RHEL9-CIS

ansible-lockdown/RHEL9-CIS

Fork 1

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-05-09 23:33:53 +00:00

Commit graph

02008339b4

updated regex Mark Bolwell 2025-06-16 17:18:22 +01:00
2724faf1fc

50-redhat.conf var naming update Mark Bolwell 2025-06-16 17:17:00 +01:00
1537bf72df

5-redhat.conf var naming Mark Bolwell 2025-06-16 17:16:26 +01:00
2eb85294c8

Updated conditionals for audit steps Mark Bolwell 2025-06-16 17:15:42 +01:00
ce3ae8361e

Updated logic for root password check Mark Bolwell 2025-06-16 17:14:58 +01:00
6770e5a4ff

added check_mode false to task Mark Bolwell 2025-06-16 17:13:53 +01:00
27c7ec3604

fixed typos Mark Bolwell 2025-06-16 17:12:21 +01:00
35d0bf9c4b

updated auditing conditionals Mark Bolwell 2025-06-16 13:19:14 +01:00
ca14eeb147

updated Mark Bolwell 2025-06-16 10:18:26 +01:00
27dc592c12

Merge pull request #343 from polski-g/auditd_check_mode uk-bolly 2025-06-16 11:15:30 +02:00
7bef2eda62

added check_mode false Mark Bolwell 2025-06-16 10:12:27 +01:00
18fc4ea585

updated conditional var name and regex best practices Mark Bolwell 2025-06-16 10:08:56 +01:00
b2308ac310

fixed typos in logic Mark Bolwell 2025-06-16 10:07:55 +01:00
51b20d383d

Renamed variable to prelim Mark Bolwell 2025-06-16 10:07:27 +01:00
9f50effd30

updated logic Mark Bolwell 2025-06-16 10:01:10 +01:00
3a0ee6e9f8

update 1.3.1.6 log to grep -E Frederick Witty 2025-06-12 15:44:03 -04:00
f40d17df92

Update eprep based tasks to grep/awk Frederick Witty 2025-06-12 12:42:44 -04:00
30bb04b1d4

updates root password check Mark Bolwell 2025-06-12 12:10:44 +01:00
2f5caf836b

Merge pull request #347 from ansible-lockdown/pre-commit-ci-update-config uk-bolly 2025-06-12 12:25:49 +02:00
2ce05a345d

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2025-06-09 17:24:11 +00:00
f86803b1a7

Merge pull request #346 from ansible-lockdown/May2025Fixes Fred W. 2025-06-09 12:23:28 -04:00
dce6303302

Merge pull request #342 from ansible-lockdown/pre-commit-ci-update-config Fred W. 2025-06-09 08:33:20 -04:00
5226f14b3e

fetch of auditd logfile should run in check_mode polski-g 2025-06-06 10:03:47 -04:00
59eca28b3c

Added option to add a salt, this will allow ansible to idempotently set the password Jeffrey van Pelt 2025-06-05 22:41:33 +02:00
d08e7380d6

Added a filter plugin that will handle the GRUB password hashing for you Jeffrey van Pelt 2025-06-04 17:59:22 +02:00
fd9fec96a1 fix typo's and copy past errors Tony Goetheyn 2025-05-30 15:58:55 +02:00
e149d2b44c

prelim_interactive_users must be set in defaults else failure if there are zero such users during prelim.yml polski-g 2025-06-03 11:37:52 -04:00
1bff329a05

auditd: ensure check mode runs non-destructive call to ausyscall --dump polski-g 2025-06-03 11:35:05 -04:00
30d7e3a761

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2025-06-02 17:25:10 +00:00
f70821bf7e

Merge pull request #340 from ansible-lockdown/interactive_user_update uk-bolly 2025-05-28 18:42:20 +01:00
1416780797

Merge pull request #30 from ansible-lockdown/interactive_user_update Fred W. 2025-05-28 12:15:41 -04:00
2e3499ca8c

added missing square brace Mark Bolwell 2025-05-28 16:47:01 +01:00
3197252611

Merge branch 'benchmark_v2.0.0' into interactive_user_update Mark Bolwell 2025-05-28 16:14:18 +01:00
2256456f0e

align with public fixes Mark Bolwell 2025-05-28 16:12:31 +01:00
f2c03f1e68

variable networkmanager package and typo fixes Mark Bolwell 2025-05-28 16:11:36 +01:00
cb475d3368

fixed typo on post audit file name Mark Bolwell 2025-05-28 16:10:28 +01:00
260005415c

Aligned with public Mark Bolwell 2025-05-28 15:58:54 +01:00
7673c2ff00

Added home directory discovery Mark Bolwell 2025-05-28 15:53:41 +01:00
97abfaf9f8

updated passwd variable Mark Bolwell 2025-05-28 15:41:12 +01:00
f740d89b54

Added user home discovery Mark Bolwell 2025-05-28 15:36:39 +01:00
210535bf4f

updated loop var name Mark Bolwell 2025-05-28 15:36:04 +01:00
c4070c341b

Updated logic on 7.2.9 tasks Mark Bolwell 2025-05-28 15:35:34 +01:00
5dc2541731

Updated passwd variable name Mark Bolwell 2025-05-28 14:57:29 +01:00
f29fc9088c

fixed var naming Mark Bolwell 2025-05-28 10:53:32 +01:00
a1126618a7

Added names Mark Bolwell 2025-05-28 10:52:32 +01:00
d136bfa381

Updated variable naming for interactive_users Mark Bolwell 2025-05-28 10:22:30 +01:00
96d054b0d2

Merge pull request #338 from polski-g/groupgroup_typo uk-bolly 2025-05-28 10:02:28 +01:00
4b4033e072

Merge pull request #337 from polski-g/network_manager_package_name uk-bolly 2025-05-28 10:01:44 +01:00
9c69d1f9e0

Merge pull request #336 from polski-g/sshd_redhat_cfg_exists uk-bolly 2025-05-28 10:00:57 +01:00
e7e1f70494

Merge pull request #339 from ansible-lockdown/pre-commit-ci-update-config Fred W. 2025-05-27 13:11:13 -04:00
68579ae85e

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2025-05-26 17:23:15 +00:00
029eb6768d

Merge pull request #29 from ansible-lockdown/benchmark_v2.0.0 Fred W. 2025-05-23 14:04:54 -04:00
fb9577f7d9

Fix typo in variable name discovered_group_check polski_g 2025-05-08 10:53:27 -04:00
4e49532e20

Variablize network-manager package name polski_g 2025-05-08 10:52:21 -04:00
f564135e72

Check for existence of sshd_config.d/50-redhat.conf before trying to modify it polski_g 2025-05-08 11:17:29 -04:00
d992c12702

Check for existence of sshd_config.d/50-redhat.conf before trying to modify it polski_g 2025-05-08 11:17:29 -04:00
dcd7a2c2fa

Variablize network-manager package name polski_g 2025-05-08 10:52:21 -04:00
6b213b044b

Fix typo in variable name discovered_group_check polski_g 2025-05-08 10:53:27 -04:00
9ee1498c98

Merge pull request #332 from ansible-lockdown/may25_issues uk-bolly 2025-05-23 16:56:52 +01:00
73c84de639

Merge pull request #28 from ansible-lockdown/may25_issues uk-bolly 2025-05-23 16:33:53 +01:00
a16b6b96bc

Fix for #325 thank you @mindrb Frederick Witty 2025-05-23 11:14:58 -04:00
f83e5a69a2

interactive users ilogic improvements thanks to @polski-g Mark Bolwell 2025-05-23 16:05:01 +01:00
0e61e796c6

Fix for #325 thank you @mindrb Frederick Witty 2025-05-23 11:00:13 -04:00
cc48a0d0b5

Interactive user discovery improve thanks to @polski-g Mark Bolwell 2025-05-23 15:53:03 +01:00
4357f132a9

improved test for passwd entries Mark Bolwell 2025-05-23 15:50:41 +01:00
daf5a3f462

changed command to shell for grep Mark Bolwell 2025-05-23 15:01:16 +01:00
c23bce5c75

added check mode logic Mark Bolwell 2025-05-23 14:35:50 +01:00
15bf03c754

added check mode logic Mark Bolwell 2025-05-23 14:34:30 +01:00
b9a59b9adc

added check_mode logic Mark Bolwell 2025-05-23 14:30:30 +01:00
2b37d0d732

added check_mode logic Mark Bolwell 2025-05-23 14:30:17 +01:00
8d5a32bc39

added rhel9cis_rsyslog_ansiblemanage conditional Mark Bolwell 2025-05-23 14:25:42 +01:00
de45131085

added rhel9cis_rsyslog_ansiblemanage conditional Mark Bolwell 2025-05-23 14:25:22 +01:00
e9babc8e3b

added ignore comments in file Mark Bolwell 2025-05-23 14:22:49 +01:00
4948d3cb09

added ignore comments in file Mark Bolwell 2025-05-23 14:22:30 +01:00
90374036c4

Merge pull request #326 from ansible-lockdown/pre-commit-ci-update-config uk-bolly 2025-05-21 17:38:53 +01:00
5e2e4db20e

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2025-05-19 17:24:24 +00:00
bd60c0f554

Merge pull request #27 from ansible-lockdown/benchmark_v2.0.0 Fred W. 2025-05-15 17:06:53 -04:00
23b2909073

QA Fixes Frederick Witty 2025-05-15 16:48:44 -04:00
ee5f604a66

Merge pull request #26 from ansible-lockdown/latest Fred W. 2025-05-09 15:31:23 -04:00
1d266e61a7

Merge pull request #25 from ansible-lockdown/benchmark_v2.0.0 Fred W. 2025-05-09 15:12:17 -04:00
2c35f64f38

Merge pull request #24 from ansible-lockdown/devel Fred W. 2025-05-09 14:51:13 -04:00
15cb6db6bf

Merge pull request #324 from ansible-lockdown/fix_rhel9cis_warning_banner Fred W. 2025-04-25 14:58:15 -04:00
48c05f038f

Fix for #322 thank @mindrb Frederick Witty 2025-04-25 14:36:58 -04:00
612f416fc8

Merge pull request #323 from ansible-lockdown/fix_j2_sshd_weakciphers Fred W. 2025-04-25 13:07:07 -04:00
dd909b48c8

Fix for #320 thank you @kodebach Frederick Witty 2025-04-25 11:47:17 -04:00
c8e410928e

Merge pull request #321 from ansible-lockdown/2025update Fred W. 2025-04-23 17:33:16 -04:00
e27e413f94

Update URL in defaults/main Frederick Witty 2025-04-23 16:04:16 -04:00
42024903e3

revamp set facts premlim_ max_int_uid and prelim_min_int_uid Frederick Witty 2025-04-23 12:47:22 -04:00
350b30dfe4

prelim_ prefix added to max_int_uid and min_int_uid Frederick Witty 2025-04-22 16:32:47 -04:00
7173eba3f6

Typo fixes v2 Frederick Witty 2025-04-22 16:29:43 -04:00
de63984cd8

Typo fixes Frederick Witty 2025-04-22 16:10:53 -04:00
591f99960f

Merge pull request #23 from ansible-lockdown/2025Apr_post_audit_fix Fred W. 2025-04-15 16:25:00 -04:00
120207440c

Typo fixes Frederick Witty 2025-04-15 15:22:19 -04:00
5e6ccbaa18

Merge pull request #22 from ansible-lockdown/updates uk-bolly 2025-04-15 16:14:26 +01:00
e5f923c9be

Merge branch 'updates' into benchmark_v2.0.0 Mark Bolwell 2025-04-15 14:30:05 +01:00
4c47bb5b6b

Merge pull request #317 from ansible-lockdown/improvements uk-bolly 2025-04-15 14:06:32 +01:00
ce43c573ee

update tags and issue #311 thanks to @rilatu Mark Bolwell 2025-04-15 12:51:42 +01:00
4aeac7e662

typos and tidy up Mark Bolwell 2025-04-15 11:41:46 +01:00
b04570dfe4

removed legacy option Mark Bolwell 2025-04-15 11:40:49 +01:00
ec57b85fdf

Updated 5.3.3.1.1 regex issue #315 thanks to @jrdbarnes Mark Bolwell 2025-04-15 11:11:19 +01:00