ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 23:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
691 commits 5 branches 14 tags 2.6 MiB
Commit graph

691 commits

This branch
This branch
All branches
Author SHA1 Message Date
Marcin Dulinski
9ce1fb6556
Solved minor conflicts in defaults/main.yml file, when re-basing 
Signed-off-by: Marcin Dulinski <martin@dulin.me.uk>
 2024-01-19 19:59:04 +02:00
Ionut Pruteanu
36ab51d600
Removing not useful line from docs 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 16:16:18 +02:00
Ionut Pruteanu
48f0c7db53
Using again the default values used by Lockdown for sshd vars, as they shouldn't be altered 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 16:11:02 +02:00
Ionut Pruteanu
073f6b7192
Revert "Added vars for streams." 
[IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since
we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal.

This reverts commit a57333dcf1.
 2024-01-19 15:55:42 +02:00
Ionut Pruteanu
b4bef292ca
Improving doc for journald log parameters. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 15:37:44 +02:00
Ionut Pruteanu
8fc85fcc59
Documenting usage of chrony variables. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 15:32:01 +02:00
Ionut Pruteanu
677424d853
Merge branch 'devel' of github.com:siemens/RHEL9-CIS into siemens/feat/document_main_variables 2024-01-19 11:03:46 +02:00
uk-bolly
068c45f509
Merge pull request #105 from siemens/siemens/feat/reverse_path_filtering_3_3_7 
Adding missing lines to usr: sysctl.d/50-default.conf
 2024-01-18 13:15:28 +00:00
Ionut Pruteanu
14cd1e0397
Merge branch 'siemens/feat/document_main_variables' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables 2024-01-17 20:39:49 +02:00
Ionut Pruteanu
560475ea4e
Finalising the docs content & syntax 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-17 20:17:21 +02:00
uk-bolly
200b2c244b
Merge pull request #152 from jLemmings/patch-1 
Remove trailing comma to align with other roles
 2024-01-09 16:48:20 +00:00
Joshua Hemmings
d73f26a7ab
Remove trailing comma to align with other roles 
Signed-off-by: Joshua Hemmings <josh@hemmings.ch>
 2024-01-09 09:17:00 +01:00
root@DERVISHx
a57333dcf1
Added vars for streams. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-12-27 15:39:46 +00:00
uk-bolly
6f8a95c73a
Merge pull request #143 from siemens/siemens/feat/4.2.1.3conditionalAndSectionHeader 
Siemens/feat/4.2.1.3conditional and section header
 2023-12-21 08:40:41 +00:00
uk-bolly
e545b89c7b
Merge pull request #145 from siemens/siemens/feat/5.4.2_addVarUsage 
Using rhel9cis_authselect['options'], otherwise not used at all
 2023-12-21 08:39:48 +00:00
uk-bolly
145ac85e52
Merge pull request #103 from Corey0219/update-4-2-3 
find hidden files in /var/log for 4.3.2
 2023-12-20 09:48:47 +00:00
Corey Reid
8d85f178e2
find hidden files in /var/log for 4.3.2 
Signed-off-by: Corey Reid <corey.nathan.reid@gmail.com>
 2023-12-17 17:36:34 +00:00
uk-bolly
c56ea1ac9a
Merge pull request #140 from siemens/siemens/feat/3.4.2.5_fixConditional 
3.4.2.5 conditional fix
 2023-12-13 08:44:08 +00:00
uk-bolly
82d1c2bdfb
Merge pull request #138 from siemens/siemens/feat/2.3.4_fixConditional 
Using correct conditional for ftpd
 2023-12-13 08:43:07 +00:00
uk-bolly
779c90ea0e
Merge pull request #136 from siemens/siemens/feat/2.2.16_fixingNFSLogicBetweenMaskingServiceVsRemovingPackage 
Masking service when server package is needed
 2023-12-13 08:42:33 +00:00
uk-bolly
74f21e5303
Merge pull request #133 from siemens/siemens/feat/timeoutValueDefinedNotUsed 
Timeout value defined in defaults/main.yml file not used
 2023-12-13 08:40:02 +00:00
uk-bolly
ecbd514df1
Merge pull request #129 from siemens/siemens/feat/removingRedundantConditionals 
Removing redundant conditional statements
 2023-12-13 08:27:49 +00:00
uk-bolly
998eaf30ba
Merge pull request #121 from dulin/fix-chrony 
Fixed chrony configuration options
 2023-12-13 08:23:13 +00:00
uk-bolly
d022977723
Merge pull request #127 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2023-12-13 08:20:34 +00:00
uk-bolly
b7936bc633
Merge pull request #122 from senihucar/patch-1 
Update cis_5.6.1.x.yml
 2023-12-13 08:19:58 +00:00
Ionut Pruteanu
28a61fa71d
Last docs part - additions 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 20:17:43 +02:00
Ionut Pruteanu
c19e350b7d
Using rhel9cis_authselect['options'], otherwise not used at all 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 16:44:30 +02:00
Ionut Pruteanu
e0de491263
whole section defined in cis_4.2.1.x.yml gets executed only when: rhel9cis_syslog == 'rsyslog', having same condition is redundant and may confuse users. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 12:03:00 +02:00
Ionut Pruteanu
d79bba53c6
Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 12:01:10 +02:00
Ionut Pruteanu
6dfbe18612
Doc additions for: 
- Sections 2.2 && 2.3
- Section 3
- Section 4.1

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 22:53:01 +02:00
Ionut Pruteanu
81fd98e2c6
Using correct conditional for Task relying on 'firewall-cmd --get-active-zones' cmd 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 20:38:20 +02:00
Ionut Pruteanu
cd04537bf1
Using correct conditional for ftpd 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 18:58:02 +02:00
Ionut Pruteanu
9d988b483f
Masking service when server package is needed 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 18:10:09 +02:00
Ionut Pruteanu
06489db6a8
Doc additions for: 
- Yum repos,
- bootloader,
- crypto policies,
- SELinux
- NTP

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-06 22:20:32 +02:00
Ionut Pruteanu
dc59c320c8
Small additions to first part of documentation. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-05 21:01:06 +02:00
Ionut Pruteanu
4fe5f95cf7
Timeout value defined in defaults/main.yml file not used 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-05 20:40:50 +02:00
Ionut Pruteanu
72b503bf46
Removing redundant conditional statements 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-05 14:42:51 +02:00
pre-commit-ci[bot]
f3726b8908
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/ansible-community/ansible-lint: v6.22.0 → v6.22.1](https://github.com/ansible-community/ansible-lint/compare/v6.22.0...v6.22.1)
 2023-12-04 17:36:20 +00:00
root@DERVISHx
34b052196c
Document variables in defaults/main.yml, Fix 5 from devel 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-11-29 15:50:23 +00:00
root@DERVISHx
a2162dbd1b
Document variables in defaults/main.yml, Fix 2. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-11-24 15:38:40 +00:00
Senih
cce2b25d80
Update cis_5.6.1.x.yml 
Typo fixed from:
- rule_5.5.1.3
to:
- rule_5.6.1.3

Signed-off-by: Senih <40578755+senihucar@users.noreply.github.com>
 2023-11-23 12:02:37 -08:00
Marcin Dulinski
8b875ad228
Fixed chrony configuration options 
Signed-off-by: Marcin Dulinski <martin@dulin.me.uk>
 2023-11-22 09:17:15 +00:00
uk-bolly
8405e67db2
Merge pull request #119 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2023-11-21 14:04:21 +00:00
uk-bolly
f56e5d33d9
Merge pull request #120 from ansible-lockdown/audit_only 
Audit only enhancement and goss update
 2023-11-21 13:33:58 +00:00
Mark Bolwell
dc7da70b61
fixed typo 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-11-21 12:37:09 +00:00
Mark Bolwell
669f535225
updated benchmark name 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-11-21 12:28:52 +00:00
Mark Bolwell
afd1c2ff01
fixed benchmark_name 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-11-21 10:11:50 +00:00
Mark Bolwell
41520312e6
updated 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-11-21 10:00:27 +00:00
Mark Bolwell
2c152b3ae5
removed dupe line 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-11-21 09:50:11 +00:00
Mark Bolwell
23a4386e95
addition of audit_only config 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-11-21 09:49:36 +00:00