ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
777 commits 5 branches 14 tags 2.6 MiB
Commit graph

777 commits

This branch
This branch
All branches
Author SHA1 Message Date
uk-bolly
df1aef8d31
Merge pull request #148 from siemens/siemens/feat/AuditVarsRefactoring 
Siemens/feat/audit vars refactoring
 2024-01-26 12:34:30 +00:00
uk-bolly
ac5eee81df
Merge pull request #112 from siemens/siemens/feat/ensure_default_umask_027_5_6_5 
Adding new entry in /etc/pam.d/system-auth
 2024-01-26 12:32:45 +00:00
Ionut Pruteanu
7bab634a45
Updating the testfile with documented findings 2024-01-25 10:31:11 +02:00
pre-commit-ci[bot]
aa8a60b4ee
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](https://github.com/ansible-community/ansible-lint/compare/v6.22.1...v6.22.2)
 2024-01-22 17:33:49 +00:00
Ionut Pruteanu
e780e076d1
Merge branch 'siemens/feat/document_main_variables' into siemens/rhel9/devel 2024-01-19 20:01:18 +02:00
root@DERVISHx
da62626a9d
Fixing conflicts after rebasing current feature branch onto 'devel' 2024-01-19 19:59:32 +02:00
Marcin Dulinski
9ce1fb6556
Solved minor conflicts in defaults/main.yml file, when re-basing 
Signed-off-by: Marcin Dulinski <martin@dulin.me.uk>
 2024-01-19 19:59:04 +02:00
Ionut Pruteanu
221f64da14
Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel 2024-01-19 19:47:15 +02:00
Ionut Pruteanu
b931555eb2
As Nuno discovered, I was accidentally adding a new line(un-needed) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 19:46:30 +02:00
Ionut Pruteanu
cd116a59b7
Using again sfera_automation_pipeline's master branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 19:46:30 +02:00
Ionut Pruteanu
89d1373373
Adding newest test results for L2(rebasing siemens/rhel9/devel onto devel) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 19:45:52 +02:00
Ionut Pruteanu
b89fa21c0a
new branch in Sfera_automation_pipeline, OIDC-testing 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 19:43:34 +02:00
Ionut Pruteanu
06b39c0683
Fixing conflicts after rebasing branch:"/siemens/rhel9/devel" onto up-to-date "devel" branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 19:41:41 +02:00
root@DERVISHx
d6ae2b6d36
Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel 2024-01-19 18:58:56 +02:00
Ionut Pruteanu
5cb6108e18
As Nuno discovered, I was accidentally adding a new line(un-needed) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:56 +02:00
Ionut Pruteanu
c2630dcb65
Using again sfera_automation_pipeline's master branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:56 +02:00
Ionut Pruteanu
d62e60d235
Adding newest test results for L2. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:56 +02:00
Ionut Pruteanu
a52d2a62ec
new branch in Sfera_automation_pipeline, OIDC-testing 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:56 +02:00
Ionut Pruteanu
19693c08de
Naming the Ansible vars in tesfile properly, with respect to rhel9 tasks. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:56 +02:00
Ionut Pruteanu
6ef4e38674
As Nuno discovered, I was accidentally adding a new line(un-needed) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
9614e9d7e1
Adding testfile with L1. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
7190ecb573
Using again sfera_automation_pipeline's master branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
3dde4b1c78
Adding CI file 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
3724f3f830
Adding newest test results for L2. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
17592cc608
new branch in Sfera_automation_pipeline, OIDC-testing 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
f5b2299c79
Naming the Ansible vars in tesfile properly, with respect to rhel9 tasks. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
dfffb19e4c
Adding testfile with L1. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 18:58:55 +02:00
Ionut Pruteanu
36ab51d600
Removing not useful line from docs 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 16:16:18 +02:00
Ionut Pruteanu
48f0c7db53
Using again the default values used by Lockdown for sshd vars, as they shouldn't be altered 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 16:11:02 +02:00
Ionut Pruteanu
073f6b7192
Revert "Added vars for streams." 
[IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since
we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal.

This reverts commit a57333dcf1.
 2024-01-19 15:55:42 +02:00
Ionut Pruteanu
b4bef292ca
Improving doc for journald log parameters. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 15:37:44 +02:00
Ionut Pruteanu
8fc85fcc59
Documenting usage of chrony variables. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-19 15:32:01 +02:00
Ionut Pruteanu
677424d853
Merge branch 'devel' of github.com:siemens/RHEL9-CIS into siemens/feat/document_main_variables 2024-01-19 11:03:46 +02:00
uk-bolly
068c45f509
Merge pull request #105 from siemens/siemens/feat/reverse_path_filtering_3_3_7 
Adding missing lines to usr: sysctl.d/50-default.conf
 2024-01-18 13:15:28 +00:00
Ionut Pruteanu
14cd1e0397
Merge branch 'siemens/feat/document_main_variables' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables 2024-01-17 20:39:49 +02:00
Ionut Pruteanu
560475ea4e
Finalising the docs content & syntax 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-17 20:17:21 +02:00
Joshua Hemmings
87d2685f4e
Update cis_1.1.7.x.yml 
Signed-off-by: Joshua Hemmings <josh@hemmings.ch>
 2024-01-10 16:11:27 +01:00
uk-bolly
200b2c244b
Merge pull request #152 from jLemmings/patch-1 
Remove trailing comma to align with other roles
 2024-01-09 16:48:20 +00:00
Joshua Hemmings
d73f26a7ab
Remove trailing comma to align with other roles 
Signed-off-by: Joshua Hemmings <josh@hemmings.ch>
 2024-01-09 09:17:00 +01:00
Joachim la Poutré
e0491ccb8f
Update cis_6.2.x.yml 
Corrected tag: rule_6.2.3

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:20:08 +01:00
Joachim la Poutré
d6b44aac70
Update cis_6.1.x.yml 
Corrected tags: rule_6.1.8 & rule_6.1.12

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:18:52 +01:00
Joachim la Poutré
3b256ff831
Update cis_5.6.1.x.yml 
Corrected tag: rule_5.6.1.5

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:16:20 +01:00
Joachim la Poutré
712b8b6ecd
Update cis_5.6.1.x.yml 
Corrected tag: rule_5.6.1.1

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:15:11 +01:00
Joachim la Poutré
4d749d988d
Update cis_1.8.x.yml 
Corrected tag rule_1.8.10

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:13:32 +01:00
Joachim la Poutré
1e55d86001
Update cis_1.3.x.yml 
Correction to "when":  1_3_3

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:12:06 +01:00
root@DERVISHx
a57333dcf1
Added vars for streams. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2023-12-27 15:39:46 +00:00
uk-bolly
6f8a95c73a
Merge pull request #143 from siemens/siemens/feat/4.2.1.3conditionalAndSectionHeader 
Siemens/feat/4.2.1.3conditional and section header
 2023-12-21 08:40:41 +00:00
uk-bolly
e545b89c7b
Merge pull request #145 from siemens/siemens/feat/5.4.2_addVarUsage 
Using rhel9cis_authselect['options'], otherwise not used at all
 2023-12-21 08:39:48 +00:00
Ionut Pruteanu
ca41b128cd
Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-20 22:21:14 +02:00
Ionut Pruteanu
88ffe32137
Storing max_log_file under rhel9cis_auditd dict variable. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-20 21:58:49 +02:00