RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00

Author	SHA1	Message	Date
pre-commit-ci[bot]	b5bea721f1	[pre-commit.ci] pre-commit autoupdate (#200 ) updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.5.0...v4.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>	2024-04-15 14:04:13 +01:00
uk-bolly	f8fcfe0e78	April_24 updates (#201 ) * Issue #170, PR #181 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * issue #182, PR #183 thansk to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * PR #180 thanks to @ipruteanu-sie and @raabf Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Addressed PR #165 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * PT #184 addressed thansk to @ipruteanu-sie Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated credits Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * typo and ssh allow_deny comments Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * enable OS check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * PR - #198 addressed thanks to @brakkio86 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Addressed issue #190 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Additional vars for issue #190 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated pre-commit version Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * consistent quotes around mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * moved audit added discoveries Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed unneeded vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * audit moved to prelim Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * improved new variable usage Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed logic 6.2.10 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * addressed #197 thanks to @mark-tomich Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updates for audit section Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added prelim to includes Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-04-15 14:02:07 +01:00
Mark Tomich	835cd41c8a	removing the async because we need the results of the init in the subsequent step Signed-off-by: Mark Tomich <tomichms@nih.gov>	2024-03-29 14:12:12 -04:00
pre-commit-ci[bot]	e87d637eb2	[pre-commit.ci] pre-commit autoupdate (#192 ) updates: - [github.com/ansible-community/ansible-lint: v24.2.0 → v24.2.1](https://github.com/ansible-community/ansible-lint/compare/v24.2.0...v24.2.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>	2024-03-25 11:10:05 +00:00
RoboPickle	6eeae19517	Address issues in 4.1.1.2 and 4.1.1.3 including idempotent status (#188 ) * Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent Signed-off-by: John Foster <robopickle@proton.me> * Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent Removed debug messages Signed-off-by: John Foster <robopickle@proton.me> --------- Signed-off-by: John Foster <robopickle@proton.me>	2024-03-14 17:13:34 +00:00
uk-bolly	7d7b6132f4	March 24 to devel (#186 ) * Issue #170, PR #181 thanks to @ipruteanu-sie * issue #182, PR #183 thansk to @ipruteanu-sie * PR #180 thanks to @ipruteanu-sie and @raabf * Addressed PR #165 thanks to @ipruteanu-sie * PT #184 addressed thansk to @ipruteanu-sie * updated credits * typo and ssh allow_deny comments * enable OS check --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 16:52:38 +00:00
uk-bolly	0f58436212	Gpg import for rhel servers (#185 ) * change logic thanks to @rjacobs1990 see #175 * 1.2.1 force gpg import rhel * fix missing facts --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-03-06 09:10:06 +00:00
pre-commit-ci[bot]	0215412e9b	[pre-commit.ci] pre-commit autoupdate (#178 ) updates: - [github.com/adrienverge/yamllint.git: v1.34.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.34.0...v1.35.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>	2024-03-05 18:39:12 +00:00
uk-bolly	40bc7aa082	Feb24 updates (#179 ) * change logic thanks to @rjacobs1990 see #175 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @ipruteani-sie #134 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Thanks to @stwongst #125 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * thanks to @sgomez86 #146 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added updates from #115 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed rp_filter in post added in error Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated yamllint precommit Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated fqcn fo json_query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo for virt type query Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2024-02-20 15:43:43 +00:00
uk-bolly	06ec3de5c4	Merge pull request #175 from rjacobs1990/bugfix/fix-permissions-logfiles fix: idempotency molecule issue fixed for logfiles #173	2024-02-19 14:16:21 +00:00
uk-bolly	96536cc908	Merge pull request #177 from RoboPickle/bugfix_5_3_4 Bugfix 5 3 4 against issue #176	2024-02-19 12:16:51 +00:00
John Foster	467434a56f	Added blank line between each named task for consistency. Signed-off-by: John Foster <robopickle@proton.me>	2024-02-19 12:03:08 +00:00
uk-bolly	3313a1f2c3	Merge pull request #131 from siemens/siemens/feat/replacingVarAuditCopyPath Replacing vars according to Audit needs	2024-02-19 11:53:01 +00:00
uk-bolly	03e2a28653	Merge pull request #174 from bbaassssiiee/bugfix/sshd oscap scan found 2 issues in sshd configuration override files	2024-02-19 11:44:42 +00:00
uk-bolly	21f24b45a1	Merge pull request #169 from Illibur/patch-1 Update cis_6.1.x.yml	2024-02-19 11:37:29 +00:00
uk-bolly	f9dbbee1ec	Merge pull request #167 from ansible-lockdown/pre-commit-ci-update-config [pre-commit.ci] pre-commit autoupdate	2024-02-19 11:35:19 +00:00
uk-bolly	e3f5522824	Merge pull request #166 from siemens/siemens/feat/BgrubbyUsageForParams Siemens/feat/bgrubby usage for params	2024-02-19 11:34:52 +00:00
uk-bolly	cc6522f276	Merge pull request #164 from siemens/siemens/feat/Refactor_Document_main_variables Using a patch to refactor doc-extension	2024-02-19 11:29:34 +00:00
uk-bolly	488a4d5bff	Merge pull request #150 from numericillustration/devel fixing some mismatched tags and tasks in 5.6.1.x	2024-02-19 11:27:29 +00:00
John Foster	e100b02f44	Updated cis_6.1.x.yml to avoid deprecation warning as per Illibur's findings in issue #168. Changed vars on line 233 to use dictionary. Signed-off-by: John Foster <robopickle@proton.me>	2024-02-16 15:06:27 +00:00
John Foster	0e89fedfca	Adjusted tasks/main.yml indentation after running precommit checks Signed-off-by: John Foster <robopickle@proton.me>	2024-02-15 10:17:41 +00:00
Michael Hicks	1c7990cecd	fixing some mismatched tags and tasks in 5.6.1.x Signed-off-by: Michael Hicks <nooneofconsequence@gmail.com>	2024-02-14 13:39:15 -08:00
John Foster	7fde313f85	Main task was failing when using an AD account to connect to host. With an AD account there isn't an entry in the /etc/shadow file. This caused the password length check to treat it as a zero length password. Now local password check is skipped for AD account. Also added an additional check for a locked local account for the sudo user. Signed-off-by: John Foster <robopickle@proton.me>	2024-02-13 15:37:39 +00:00
pre-commit-ci[bot]	0a98ad4aea	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/gitleaks/gitleaks: v8.18.1 → v8.18.2](https://github.com/gitleaks/gitleaks/compare/v8.18.1...v8.18.2) - [github.com/ansible-community/ansible-lint: v6.22.2 → v24.2.0](https://github.com/ansible-community/ansible-lint/compare/v6.22.2...v24.2.0) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.34.0](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.34.0)	2024-02-12 17:38:29 +00:00
rjacobs1990	742165cd72	fix: more readable condition and prevent skipping 0600 #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 16:21:31 +01:00
rjacobs1990	8652390beb	fix: idempotency molecule issue fixed for logfiles and prevent skipping 0600 #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 15:55:42 +01:00
rjacobs1990	c805ee398b	fix: idempotency molecule issue fixed for logfiles #173 Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>	2024-02-12 14:47:12 +01:00
Bas Meijer	cc7f9ccfd0	X11Forwarding found in /etc/ssh/sshd_config.d/50-redhat.conf Signed-off-by: Bas Meijer <bas.meijer@me.com>	2024-02-10 00:43:17 +01:00
Bas Meijer	baf8987a5f	PermitRootLogin found in /etc/ssh/sshd_config.d/01-permitrootlogin.conf Signed-off-by: Bas Meijer <bas.meijer@me.com>	2024-02-10 00:43:17 +01:00
Illibur	fcab25c61f	Update cis_6.1.x.yml Fixed: [DEPRECATION WARNING]: Specifying a list of dictionaries for vars is deprecated in favor of specifying a dictionary. This feature will be removed in version 2.18. Signed-off-by: Illibur <72218972+Illibur@users.noreply.github.com>	2024-02-06 18:46:30 +02:00
Ionut Pruteanu	e2738f0a44	Fixing indentation for lines reported by yamllint Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 21:31:14 +02:00
Ionut Pruteanu	18803420f0	Replacing secure-configuration of 'audit' and 'audit_backlog_limit' from the `/etc/default/grub` approach to `grubby`(actually used by CIS) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 21:27:00 +02:00
Ionut Pruteanu	3581793d8e	Documenting also new added(`space_left` & `admin_space_left`) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 20:31:03 +02:00
Ionut Pruteanu	f2a2757d1b	Fixing yaml-lint errors Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 20:30:25 +02:00
Ionut Pruteanu	a83678e9ce	Removing statement about SSH precedence vars. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 20:27:07 +02:00
Ionut Pruteanu	c70c23680a	Aplying patch to be used for extending-documentation Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 10:26:10 +02:00
uk-bolly	3fe681c0d2	Merge pull request #159 from ansible-lockdown/pre-commit-ci-update-config [pre-commit.ci] pre-commit autoupdate	2024-01-26 12:50:54 +00:00
uk-bolly	b726c2e444	Merge pull request #154 from jLemmings/patch-3 Remove trailing comma to align with other roles	2024-01-26 12:44:07 +00:00
uk-bolly	902956e51d	Merge pull request #151 from sickbock/devel Corrections to tags and a variable	2024-01-26 12:37:20 +00:00
uk-bolly	df1aef8d31	Merge pull request #148 from siemens/siemens/feat/AuditVarsRefactoring Siemens/feat/audit vars refactoring	2024-01-26 12:34:30 +00:00
uk-bolly	ac5eee81df	Merge pull request #112 from siemens/siemens/feat/ensure_default_umask_027_5_6_5 Adding new entry in /etc/pam.d/system-auth	2024-01-26 12:32:45 +00:00
pre-commit-ci[bot]	aa8a60b4ee	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](https://github.com/ansible-community/ansible-lint/compare/v6.22.1...v6.22.2)	2024-01-22 17:33:49 +00:00
uk-bolly	068c45f509	Merge pull request #105 from siemens/siemens/feat/reverse_path_filtering_3_3_7 Adding missing lines to usr: sysctl.d/50-default.conf	2024-01-18 13:15:28 +00:00
Joshua Hemmings	87d2685f4e	Update cis_1.1.7.x.yml Signed-off-by: Joshua Hemmings <josh@hemmings.ch>	2024-01-10 16:11:27 +01:00
uk-bolly	200b2c244b	Merge pull request #152 from jLemmings/patch-1 Remove trailing comma to align with other roles	2024-01-09 16:48:20 +00:00
Joshua Hemmings	d73f26a7ab	Remove trailing comma to align with other roles Signed-off-by: Joshua Hemmings <josh@hemmings.ch>	2024-01-09 09:17:00 +01:00
Joachim la Poutré	e0491ccb8f	Update cis_6.2.x.yml Corrected tag: rule_6.2.3 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>	2024-01-03 11:20:08 +01:00
Joachim la Poutré	d6b44aac70	Update cis_6.1.x.yml Corrected tags: rule_6.1.8 & rule_6.1.12 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>	2024-01-03 11:18:52 +01:00
Joachim la Poutré	3b256ff831	Update cis_5.6.1.x.yml Corrected tag: rule_5.6.1.5 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>	2024-01-03 11:16:20 +01:00
Joachim la Poutré	712b8b6ecd	Update cis_5.6.1.x.yml Corrected tag: rule_5.6.1.1 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>	2024-01-03 11:15:11 +01:00

1 2 3 4 5 ...

778 commits