RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00

Author	SHA1	Message	Date
Ionut Pruteanu	a9981edb4a	Finalising the docs content & syntax Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Ionut Pruteanu	e44c45d1a2	Changes after rebasing. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Ionut Pruteanu	0464c937c5	Doc additions for: - Sections 2.2 && 2.3 - Section 3 - Section 4.1 Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Ionut Pruteanu	13db3ab89e	Doc additions for: - Yum repos, - bootloader, - crypto policies, - SELinux - NTP Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Ionut Pruteanu	39acb53d30	Rebasing after: ~~~ Small additions to first part of documentation. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
root@DERVISHx	71c2f804a0	Document variables in defaults/main.yml, Fix 5 from devel Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
pre-commit-ci[bot]	898659edbf	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](https://github.com/ansible-community/ansible-lint/compare/v6.22.1...v6.22.2) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joshua Hemmings	2f820a811c	Update cis_1.1.7.x.yml Signed-off-by: Joshua Hemmings <josh@hemmings.ch> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	ed8039ad55	Update cis_6.2.x.yml Corrected tag: rule_6.2.3 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	8f39b97923	Update cis_6.1.x.yml Corrected tags: rule_6.1.8 & rule_6.1.12 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	6c2358084f	Update cis_5.6.1.x.yml Corrected tag: rule_5.6.1.5 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	fa8c680420	Update cis_5.6.1.x.yml Corrected tag: rule_5.6.1.1 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Joachim la Poutré	b80031be14	Update cis_1.8.x.yml Corrected tag rule_1.8.10 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Joachim la Poutré	e5f8044509	Update cis_1.3.x.yml Correction to "when": 1_3_3 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	70a18cd8ff	Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	9e7cf73aed	Storing max_log_file under `rhel9cis_auditd` dict variable. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
root@DERVISHx	397ff0a553	Adding new entry in /etc/pam.d/system-auth Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Bernd Grobauer	de3a25dd3a	Adding missing lines to sysctl.d/50-default.conf Signed-off-by: Bernd Grobauer <bernd.grobauer@siemens.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Joshua Hemmings	1d609e10cb	Remove trailing comma to align with other roles Signed-off-by: Joshua Hemmings <josh@hemmings.ch> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	46cd4b67eb	whole section defined in cis_4.2.1.x.yml gets executed only `when: rhel9cis_syslog == 'rsyslog'`, having same condition is redundant and may confuse users. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	72ba83fbaa	Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	f3082dd02e	Using rhel9cis_authselect['options'], otherwise not used at all Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Corey Reid	7da06eeaa8	find hidden files in /var/log for 4.3.2 Signed-off-by: Corey Reid <corey.nathan.reid@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	50bf410a7b	Using correct conditional for Task relying on 'firewall-cmd --get-active-zones' cmd Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	b40c5813fb	Using correct conditional for ftpd Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	e1cf40c5d2	Masking service when server package is needed Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	bf94c2f708	Timeout value defined in defaults/main.yml file not used Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Ionut Pruteanu	973af36ed0	Removing redundant conditional statements Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Marcin Dulinski	495355b067	Fixed chrony configuration options Signed-off-by: Marcin Dulinski <martin@dulin.me.uk> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
pre-commit-ci[bot]	d2df59f8e9	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/ansible-community/ansible-lint: v6.22.0 → v6.22.1](https://github.com/ansible-community/ansible-lint/compare/v6.22.0...v6.22.1) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Senih	844a351155	Update cis_5.6.1.x.yml Typo fixed from: - rule_5.5.1.3 to: - rule_5.6.1.3 Signed-off-by: Senih <40578755+senihucar@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
pre-commit-ci[bot]	22a7e32750	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/gitleaks/gitleaks: v8.18.0 → v8.18.1](https://github.com/gitleaks/gitleaks/compare/v8.18.0...v8.18.1) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	437db7b2a6	fixed typo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	e769b97e1a	updated benchmark name Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	1752212eb3	fixed benchmark_name Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	bc4be734f7	updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	9f16c3ce49	removed dupe line Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	df63880353	addition of audit_only config Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	9f6c9adb42	audit variables seperated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
pre-commit-ci[bot]	463ba0a718	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/pre-commit/pre-commit-hooks: v3.2.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks/compare/v3.2.0...v4.5.0) - [github.com/gitleaks/gitleaks: v8.17.0 → v8.18.0](https://github.com/gitleaks/gitleaks/compare/v8.17.0...v8.18.0) - [github.com/ansible-community/ansible-lint: v6.17.2 → v6.22.0](https://github.com/ansible-community/ansible-lint/compare/v6.17.2...v6.22.0) - [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	6c86a8dd19	updated workflow for galaxy and versions Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	ba769cac5b	updated collections Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	99bfe893b0	updated 5.6.5 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	2819352701	updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	d12a4b2a56	quoted file mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	d7cfb0c64c	updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	d94bd7476c	added pragma allowed Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	2e1f17169b	fix filename Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	43f3b5300c	updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	c7899232f5	import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00

1 2 3 4 5 ...

658 commits