RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-26 14:37:13 +00:00

Author	SHA1	Message	Date
Michael Hicks	c88d3dec49	fixed extra line based yaml lint failing issue Signed-off-by: Michael Hicks <nooneofconsequence@gmail.com>	2026-03-04 11:42:11 -08:00
Michael Hicks	c4a97079b1	added guardrails on enabled and state flags to systemd mask tasks to only disable and stop when the package is installed, otherwise just mask to prevent the service from ever starting should it get installed at a later time. This allows hardening to proceed when the service doesn't exist but masking has been requested. Otherwise the playbook run will fail at a step when the service which comes with the package doesn't already exist Signed-off-by: Michael Hicks <nooneofconsequence@gmail.com>	2026-03-04 11:42:10 -08:00
uk-bolly	3015e2fe2f	Merge branch 'devel' into pub_feb26_updates Signed-off-by: uk-bolly <69214557+uk-bolly@users.noreply.github.com>	2026-02-12 09:54:10 +00:00
Mark Bolwell	032c75924e	Tidy up 5.3.2.1 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-12 09:49:52 +00:00
Mark Bolwell	98e89d8945	Latest fixes updates Feb26 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-12 09:15:05 +00:00
Frederick Witty	71206432be	QA fixes and rollback of audit_only logic Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-02-11 14:54:30 -05:00
Frederick Witty	11becb32c5	QA Fixes Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-02-10 16:01:05 -05:00
Mark Bolwell	3442801399	tidy up of variables and warning for bootloader password Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-05 20:29:37 +00:00
Mark Bolwell	9a3f458db0	Updated bootloader password logic and enabled old methods without change Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-05 18:10:29 +00:00
Mark Bolwell	9b091984db	updated logic to allow manual hash to be added or filter Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-05 17:53:55 +00:00
Mark Bolwell	943b570484	incorporated PR 345 thanks to @thulium-drake Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-03 09:01:55 +00:00
Mark Bolwell	c7567a98ac	fixed tags and audit logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-03 08:57:45 +00:00
Mark Bolwell	db0b08762e	fixed typo thats to Eugene @Frequentis Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2026-02-01 19:54:22 +00:00
uk-bolly	d3f24d9d94	Merge pull request #420 from bol7742/patch-1 fix: make 5.3.2.2 idempotent with 5.3.3.1.1	2026-01-22 08:48:38 +00:00
Frederick Witty	e65df16f67	Update 3.1.1 Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-01-08 14:33:16 -05:00
Frederick Witty	173fbd3254	Linting Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-01-08 14:26:24 -05:00
Frederick Witty	309ff4cdd7	Fixes from Public Issue 418 and 419 + Lic year Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-01-08 14:08:35 -05:00
Frederick Witty	22a9b085d7	fix for #419 , thank you @aaronk1 Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-01-08 12:23:40 -05:00
Frederick Witty	87cd0f3eb5	fix for #418 and update Lic year Signed-off-by: Frederick Witty <frederick.witty@gotyto.com>	2026-01-08 09:40:08 -05:00
George Nalen	7ff8e7b6b9	Updated disable IPv6 logic Signed-off-by: George Nalen <georgen@mindpointgroup.com>	2025-12-23 11:20:21 -05:00
George Nalen	29a48f7f4c	updated name info for tasks related to 3.1.1 Signed-off-by: George Nalen <georgen@mindpointgroup.com>	2025-12-23 09:04:42 -05:00
George Nalen	2b7c8293b8	fixed linting issue Signed-off-by: George Nalen <georgen@mindpointgroup.com>	2025-12-22 16:56:24 -05:00
George Nalen	beb3bfdc94	added option for sysctl or kernel for disabling IPv6 Signed-off-by: George Nalen <georgen@mindpointgroup.com>	2025-12-22 16:35:08 -05:00
bol7742	f15407dcb4	fix: make 5.3.2.2 idempotent with 5.3.3.1.1 Signed-off-by: bol7742 <102948121+bol7742@users.noreply.github.com>	2025-12-22 11:28:49 +01:00
Mark Bolwell	f80c60bb8a	updated with correct fix thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-12-01 10:41:38 +00:00
Mark Bolwell	571711f11e	updated with correct fix thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-12-01 10:23:25 +00:00
Mark Bolwell	52452b1e3c	issues 413 addressed thansk to @bbaassssiiee Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-11-28 14:51:43 +00:00
Mark Bolwell	ed784d270b	added fix for issues #413 azure locked passwords Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-11-28 14:44:59 +00:00
Mark Bolwell	5354111505	improved audit logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-16 15:27:27 +01:00
Mark Bolwell	a525e4a2fb	Added extra failure for no data Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-16 14:58:06 +01:00
Frederick Witty	724a09f23d	Merge pull request #401 from ansible-lockdown/Oct25_updates Oct25 updates	2025-10-03 10:17:39 -04:00
Mark Bolwell	6500e39f42	Added fix for #399 thanks to @trumbaut Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-03 08:19:07 +01:00
Mark Bolwell	8f1aba35f6	added fix for public #399 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-03 08:13:35 +01:00
uk-bolly	c69fedcf0a	Merge pull request #398 from trumbaut/fix_rule_3.2.1_reffering_to_cramfs Update cis_3.2.x.yml (add dccp to blacklist instead of cramfs	2025-10-02 13:42:40 +01:00
Mark Bolwell	fdc0a7afed	fixed typo thanks to @trumbaut #397 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-02 09:20:47 +01:00
Thomas Rumbaut	7aa911b354	Update cis_3.2.x.yml (add dccp to blacklist instead of cramfs Signed-off-by: Thomas Rumbaut <thomas@rumbaut.be>	2025-10-02 10:06:44 +02:00
Mark Bolwell	383c4651c5	added public fix #396 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-01 17:44:17 +01:00
polski-g	319c7a8fbb	ensure check mode runs all non-destructive tasks Signed-off-by: polski-g <polski_g@sent.at>	2025-10-01 09:44:03 -04:00
Mark Bolwell	81eadd4a6f	max-concurrent audit option added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-01 12:59:44 +01:00
Mark Bolwell	d2b371432e	issue #393 addressed thanks to @fragglexarmy Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-01 10:32:52 +01:00
Mark Bolwell	d63f58972d	fixed typo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-10-01 10:32:24 +01:00
uk-bolly	7314d7b092	Merge pull request #394 from dbeuker/devel Suggestion for the missing assert parameter	2025-10-01 10:25:22 +01:00
uk-bolly	23b60bc629	Merge pull request #390 from polski-g/modular_section_5_r2 Support section modularization (for Sec 5 only right now)	2025-10-01 10:24:44 +01:00
uk-bolly	3e848dd6f1	Merge pull request #386 from polski-g/regex_5_3_2_2 5.3.2.2: fix regex failing to match whitespace	2025-10-01 10:24:13 +01:00
Mark Bolwell	5f64ccd843	5.3.2.1 updated var naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-09-30 15:20:23 +01:00
Mark Bolwell	0d56df1eda	5.4.1.3 typo fix thanks to @fragglexarmy Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-09-30 14:53:17 +01:00
Mark Bolwell	7769bec99e	Added section5 subsections public #390 thanks to @polski-g Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-09-30 14:44:57 +01:00
Mark Bolwell	caffb14671	applied latest fix from public #386 thansk to @polski-g Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-09-30 14:38:45 +01:00
Mark Bolwell	5dd64ebdb8	max concurrent options and default added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-09-30 14:20:10 +01:00
Mark Bolwell	9a113ea4a8	fix pre-commit var naming for authselect Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2025-09-30 14:17:08 +01:00

1 2 3 4 5 ...

641 commits