RHEL9-CIS

ansible-lockdown/RHEL9-CIS

Fork 1

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00

Commit graph

f11d2cc3f0

typo Svennd 2024-04-30 16:16:16 +02:00
79e36d8736

updated assert statement (#204) uk-bolly 2024-04-29 16:40:53 +01:00
e3cb3814d6

updated assert statement Mark Bolwell 2024-04-29 10:13:57 +01:00
b77dc8a0ec

updated assert for audit setup Mark Bolwell 2024-04-29 08:59:34 +01:00
d8f9b30182

[pre-commit.ci] pre-commit autoupdate (#202) pre-commit-ci[bot] 2024-04-25 10:44:25 +01:00
46e0fdf322

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-04-15 17:51:22 +00:00
b5bea721f1

[pre-commit.ci] pre-commit autoupdate (#200) pre-commit-ci[bot] 2024-04-15 14:04:13 +01:00
f8fcfe0e78

April_24 updates (#201) uk-bolly 2024-04-15 14:02:07 +01:00
a8d8220295

added prelim to includes Mark Bolwell 2024-04-15 13:36:48 +01:00
1457ea01e2

updated Mark Bolwell 2024-04-15 09:44:24 +01:00
8622a26b95

fixed naming Mark Bolwell 2024-04-15 09:43:01 +01:00
05fee15cb4

updates for audit section Mark Bolwell 2024-04-15 09:29:19 +01:00
f83e73c1a1

addressed #197 thanks to @mark-tomich Mark Bolwell 2024-04-12 10:38:40 +01:00
ff296e7e9b

Merge branch 'devel' into April_24 Mark Bolwell 2024-04-10 08:29:21 +01:00
7c75856fc2

updated Mark Bolwell 2024-04-10 08:25:35 +01:00
2413eb3d4d

fixed logic 6.2.10 Mark Bolwell 2024-04-10 08:16:19 +01:00
4baa4d735b

improved new variable usage Mark Bolwell 2024-04-10 07:56:52 +01:00
af2ffa2368

tidy up Mark Bolwell 2024-04-10 07:56:11 +01:00
be9ee540d1

audit moved to prelim Mark Bolwell 2024-04-10 07:55:20 +01:00
0803f90da2

removed unneeded vars Mark Bolwell 2024-04-10 07:52:59 +01:00
c9071b361d

moved audit added discoveries Mark Bolwell 2024-04-10 07:51:31 +01:00
7ed5c9c6bb

consistent quotes around mode Mark Bolwell 2024-04-09 16:36:53 +01:00
4ade48536f

updated pre-commit version Mark Bolwell 2024-04-09 16:34:30 +01:00
2d5ec1d474

Additional vars for issue #190 Mark Bolwell 2024-04-09 16:31:41 +01:00
44911b81c3

Addressed issue #190 Mark Bolwell 2024-04-09 16:30:56 +01:00
7c53c0d96e

PR - #198 addressed thanks to @brakkio86 Mark Bolwell 2024-04-09 16:29:49 +01:00
9bc967a71e

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-04-08 17:54:37 +00:00
835cd41c8a

removing the async because we need the results of the init in the subsequent step Mark Tomich 2024-03-29 14:12:12 -04:00
ce56162830

change aide path (as like STIG) Francesco Trentini 2024-03-29 11:06:31 +01:00
1bf405811e

4Upstream: Adjusting strings used for user-shells conditionals Pruteanu 2024-03-11 17:26:49 +02:00
a233ccc96b

Chage tool related settings: max-days, min-days and warn-age, for getting CIS-Passes on rules 5.6.1.{1-3} Pruteanu 2024-03-11 09:38:22 +02:00
c21550ac39 [pre-commit.ci] pre-commit autoupdate (#178) pre-commit-ci[bot] 2024-03-05 18:39:12 +00:00
918f93661b [pre-commit.ci] pre-commit autoupdate (#192) pre-commit-ci[bot] 2024-03-25 11:10:05 +00:00
3a633d6b47 Address issues in 4.1.1.2 and 4.1.1.3 including idempotent status (#188) RoboPickle 2024-03-14 17:13:34 +00:00
5c40f36aa5 [pre-commit.ci] pre-commit autoupdate (#178) pre-commit-ci[bot] 2024-03-05 18:39:12 +00:00
bab24475fd

Merge pull request #3 from gbrcir1/patch-1 Stefan Popa 2024-03-26 10:31:09 +02:00
947844d5b4

Update cis_5.3.x.yml Razvan Cirdei 2024-03-26 08:27:01 +00:00
e87d637eb2

[pre-commit.ci] pre-commit autoupdate (#192) pre-commit-ci[bot] 2024-03-25 11:10:05 +00:00
fe6fca34c9

enhance regexp for "Ensure sudo log file exists" task Francesco Trentini 2024-03-22 09:25:39 +01:00
4d90fed61b

remove quotes in sudoers file in order to pass openscap security scan Francesco Trentini 2024-03-21 16:12:58 +01:00
499a547a33

fix typo on set password-auth retry settings Francesco Trentini 2024-03-20 17:41:17 +01:00
8621a565f9

add set password-auth remember settings Francesco Trentini 2024-03-20 17:40:46 +01:00
d8b80d53cc

Create local.yml Stefan Popa 2024-03-20 10:46:31 +00:00
905edbe25a

Update main.yml Stefan Popa 2024-03-20 10:42:35 +00:00
f4bfa754f9

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-03-18 17:48:46 +00:00
6eeae19517

Address issues in 4.1.1.2 and 4.1.1.3 including idempotent status (#188) RoboPickle 2024-03-14 17:13:34 +00:00
f3be71b20b

4Upstream: Adjusting strings used for user-shells conditionals Pruteanu 2024-03-11 17:26:49 +02:00
504c553224

March 24 to devel (#186) uk-bolly 2024-03-06 16:52:38 +00:00
e2de95206a

Gpg import for rhel servers (#185) uk-bolly 2024-03-06 09:10:06 +00:00
51da48ed2c

[pre-commit.ci] pre-commit autoupdate (#178) pre-commit-ci[bot] 2024-03-05 18:39:12 +00:00
e4d6b7d102

Chage tool related settings: max-days, min-days and warn-age, for getting CIS-Passes on rules 5.6.1.{1-3} Pruteanu 2024-03-11 09:38:22 +02:00
dcf8f0bf11

Merge branch 'devel' into bug_4112 John Foster 2024-03-08 08:51:09 +00:00
28ca5d18b3

Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent John Foster 2024-03-08 08:44:04 +00:00
2db001e7cb

Fixed issues with 4.1.1.2 and 4.1.1.3 Now handle multiple kernels and are idempotent John Foster 2024-03-08 07:46:47 +00:00
7d7b6132f4

March 24 to devel (#186) uk-bolly 2024-03-06 16:52:38 +00:00
f3ec4bd2bf

enable OS check Mark Bolwell 2024-03-06 15:48:24 +00:00
c636e774c2

typo and ssh allow_deny comments Mark Bolwell 2024-03-06 15:47:43 +00:00
2d9b93d9de

updated credits Mark Bolwell 2024-03-06 10:29:55 +00:00
91b272baee

PT #184 addressed thansk to @ipruteanu-sie Mark Bolwell 2024-03-06 10:27:58 +00:00
112cf5ae8c

Addressed PR #165 thanks to @ipruteanu-sie Mark Bolwell 2024-03-06 10:23:27 +00:00
1b655bb473

PR #180 thanks to @ipruteanu-sie and @raabf Mark Bolwell 2024-03-06 09:28:18 +00:00
bf7df3fea2

issue #182, PR #183 thansk to @ipruteanu-sie Mark Bolwell 2024-03-06 09:21:46 +00:00
b31ece0ce8

Issue #170, PR #181 thanks to @ipruteanu-sie Mark Bolwell 2024-03-06 09:19:30 +00:00
0f58436212

Gpg import for rhel servers (#185) uk-bolly 2024-03-06 09:10:06 +00:00
0215412e9b

[pre-commit.ci] pre-commit autoupdate (#178) pre-commit-ci[bot] 2024-03-05 18:39:12 +00:00
794cf162ae

fix missing facts Mark Bolwell 2024-03-05 18:15:07 +00:00
4f7fde331f

1.2.1 force gpg import rhel Mark Bolwell 2024-03-05 17:42:16 +00:00
76f2f5ae89

Fix YAML-Lint error by removing empty-line Pruteanu 2024-02-23 14:27:05 +02:00
6fd2c758e4

Cleaning up references for authconfig in this repo as well, syntax-error for tags as well Pruteanu 2024-02-23 14:20:31 +02:00
2d1a80fc7e

change logic thanks to @rjacobs1990 see #175 Mark Bolwell 2024-02-19 14:17:11 +00:00
849d7fdd84

Using in defaults file same var-name as the actual ones which are in use for SSH-tasks Pruteanu 2024-02-22 15:52:21 +02:00
f3a9100734

Small changes, improved consistency Pruteanu 2024-02-16 18:59:31 +02:00
f6c02ed010

Raw cherry-pick of commits: d53e3ed350 && a84cf8f771 Pruteanu 2024-02-21 14:45:46 +02:00
d53e3ed350

Adding CIS default expectation for ClientAliveInterval Pruteanu 2024-02-21 14:05:33 +02:00
40bc7aa082

Feb24 updates (#179) uk-bolly 2024-02-20 15:43:43 +00:00
7b164fdaf7

fix typo for virt type query Mark Bolwell 2024-02-20 11:30:49 +00:00
3d3d307f29

updated Mark Bolwell 2024-02-20 11:29:55 +00:00
fbe348c9a8

updated fqcn fo json_query Mark Bolwell 2024-02-20 11:28:48 +00:00
6469a65e76

updated yamllint precommit Mark Bolwell 2024-02-20 10:42:44 +00:00
45f5ed12a8

removed rp_filter in post added in error Mark Bolwell 2024-02-20 10:41:04 +00:00
911f22491e

Added updates from #115 Mark Bolwell 2024-02-20 10:39:54 +00:00
0e60c2268f

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-02-19 17:48:32 +00:00
f6e26ffb98

thanks to @sgomez86 #146 Mark Bolwell 2024-02-19 14:53:03 +00:00
f0ebe395a5

Thanks to @stwongst #125 Mark Bolwell 2024-02-19 14:33:38 +00:00
0c0dde24db

thanks to @ipruteani-sie #134 Mark Bolwell 2024-02-19 14:19:49 +00:00
8e7e73bbb4

change logic thanks to @rjacobs1990 see #175 Mark Bolwell 2024-02-19 14:17:11 +00:00
06ec3de5c4

Merge pull request #175 from rjacobs1990/bugfix/fix-permissions-logfiles uk-bolly 2024-02-19 14:16:21 +00:00
96536cc908

Merge pull request #177 from RoboPickle/bugfix_5_3_4 uk-bolly 2024-02-19 12:16:51 +00:00
467434a56f

Added blank line between each named task for consistency. John Foster 2024-02-19 12:03:08 +00:00
3313a1f2c3

Merge pull request #131 from siemens/siemens/feat/replacingVarAuditCopyPath uk-bolly 2024-02-19 11:53:01 +00:00
03e2a28653

Merge pull request #174 from bbaassssiiee/bugfix/sshd uk-bolly 2024-02-19 11:44:42 +00:00
21f24b45a1

Merge pull request #169 from Illibur/patch-1 uk-bolly 2024-02-19 11:37:29 +00:00
f9dbbee1ec

Merge pull request #167 from ansible-lockdown/pre-commit-ci-update-config uk-bolly 2024-02-19 11:35:19 +00:00
e3f5522824

Merge pull request #166 from siemens/siemens/feat/BgrubbyUsageForParams uk-bolly 2024-02-19 11:34:52 +00:00
cc6522f276

Merge pull request #164 from siemens/siemens/feat/Refactor_Document_main_variables uk-bolly 2024-02-19 11:29:34 +00:00
488a4d5bff

Merge pull request #150 from numericillustration/devel uk-bolly 2024-02-19 11:27:29 +00:00
e100b02f44

Updated cis_6.1.x.yml to avoid deprecation warning as per Illibur's findings in issue #168. Changed vars on line 233 to use dictionary. John Foster 2024-02-16 15:06:27 +00:00
0e89fedfca

Adjusted tasks/main.yml indentation after running precommit checks John Foster 2024-02-15 10:17:41 +00:00
1c7990cecd

fixing some mismatched tags and tasks in 5.6.1.x Michael Hicks 2023-12-21 15:12:01 -08:00
7fde313f85

Main task was failing when using an AD account to connect to host. With an AD account there isn't an entry in the /etc/shadow file. This caused the password length check to treat it as a zero length password. Now local password check is skipped for AD account. Also added an additional check for a locked local account for the sudo user. John Foster 2024-02-13 15:37:39 +00:00