ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-28 07:53:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
656 commits 5 branches 14 tags 2.6 MiB
Commit graph

82 commits

Author SHA1 Message Date
root@DERVISHx
8c7d8f1423
Add SSH Variables the proper way, condition entries correct. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-17 15:28:13 +01:00
Nuno Carvalho
29828974d0 Merge branch 'siemens/feat/ensure_default_umask_027_5_6_5' into 'siemens/rhel9/devel' 
Fix sintax Error on cis_5.2.x.yml

See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!5
 2023-10-17 16:10:53 +02:00
root@DERVISHx
2dadff76dc
Add SSH Variables the proper way, condition entries correct. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-17 15:08:11 +01:00
root@DERVISHx
e4e0b9d0a3
Add SSH Variables the proper way, condition entries correct. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-17 14:17:00 +01:00
Nuno Carvalho
fa0b19cc5c Merge branch 'siemens/feat/ensure_SSH_access_is_limited_5_2_4' into 'siemens/rhel9/devel' 
Fix sintax Error on cis_5.2.x.yml

See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!4
 2023-10-17 14:13:16 +02:00
root@DERVISHx
5ab4a1c0ed
Add SSH Variables the proper way, condition entries correct. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-17 13:11:16 +01:00
root@DERVISHx
aa4c427c54
Fix sintax Error on cis_5.2.x.yml 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-16 18:26:04 +01:00
root@DERVISHx
8319a028d8
Fix sintax Error on cis_5.2.x.yml 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-16 14:51:34 +01:00
Nuno Carvalho
ae31f4ff8e Merge branch 'siemens/feat/ensure_default_umask_027_5_6_5' into 'siemens/rhel9/devel' 
Adding new entry in /etc/pam.d/system-auth

See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!2
 2023-10-12 20:11:24 +02:00
root@DERVISHx
154959af62
Adding new entry in /etc/pam.d/system-auth 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-10-12 16:07:46 +01:00
Mark Bolwell
729fac3580
updated 5.6.5 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-09-22 08:44:43 +01:00
Mark Bolwell
e82b2cefac
quoted file mode 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-09-21 16:25:59 +01:00
Mark Bolwell
580ee762ee
fix filename 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-09-21 15:35:35 +01:00
Mark Bolwell
c5ed197e03
import_tasks file added 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-09-21 15:07:52 +01:00
Mark Bolwell
a67a484971
import_tasks file added 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-09-21 14:55:55 +01:00
Mark Bolwell
b631459e9b
fix typo in bashrc path 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-07-28 15:09:52 +01:00
Mark Bolwell
81b2f06dab
updated 5.6.5 logic 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-07-26 17:17:45 +01:00
Mark Bolwell
a791c81cf2
5.5.3 fix and update 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-07-26 11:42:21 +01:00
Mark Bolwell
ddec58c419
#66 5.6.5 regex improvment 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-06-28 10:49:55 +01:00
Mark Bolwell
2da0d870c8
#57 
great catch

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-05-16 11:56:07 +01:00
Mark Bolwell
195e42e3ea
removed line and updated requirement #53 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-05-16 08:52:45 +01:00
Mark Bolwell
7c09b264a1
fixed layout 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-05-16 08:52:18 +01:00
Jay Olinares
7f9b45cea3
tags added 
Signed-off-by: Jay Olinares <jay.olinares@gmail.com>
 2023-05-12 12:46:50 +10:00
Jay Olinares
2317abd1d2
fix https://github.com/ansible-lockdown/RHEL9-CIS/issues/58 
Signed-off-by: Jay Olinares <jay.olinares@gmail.com>
 2023-05-04 11:37:57 +10:00
Jay Olinares
fb4216be9f
use var values for pam_faillock 
Signed-off-by: Jay Olinares <jay.olinares@gmail.com>
 2023-04-15 22:21:53 +10:00
Marcin Dulinski
74e96cedd3
Fix system accounts 
Signed-off-by: Marcin Dulinski <marcin.dulinski@g.network>
 2023-03-17 14:39:07 +00:00
Mark Bolwell
868e74bbf4
issue 41 5.3.7 tasks 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-03-13 09:44:51 +00:00
Mark Bolwell
5e5174a5b0
updated marker 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-03-10 15:19:35 +00:00
Mark Bolwell
a14e9c5dbe
#30 thanks to @smatterchew sshd config file dropin ability 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-02-20 11:31:46 +00:00
Mark Bolwell
939102430c
lint updates 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-27 14:03:32 +00:00
Mark Bolwell
bf83a6b84c
Add more safety around control 5.4.2 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-27 12:19:16 +00:00
Mark Bolwell
3c72af6a83
fixed spacing 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-27 11:03:36 +00:00
Mark Bolwell
a759c38902
removed split filter allowing old ansible versions 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-27 11:03:23 +00:00
Mark Bolwell
d770c69aca
moved 5.6.6 testing to main task 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-27 11:01:41 +00:00
Mark Bolwell
9cf1f08eec
dest to path 5.2.1 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-26 14:59:18 +00:00
Mark Bolwell
388dbd797c
fix typo 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-26 14:17:29 +00:00
Mark Bolwell
89e6372648
5.6.3 tidy up 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-26 09:47:33 +00:00
Mark Bolwell
abd99426b8
replaced dest for path on file module 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-26 09:31:27 +00:00
Mark Bolwell
8694bfde75
with_items to loop 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-26 08:30:26 +00:00
Mark Bolwell
f9267a389b
remove state file on file module 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-26 08:29:03 +00:00
Mark Bolwell
3f76affa5b
changed_when for idempotency. 5.6. 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-20 13:34:30 +00:00
Mark Bolwell
999d7b5b1e
fix csv sugroup option updated 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-19 13:33:11 +00:00
Mark Bolwell
cb609c1f1a
fqcn update 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-19 13:31:53 +00:00
Mark Bolwell
acf0104f7a
lint updates 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-13 12:10:18 +00:00
Mark Bolwell
3ead0d63ac
warn control count updates 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-13 11:05:25 +00:00
Mark Bolwell
7c6555d92e
Lint updates & control alignment 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-13 09:09:21 +00:00
Mark Bolwell
c18151e158
linting fqcn 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-12 15:01:17 +00:00
Mark Bolwell
77dd593e0f
removed arg warn 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2023-01-10 11:19:41 +00:00
Mark Bolwell
e764ef55d5
lint updates 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2022-10-14 12:14:03 +01:00
Mark Bolwell
2491357136
Added login.defs 5.6.5 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
 2022-10-14 12:09:30 +01:00