RHEL9-CIS

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00

Author	SHA1	Message	Date
Joachim la Poutré	ed8039ad55	Update cis_6.2.x.yml Corrected tag: rule_6.2.3 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	8f39b97923	Update cis_6.1.x.yml Corrected tags: rule_6.1.8 & rule_6.1.12 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	6c2358084f	Update cis_5.6.1.x.yml Corrected tag: rule_5.6.1.5 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:16 +02:00
Joachim la Poutré	fa8c680420	Update cis_5.6.1.x.yml Corrected tag: rule_5.6.1.1 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Joachim la Poutré	b80031be14	Update cis_1.8.x.yml Corrected tag rule_1.8.10 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Joachim la Poutré	e5f8044509	Update cis_1.3.x.yml Correction to "when": 1_3_3 Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	70a18cd8ff	Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	9e7cf73aed	Storing max_log_file under `rhel9cis_auditd` dict variable. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
root@DERVISHx	397ff0a553	Adding new entry in /etc/pam.d/system-auth Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Bernd Grobauer	de3a25dd3a	Adding missing lines to sysctl.d/50-default.conf Signed-off-by: Bernd Grobauer <bernd.grobauer@siemens.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Joshua Hemmings	1d609e10cb	Remove trailing comma to align with other roles Signed-off-by: Joshua Hemmings <josh@hemmings.ch> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	46cd4b67eb	whole section defined in cis_4.2.1.x.yml gets executed only `when: rhel9cis_syslog == 'rsyslog'`, having same condition is redundant and may confuse users. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	72ba83fbaa	Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	f3082dd02e	Using rhel9cis_authselect['options'], otherwise not used at all Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Corey Reid	7da06eeaa8	find hidden files in /var/log for 4.3.2 Signed-off-by: Corey Reid <corey.nathan.reid@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	50bf410a7b	Using correct conditional for Task relying on 'firewall-cmd --get-active-zones' cmd Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	b40c5813fb	Using correct conditional for ftpd Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	e1cf40c5d2	Masking service when server package is needed Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:15 +02:00
Ionut Pruteanu	973af36ed0	Removing redundant conditional statements Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Senih	844a351155	Update cis_5.6.1.x.yml Typo fixed from: - rule_5.5.1.3 to: - rule_5.6.1.3 Signed-off-by: Senih <40578755+senihucar@users.noreply.github.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	df63880353	addition of audit_only config Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	9f6c9adb42	audit variables seperated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:14 +02:00
Mark Bolwell	99bfe893b0	updated 5.6.5 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	d12a4b2a56	quoted file mode Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	d94bd7476c	added pragma allowed Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	2e1f17169b	fix filename Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	c7899232f5	import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	02b6660733	import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	90515c8c9a	updated test Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	4f5e935a7f	import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	c82dd0c783	lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:13 +02:00
Mark Bolwell	438ae32026	updated test and control Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:12 +02:00
Mark Bolwell	7be36c4fff	new var rhel9cis_rhel_default_repo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:12 +02:00
Mark Bolwell	ff9a8eb2e7	#54 merged into new layout Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:12 +02:00
Mark Bolwell	84fe76b3fe	removed quotes not required Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:12 +02:00
Mark Bolwell	6d66ec2041	updated comment on rule 1.2.1 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:11 +02:00
Mark Bolwell	da7fa4d343	updated audit vars naming, AMD & ARM binaries Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:10 +02:00
Mark Bolwell	f8f39042fb	fix typo in bashrc path Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:10 +02:00
Mark Bolwell	1e3dea076b	updated 5.6.5 logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:09 +02:00
Mark Bolwell	80ee111c7c	updated lint Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:09 +02:00
Mark Bolwell	5b766c47b3	lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>	2024-01-31 08:30:09 +02:00
Mark Bolwell	a791c81cf2	5.5.3 fix and update Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-07-26 11:42:21 +01:00
Mark Bolwell	7c34f61d11	#72 improve password check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-07-26 08:50:53 +01:00
Marco V	cfe7f8c852	Refactored the when statement layout Signed-off-by: Marco V <marco@osp.nl>	2023-07-24 17:56:03 +02:00
c59099	9e8ecee964	- Added extra checks in using loop items in when statement - Fixed typo in handler name Signed-off-by: Marco V <marco@osp.nl>	2023-07-24 17:56:03 +02:00
Luca Berton	9709779492	Fix 2.2.14 Corrected rule 2.2.14 Ensure dnsmasq is not installed (Automated). Signed-off-by: Luca Berton <luca@ansiblepilot.com>	2023-07-06 21:30:09 +02:00
Mark Bolwell	fe1bddf15b	typo fix Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-06-28 11:45:58 +01:00
Mark Bolwell	612bb01895	fixed error in assert user password set Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-06-28 11:34:15 +01:00
Mark Bolwell	ddec58c419	#66 5.6.5 regex improvment Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>	2023-06-28 10:49:55 +01:00
uk-bolly	4004b1b4c3	Merge pull request #67 from jakejellinek/patch-1 Update cis_1.3.x.yml	2023-06-21 08:00:38 +01:00

1 2 3 4 5 ...

314 commits