ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1380 commits 4 branches 16 tags 3.3 MiB
Commit graph

640 commits

Author SHA1 Message Date
Michael Hicks
c4a97079b1
added guardrails on enabled and state flags to systemd mask tasks to only disable and stop when the package is installed, otherwise just mask to prevent the service from ever starting should it get installed at a later time. This allows hardening to proceed when the service doesn't exist but masking has been requested. Otherwise the playbook run will fail at a step when the service which comes with the package doesn't already exist 
Signed-off-by: Michael Hicks <nooneofconsequence@gmail.com>
 2026-03-04 11:42:10 -08:00
uk-bolly
3015e2fe2f
Merge branch 'devel' into pub_feb26_updates 
Signed-off-by: uk-bolly <69214557+uk-bolly@users.noreply.github.com>
 2026-02-12 09:54:10 +00:00
Mark Bolwell
032c75924e
Tidy up 5.3.2.1 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-12 09:49:52 +00:00
Mark Bolwell
98e89d8945
Latest fixes updates Feb26 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-12 09:15:05 +00:00
Frederick Witty
71206432be
QA fixes and rollback of audit_only logic 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-02-11 14:54:30 -05:00
Frederick Witty
11becb32c5
QA Fixes 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-02-10 16:01:05 -05:00
Mark Bolwell
3442801399
tidy up of variables and warning for bootloader password 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-05 20:29:37 +00:00
Mark Bolwell
9a3f458db0
Updated bootloader password logic and enabled old methods without change 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-05 18:10:29 +00:00
Mark Bolwell
9b091984db
updated logic to allow manual hash to be added or filter 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-05 17:53:55 +00:00
Mark Bolwell
943b570484
incorporated PR 345 thanks to @thulium-drake 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-03 09:01:55 +00:00
Mark Bolwell
c7567a98ac
fixed tags and audit logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-03 08:57:45 +00:00
Mark Bolwell
db0b08762e
fixed typo thats to Eugene @Frequentis 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2026-02-01 19:54:22 +00:00
uk-bolly
d3f24d9d94
Merge pull request #420 from bol7742/patch-1 
fix: make 5.3.2.2 idempotent with 5.3.3.1.1
 2026-01-22 08:48:38 +00:00
Frederick Witty
e65df16f67
Update 3.1.1 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-01-08 14:33:16 -05:00
Frederick Witty
173fbd3254
Linting 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-01-08 14:26:24 -05:00
Frederick Witty
309ff4cdd7
Fixes from Public Issue 418 and 419 + Lic year 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-01-08 14:08:35 -05:00
Frederick Witty
22a9b085d7
fix for #419, thank you @aaronk1 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-01-08 12:23:40 -05:00
Frederick Witty
87cd0f3eb5
fix for #418 and update Lic year 
Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>
 2026-01-08 09:40:08 -05:00
George Nalen
7ff8e7b6b9
Updated disable IPv6 logic 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
 2025-12-23 11:20:21 -05:00
George Nalen
29a48f7f4c
updated name info for tasks related to 3.1.1 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
 2025-12-23 09:04:42 -05:00
George Nalen
2b7c8293b8
fixed linting issue 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
 2025-12-22 16:56:24 -05:00
George Nalen
beb3bfdc94
added option for sysctl or kernel for disabling IPv6 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
 2025-12-22 16:35:08 -05:00
bol7742
f15407dcb4
fix: make 5.3.2.2 idempotent with 5.3.3.1.1 
Signed-off-by: bol7742 <102948121+bol7742@users.noreply.github.com>
 2025-12-22 11:28:49 +01:00
Mark Bolwell
f80c60bb8a
updated with correct fix thanks to @bbaassssiiee 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-12-01 10:41:38 +00:00
Mark Bolwell
571711f11e
updated with correct fix thanks to @bbaassssiiee 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-12-01 10:23:25 +00:00
Mark Bolwell
52452b1e3c
issues 413 addressed thansk to @bbaassssiiee 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-11-28 14:51:43 +00:00
Mark Bolwell
ed784d270b
added fix for issues #413 azure locked passwords 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-11-28 14:44:59 +00:00
Mark Bolwell
5354111505
improved audit logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-16 15:27:27 +01:00
Mark Bolwell
a525e4a2fb
Added extra failure for no data 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-16 14:58:06 +01:00
Frederick Witty
724a09f23d
Merge pull request #401 from ansible-lockdown/Oct25_updates 
Oct25 updates
 2025-10-03 10:17:39 -04:00
Mark Bolwell
6500e39f42
Added fix for #399 thanks to @trumbaut 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-03 08:19:07 +01:00
Mark Bolwell
8f1aba35f6
added fix for public #399 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-03 08:13:35 +01:00
uk-bolly
c69fedcf0a
Merge pull request #398 from trumbaut/fix_rule_3.2.1_reffering_to_cramfs 
Update cis_3.2.x.yml (add dccp to blacklist instead of cramfs
 2025-10-02 13:42:40 +01:00
Mark Bolwell
fdc0a7afed
fixed typo thanks to @trumbaut #397 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-02 09:20:47 +01:00
Thomas Rumbaut
7aa911b354
Update cis_3.2.x.yml (add dccp to blacklist instead of cramfs 
Signed-off-by: Thomas Rumbaut <thomas@rumbaut.be>
 2025-10-02 10:06:44 +02:00
Mark Bolwell
383c4651c5
added public fix #396 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-01 17:44:17 +01:00
polski-g
319c7a8fbb
ensure check mode runs all non-destructive tasks 
Signed-off-by: polski-g <polski_g@sent.at>
 2025-10-01 09:44:03 -04:00
Mark Bolwell
81eadd4a6f
max-concurrent audit option added 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-01 12:59:44 +01:00
Mark Bolwell
d2b371432e
issue #393 addressed thanks to @fragglexarmy 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-01 10:32:52 +01:00
Mark Bolwell
d63f58972d
fixed typo 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-10-01 10:32:24 +01:00
uk-bolly
7314d7b092
Merge pull request #394 from dbeuker/devel 
Suggestion for the missing assert parameter
 2025-10-01 10:25:22 +01:00
uk-bolly
23b60bc629
Merge pull request #390 from polski-g/modular_section_5_r2 
Support section modularization (for Sec 5 only right now)
 2025-10-01 10:24:44 +01:00
uk-bolly
3e848dd6f1
Merge pull request #386 from polski-g/regex_5_3_2_2 
5.3.2.2: fix regex failing to match whitespace
 2025-10-01 10:24:13 +01:00
Mark Bolwell
5f64ccd843
5.3.2.1 updated var naming 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-09-30 15:20:23 +01:00
Mark Bolwell
0d56df1eda
5.4.1.3 typo fix thanks to @fragglexarmy 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-09-30 14:53:17 +01:00
Mark Bolwell
7769bec99e
Added section5 subsections public #390 thanks to @polski-g 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-09-30 14:44:57 +01:00
Mark Bolwell
caffb14671
applied latest fix from public #386 thansk to @polski-g 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-09-30 14:38:45 +01:00
Mark Bolwell
5dd64ebdb8
max concurrent options and default added 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-09-30 14:20:10 +01:00
Mark Bolwell
9a113ea4a8
fix pre-commit var naming for authselect 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2025-09-30 14:17:08 +01:00
Danny Beuker
03d42ba8ce
Suggestion for the missing assert parameter 
Signed-off-by: Danny Beuker <dannybeuker@proton.me>
 2025-09-22 10:02:50 +02:00