RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00

Author	SHA1	Message	Date
polski-g	319c7a8fbb	ensure check mode runs all non-destructive tasks Signed-off-by: polski-g <polski_g@sent.at>	2025-10-01 09:44:03 -04:00
Frederick Witty	2dfa9266a8	Update cryto policy var to standard Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>	2025-09-08 11:54:57 -04:00
Frederick Witty	413ccb96b7	Update cryto policy based controls with improved logic Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>	2025-09-05 16:39:55 -04:00
Frederick Witty	de7555aa10	Update Changelog with fixes Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>	2025-09-02 17:14:30 -04:00
uk-bolly	3dfa4f7e86	Merge pull request #348 from ansible-lockdown/root_user_check root password and other improvements	2025-06-19 17:28:45 +02:00
Mark Bolwell	35d0bf9c4b	updated auditing conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-06-16 13:19:14 +01:00
Mark Bolwell	51b20d383d	Renamed variable to prelim Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-06-16 10:07:27 +01:00
polski-g	5226f14b3e	fetch of auditd logfile should run in check_mode Signed-off-by: polski-g <polski_g@sent.at>	2025-06-06 10:03:47 -04:00
uk-bolly	f70821bf7e	Merge pull request #340 from ansible-lockdown/interactive_user_update Updated variable naming for interactive_users	2025-05-28 18:42:20 +01:00
Mark Bolwell	f740d89b54	Added user home discovery Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-05-28 15:36:39 +01:00
Mark Bolwell	d136bfa381	Updated variable naming for interactive_users Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-05-28 10:22:30 +01:00
polski_g	f564135e72	Check for existence of sshd_config.d/50-redhat.conf before trying to modify it Signed-off-by: polski-g <polski_g@sent.at>	2025-05-23 12:32:02 -04:00
Mark Bolwell	f83e5a69a2	interactive users ilogic improvements thanks to @polski-g Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-05-23 16:05:01 +01:00
Mark Bolwell	15bf03c754	added check mode logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-05-23 14:34:30 +01:00
Frederick Witty	42024903e3	revamp set facts premlim_ max_int_uid and prelim_min_int_uid Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>	2025-04-23 12:47:22 -04:00
Mark Bolwell	9f3d8becf0	Improve logic for 5.3.3.2.x controls Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-01-22 16:56:51 +00:00
Mark Bolwell	fb73b18596	Add new pwquality dicovery & title update Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-01-22 08:53:02 +00:00
Mark Bolwell	82f7b53a67	Merge branch 'lint_dec24' into alignment Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-11 13:36:08 +00:00
Mark Bolwell	fcf9eb674f	lint and best practise Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-11 11:20:19 +00:00
Mark Bolwell	3545620db8	udpated variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-11 10:22:44 +00:00
Mark Bolwell	d850fc5875	Updated mountpoint vars correctly Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-11 10:09:31 +00:00
Mark Bolwell	fd97459b6a	Updated mountpoints controls Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-10 17:29:27 +00:00
Mark Bolwell	2de8a39cdc	updated yamllint, company naming, linting and spacing Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-12-04 12:00:12 +00:00
Mark Bolwell	fa13b06b1f	lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-11-04 17:15:33 +00:00
Mark Bolwell	68921be0b2	updated for gui discovery and dconf install Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-10-22 10:38:26 +01:00
Mark Bolwell	7c4c3f9e4d	renamed variable and updated tag Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-09-06 14:49:41 +01:00
Mark Bolwell	2a7d08da08	improvements Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-08-07 10:31:31 +01:00
Mark Bolwell	6ea105374a	Initial v2 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-07-24 14:03:12 +01:00
Mark Bolwell	2bf67cde0d	Added Nist values Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-07-22 12:42:39 +01:00
Mark Bolwell	8b58d71e4b	section1 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-07-19 17:01:23 +01:00
Mark Bolwell	b279a9fb80	Added /dev/null to exclude in prelim check shell Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-06-05 08:00:02 +01:00
uk-bolly	f8fcfe0e78	April_24 updates (#201 ) * Issue #170, PR #181 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * issue #182, PR #183 thansk to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * PR #180 thanks to @ipruteanu-sie and @raabf Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Addressed PR #165 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * PT #184 addressed thansk to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated credits Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * typo and ssh allow_deny comments Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * enable OS check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * PR - #198 addressed thanks to @brakkio86 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Addressed issue #190 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Additional vars for issue #190 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated pre-commit version Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * consistent quotes around mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * moved audit added discoveries Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed unneeded vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * audit moved to prelim Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * improved new variable usage Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed logic 6.2.10 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * addressed #197 thanks to @mark-tomich Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updates for audit section Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added prelim to includes Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-15 14:02:07 +01:00
uk-bolly	7d7b6132f4	March 24 to devel (#186 ) * Issue #170, PR #181 thanks to @ipruteanu-sie * issue #182, PR #183 thansk to @ipruteanu-sie * PR #180 thanks to @ipruteanu-sie and @raabf * Addressed PR #165 thanks to @ipruteanu-sie * PT #184 addressed thansk to @ipruteanu-sie * updated credits * typo and ssh allow_deny comments * enable OS check --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 16:52:38 +00:00
uk-bolly	0f58436212	Gpg import for rhel servers (#185 ) * change logic thanks to @rjacobs1990 see #175 * 1.2.1 force gpg import rhel * fix missing facts --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:10:06 +00:00
uk-bolly	40bc7aa082	Feb24 updates (#179 ) * change logic thanks to @rjacobs1990 see #175 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @ipruteani-sie #134 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Thanks to @stwongst #125 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @sgomez86 #146 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added updates from #115 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed rp_filter in post added in error Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated yamllint precommit Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated fqcn fo json_query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo for virt type query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-02-20 15:43:43 +00:00
Mark Bolwell	e82b2cefac	quoted file mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-09-21 16:25:59 +01:00
Mark Bolwell	04cb2e0f1d	#54 merged into new layout Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-09-06 08:44:23 +01:00
Mark Bolwell	194925be2f	consistent vars and names Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-06-07 09:24:32 +01:00
Mark Bolwell	674d3417ff	rule_1.10 updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-06-06 14:36:38 +01:00
Mark Bolwell	67f7c44ca8	tidy up control not required Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-03-13 09:45:26 +00:00
Mark Bolwell	3de7cd2f56	use new variable gpg_key_variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-03-06 11:21:33 +00:00
Mark Bolwell	a14e9c5dbe	#30 thanks to @smatterchew sshd config file dropin ability Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-02-20 11:31:46 +00:00
Mark Bolwell	9fe177f9ce	standardise naming and move items to prelim Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 11:35:47 +00:00
Mark Bolwell	a90941af41	fiex rule number 6.2.9 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 09:33:14 +00:00
Mark Bolwell	f8577132f0	removed old rhn check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 09:29:51 +00:00
Mark Bolwell	64a3e26e4f	moved su check to prelim Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-25 09:29:19 +00:00
Mark Bolwell	fdf298328c	documented 1.2.4 for rhel Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-20 17:14:24 +00:00
Mark Bolwell	fbe238091b	Added new prelim interactive_user_home Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-19 16:25:34 +00:00
Mark Bolwell	7f48dbd2c4	added gpg-key update Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-13 13:59:53 +00:00
Mark Bolwell	acf0104f7a	lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-01-13 12:10:18 +00:00

1 2

64 commits