mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2026-03-26 14:37:13 +00:00
Compare commits
20 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b98381fcd8 | ||
|
|
663f84d1fe | ||
|
|
9bab97dccc | ||
|
|
751fac8a0c | ||
|
|
25b4bb780c | ||
|
|
3d502efaef | ||
|
|
f4a0bca52a | ||
|
|
ef2b7dca5d | ||
|
|
81a929961a | ||
|
|
16cb6a4617 | ||
|
|
151896e113 | ||
|
|
306eb59b88 | ||
|
|
7661bc0963 | ||
|
|
00e6f196b5 | ||
|
|
4567a0baad | ||
|
|
10dc297e9a | ||
|
|
21a886a81c | ||
|
|
759bbbad7e | ||
|
|
8bbccd6b62 | ||
|
|
beaeb3a181 |
4 changed files with 4 additions and 13 deletions
|
|
@ -42,13 +42,13 @@ repos:
|
|||
name: Detect Secrets test
|
||||
|
||||
- repo: https://github.com/gitleaks/gitleaks
|
||||
rev: v8.30.1
|
||||
rev: v8.30.0
|
||||
hooks:
|
||||
- id: gitleaks
|
||||
name: Run Gitleaks test
|
||||
|
||||
- repo: https://github.com/ansible-community/ansible-lint
|
||||
rev: v26.3.0
|
||||
rev: v26.1.1
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
name: Ansible-lint
|
||||
|
|
|
|||
|
|
@ -959,13 +959,6 @@ rhel9cis_ssh_maxsessions: 4
|
|||
# This variable defines the path and file name of the sudo log file.
|
||||
rhel9cis_sudolog_location: "/var/log/sudo.log"
|
||||
|
||||
## Control 5.2.4 - Ensure users must provide password for escalation
|
||||
# The following variable specifies a list of users that should not be required to provide a password
|
||||
# for escalation. Feel free to edit it according to your needs.
|
||||
rhel9cis_sudoers_exclude_nopasswd_list:
|
||||
- ec2-user
|
||||
- vagrant
|
||||
|
||||
## Control 5.2.x - Ensure sudo authentication timeout is configured correctly
|
||||
# This variable sets the duration (in minutes) during which a user's authentication credentials
|
||||
# are cached after successfully authenticating using "sudo". This allows the user to execute
|
||||
|
|
@ -1111,7 +1104,7 @@ rhel9cis_passwd_dictcheck_file: etc/security/pwquality.conf.d/50-pwdictcheck.con
|
|||
rhel9cis_passwd_dictcheck_value: 1
|
||||
|
||||
# 5.3.3.2.7 - Ensure password quality is enforced for the root user
|
||||
rhel9cis_passwd_quality_enforce_file: etc/security/pwquality.conf.d/50-pwroot.conf # pragma: allowlist secret
|
||||
rhel9cis_passwd_quality_enforce_file: etc/security/pwquality.conf.d/50-pwquality_enforce.conf # pragma: allowlist secret
|
||||
rhel9cis_passwd_quality_enforce_value: 1
|
||||
rhel9cis_passwd_quality_enforce_root_value: enforce_for_root # pragma: allowlist secret
|
||||
|
||||
|
|
|
|||
|
|
@ -259,8 +259,6 @@
|
|||
|
||||
- name: "PRELIM | PATCH | sshd_config.d/50-redhat.conf exists"
|
||||
when: rhel9cis_rule_5_1_10 or rhel9cis_rule_5_1_11
|
||||
tags:
|
||||
- always
|
||||
ansible.builtin.stat:
|
||||
path: /etc/ssh/sshd_config.d/50-redhat.conf
|
||||
register: prelim_sshd_50_redhat_file
|
||||
|
|
|
|||
|
|
@ -340,7 +340,7 @@
|
|||
- system
|
||||
notify: Authselect update
|
||||
|
||||
- name: "5.3.3.2.7 | PATCH | Ensure password quality is enforced for the root user"
|
||||
- name: "5.3.3.2.7 | PATCH | Ensure password quality checking is enforced"
|
||||
when: rhel9cis_rule_5_3_3_2_7
|
||||
tags:
|
||||
- level1-server
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue