements thanks to @polski-g 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-23 16:05:01 +01:00
Frederick Witty
0e61e796c6
Fix for #325 thank you @mindrb 
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
 2025-05-23 11:00:13 -04:00
Mark Bolwell
daf5a3f462
changed command to shell for grep 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-23 15:01:16 +01:00
Mark Bolwell
15bf03c754
added check mode logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-23 14:34:30 +01:00
Mark Bolwell
2b37d0d732
added check_mode logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-23 14:30:17 +01:00
Mark Bolwell
8d5a32bc39
added rhel9cis_rsyslog_ansiblemanage conditional 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-23 14:25:42 +01:00
Mark Bolwell
4948d3cb09
added ignore comments in file 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-05-23 14:22:30 +01:00