ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
782 commits 5 branches 14 tags 2.6 MiB
Commit graph

782 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pruteanu
d53e3ed350
Adding CIS default expectation for ClientAliveInterval 
Signed-off-by: Pruteanu <ionut.pruteanu@siemens.com>
 2024-02-21 14:05:33 +02:00
Ionut Pruteanu
54a7f901e7
Merge branch 'siemens/feat/5_2_20_Wrong_Value_clientalivecountmax' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/5_2_20_Wrong_Value_clientalivecountmax 2024-02-06 21:12:49 +02:00
Ionut Pruteanu
42f0ce406f
Fixing conflicts caused by docs addition <> default value changed, thrown during Rebase 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-02-06 21:12:07 +02:00
Ionut Pruteanu
09272d06ff Fixing conflict when changed value from 0>3(caused by previous lines added by docs). 2024-02-06 20:03:07 +01:00
Ionut Pruteanu
a84cf8f771
Rule 5.2.20 expects values different than 0, but previous form of the task was setting CountMax to 0 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-02-06 20:42:39 +02:00
Ionut Pruteanu
d26d1162a7 Merge branch 'siemens/feat/BgrubbyUsageForParams' into 'siemens/rhel9/devel' 
Grubby: secure-configuration of 'audit' and 'audit_backlog_limit'

See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!20
 2024-02-01 13:36:42 +01:00
Ionut Pruteanu
ead88e8794 Merge branch 'siemens/feat/b5_6_5_pam-d_files_session' into 'siemens/rhel9/devel' 
Solving conflicts after previous commit:

See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!19
 2024-02-01 13:32:15 +01:00
Ionut Pruteanu
9c1a473400 Merge branch 'siemens/feat/Refactor_Document_main_variables' into 'siemens/rhel9/devel' 
Aplying patch to be used for extending-documentation

See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!17
 2024-02-01 13:13:43 +01:00
Ionut Pruteanu
057afdc9ff
[IP] New branch was created, so a new merge will be done. 
Revert "Merge branch 'siemens/feat/document_main_variables' into siemens/rhel9/devel"

This reverts commit cc3cc03a04, reversing
changes made to d87451afd6.

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-02-01 13:54:48 +02:00
Ionut Pruteanu
e2738f0a44
Fixing indentation for lines reported by yamllint 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 21:31:14 +02:00
Ionut Pruteanu
18803420f0
Replacing secure-configuration of 'audit' and 'audit_backlog_limit' from the /etc/default/grub approach to grubby(actually used by CIS) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 21:27:00 +02:00
Ionut Pruteanu
594e52a21d
Solving conflicts after previous commit: 
Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth}

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 21:01:17 +02:00
Ionut Pruteanu
3581793d8e
Documenting also new added(space_left & admin_space_left) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 20:31:03 +02:00
Ionut Pruteanu
f2a2757d1b
Fixing yaml-lint errors 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 20:30:25 +02:00
Ionut Pruteanu
a83678e9ce
Removing statement about SSH precedence vars. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 20:27:07 +02:00
Ionut Pruteanu
c70c23680a
Aplying patch to be used for extending-documentation 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 10:26:10 +02:00
Ionut Pruteanu
9bd22c220d
Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:16:54 +02:00
Ionut Pruteanu
e1bb8339f7
Updating the testfile with documented findings 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:04:46 +02:00
Ionut Pruteanu
cc3cc03a04
Merge branch 'siemens/feat/document_main_variables' into siemens/rhel9/devel 2024-01-30 23:04:46 +02:00
Ionut Pruteanu
d87451afd6
Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel 2024-01-30 23:04:46 +02:00
Ionut Pruteanu
6c3a9e2504
As Nuno discovered, I was accidentally adding a new line(un-needed) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:04:46 +02:00
Ionut Pruteanu
977899a468
Using again sfera_automation_pipeline's master branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:04:46 +02:00
Ionut Pruteanu
cc42640e7f
Adding newest test results for L2(rebasing siemens/rhel9/devel onto devel) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:04:45 +02:00
Ionut Pruteanu
8ef461040a
new branch in Sfera_automation_pipeline, OIDC-testing 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:04:45 +02:00
Ionut Pruteanu
e62d048d99
Fixing conflicts after rebasing branch:"/siemens/rhel9/devel" onto up-to-date "devel" branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:04:45 +02:00
root@DERVISHx
a3ddf8ff20
Fixing conflicts after rebasing current feature branch onto 'devel' 2024-01-30 23:04:37 +02:00
Marcin Dulinski
0dab713974
Solved minor conflicts in defaults/main.yml file, when re-basing 
Signed-off-by: Marcin Dulinski <martin@dulin.me.uk>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:01:33 +02:00
Ionut Pruteanu
efdff71e84
Removing not useful line from docs 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:01:33 +02:00
Ionut Pruteanu
f90a67987d
Revert "Added vars for streams." 
[IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since
we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal.

This reverts commit a57333dcf1.

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:01:32 +02:00
Ionut Pruteanu
674e0fdf31
Improving doc for journald log parameters. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:01:32 +02:00
Ionut Pruteanu
945e020e6a
Documenting usage of chrony variables. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 23:01:23 +02:00
Ionut Pruteanu
6744d901bc
Merge branch 'siemens/feat/document_main_variables' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables 2024-01-30 22:48:57 +02:00
Ionut Pruteanu
159a06dab3
Finalising the docs content & syntax 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:48:46 +02:00
root@DERVISHx
d1434f6b5b
Rebasing 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2024-01-30 22:41:04 +02:00
root@DERVISHx
5815c43654
Added vars for streams. 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:33:02 +02:00
Ionut Pruteanu
e40d8cb58c
Fixing conflicts 
Last docs part - additions

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:32:47 +02:00
Ionut Pruteanu
85ed8ce781
Doc additions for: 
- Sections 2.2 && 2.3
- Section 3
- Section 4.1

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:28:20 +02:00
Ionut Pruteanu
490a47eb0f
Doc additions for: 
- Yum repos,
- bootloader,
- crypto policies,
- SELinux
- NTP

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:28:20 +02:00
Ionut Pruteanu
65aed536fa
Fixing conflicts after rebase --continue 
Small additions to first part of documentation.

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:27:43 +02:00
root@DERVISHx
b262d0a3e8
Solving conflicts after latest rebase 
~~~~~
Document variables in defaults/main.yml, Fix 5 from devel

Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
 2024-01-30 22:22:46 +02:00
root@DERVISHx
a6213412cb
Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel 2024-01-30 22:16:00 +02:00
Ionut Pruteanu
7641fd3684
As Nuno discovered, I was accidentally adding a new line(un-needed) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:16:00 +02:00
Ionut Pruteanu
af7e032d34
Using again sfera_automation_pipeline's master branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:16:00 +02:00
Ionut Pruteanu
3b91e9ca5f
Adding newest test results for L2. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:16:00 +02:00
Ionut Pruteanu
8815f14e02
new branch in Sfera_automation_pipeline, OIDC-testing 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:16:00 +02:00
Ionut Pruteanu
ad107e79c5
As Nuno discovered, I was accidentally adding a new line(un-needed) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:15:59 +02:00
Ionut Pruteanu
4dff7f01b3
Naming the Ansible vars in tesfile properly, with respect to rhel9 tasks. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:15:59 +02:00
Ionut Pruteanu
8bcb3c2be7
Using again sfera_automation_pipeline's master branch 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:15:59 +02:00
Ionut Pruteanu
5884ef426e
Adding testfile with L1. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:15:59 +02:00
Ionut Pruteanu
80fd642f10
Adding newest test results for L2. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-30 22:15:59 +02:00