RHEL9-CIS

ansible-lockdown/RHEL9-CIS

Fork 1

mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 07:23:07 +00:00

Commit graph

0a98ad4aea

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-02-12 17:38:29 +00:00
742165cd72

fix: more readable condition and prevent skipping 0600 #173 rjacobs1990 2024-02-12 16:21:31 +01:00
8652390beb

fix: idempotency molecule issue fixed for logfiles and prevent skipping 0600 #173 rjacobs1990 2024-02-12 15:55:42 +01:00
c805ee398b

fix: idempotency molecule issue fixed for logfiles #173 rjacobs1990 2024-02-12 14:47:12 +01:00
cc7f9ccfd0

X11Forwarding found in /etc/ssh/sshd_config.d/50-redhat.conf Bas Meijer 2024-02-10 00:27:33 +01:00
baf8987a5f

PermitRootLogin found in /etc/ssh/sshd_config.d/01-permitrootlogin.conf Bas Meijer 2024-02-09 22:32:09 +01:00
f90057c00e X11Forwarding found in /etc/ssh/sshd_config.d/50-redhat.conf Bas Meijer 2024-02-10 00:27:33 +01:00
e747039ad8 PermitRootLogin found in /etc/ssh/sshd_config.d/01-permitrootlogin.conf Bas Meijer 2024-02-09 22:32:09 +01:00
c51712e910

Check_mode: false, otherwise gets skipped Ionut Pruteanu 2024-02-06 22:40:07 +02:00
54a7f901e7

Merge branch 'siemens/feat/5_2_20_Wrong_Value_clientalivecountmax' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/5_2_20_Wrong_Value_clientalivecountmax Ionut Pruteanu 2024-02-06 21:12:49 +02:00
42f0ce406f

Fixing conflicts caused by docs addition <> default value changed, thrown during Rebase Ionut Pruteanu 2024-02-06 21:12:07 +02:00
09272d06ff Fixing conflict when changed value from 0>3(caused by previous lines added by docs). Ionut Pruteanu 2024-02-06 20:03:07 +01:00
a84cf8f771

Rule 5.2.20 expects values different than 0, but previous form of the task was setting CountMax to 0 Ionut Pruteanu 2024-02-06 20:42:39 +02:00
fcab25c61f

Update cis_6.1.x.yml Illibur 2024-02-06 18:46:30 +02:00
d26d1162a7 Merge branch 'siemens/feat/BgrubbyUsageForParams' into 'siemens/rhel9/devel' Ionut Pruteanu 2024-02-01 13:36:42 +01:00
ead88e8794 Merge branch 'siemens/feat/b5_6_5_pam-d_files_session' into 'siemens/rhel9/devel' Ionut Pruteanu 2024-02-01 13:32:15 +01:00
9c1a473400 Merge branch 'siemens/feat/Refactor_Document_main_variables' into 'siemens/rhel9/devel' Ionut Pruteanu 2024-02-01 13:13:43 +01:00
057afdc9ff

[IP] New branch was created, so a new merge will be done. Revert "Merge branch 'siemens/feat/document_main_variables' into siemens/rhel9/devel" Ionut Pruteanu 2024-02-01 13:54:48 +02:00
936218ea95

Merge branch 'siemens/feat/bUSE_authSelectOptions' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/bUSE_authSelectOptions Ionut Pruteanu 2024-01-31 21:51:23 +02:00
c60167af3c

[IP] Rebased and fixed conflicts. Ionut Pruteanu 2024-01-17 19:19:22 +02:00
f0e4768efd

RH9 does not require extra authselect options(just with-faillock). Therefore var-attr is not needed anymore. Ionut Pruteanu 2024-01-17 19:06:21 +02:00
e2738f0a44

Fixing indentation for lines reported by yamllint Ionut Pruteanu 2024-01-31 21:31:14 +02:00
18803420f0

Replacing secure-configuration of 'audit' and 'audit_backlog_limit' from the /etc/default/grub approach to grubby(actually used by CIS) Ionut Pruteanu 2024-01-26 16:52:28 +02:00
594e52a21d

Solving conflicts after previous commit: Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth} Ionut Pruteanu 2024-01-30 20:51:32 +02:00
24faf8643b

Merge branch 'siemens/feat/5_6_5_pam-d_files_session' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/5_6_5_pam-d_files_session Ionut Pruteanu 2024-01-31 20:49:17 +02:00
b71e9475f2

Solving conflicts after previous commit: Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth} Ionut Pruteanu 2024-01-30 20:51:32 +02:00
eae587c972

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-01-22 17:33:49 +00:00
3504ee9781

Update cis_1.1.7.x.yml Joshua Hemmings 2024-01-10 16:11:27 +01:00
f227fd5852

Update cis_6.2.x.yml Joachim la Poutré 2024-01-03 11:20:08 +01:00
dd3c4cb4c7

Update cis_6.1.x.yml Joachim la Poutré 2024-01-03 11:18:52 +01:00
f7d3028816

Update cis_5.6.1.x.yml Joachim la Poutré 2024-01-03 11:16:20 +01:00
060e17b204

Update cis_5.6.1.x.yml Joachim la Poutré 2024-01-03 11:15:11 +01:00
3f3b53d3ad

Update cis_1.8.x.yml Joachim la Poutré 2024-01-03 11:13:32 +01:00
0e43e4900e

Update cis_1.3.x.yml Joachim la Poutré 2024-01-03 11:12:06 +01:00
3ada3b9adb

Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured Ionut Pruteanu 2023-12-20 22:21:14 +02:00
bdf0036eb2

Storing max_log_file under rhel9cis_auditd dict variable. Ionut Pruteanu 2023-12-20 21:58:49 +02:00
47878df929

Merge branch 'siemens/feat/5_6_5_pam-d_files_session' of github.com:siemens/RHEL9-CIS into siemens/feat/5_6_5_pam-d_files_session Ionut Pruteanu 2024-01-31 20:38:49 +02:00
549d510747

Solving conflicts after previous commit: Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth} Ionut Pruteanu 2024-01-30 20:51:32 +02:00
05ec867166

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-01-22 17:33:49 +00:00
3581793d8e

Documenting also new added(space_left & admin_space_left) Ionut Pruteanu 2024-01-31 20:31:03 +02:00
f2a2757d1b

Fixing yaml-lint errors Ionut Pruteanu 2024-01-31 20:30:25 +02:00
a83678e9ce

Removing statement about SSH precedence vars. Ionut Pruteanu 2024-01-31 20:27:07 +02:00
c70c23680a

Aplying patch to be used for extending-documentation Ionut Pruteanu 2024-01-31 10:26:10 +02:00
3e8072f6c5

Merge branch 'siemens/feat/document_main_variables' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables Ionut Pruteanu 2024-01-31 09:39:57 +02:00
be5f7b3692

Solved minor conflicts in defaults/main.yml file, when re-basing Marcin Dulinski 2023-11-22 09:17:15 +00:00
5fac29aea9

Removing not useful line from docs Ionut Pruteanu 2024-01-19 16:16:18 +02:00
be15cf7cf7

Revert "Added vars for streams." [IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal. Ionut Pruteanu 2024-01-19 15:55:42 +02:00
e7fc328aaa

Added vars for streams. root@DERVISHx 2023-12-27 15:39:46 +00:00
a63d154a8d

Rebase ~~~ root@DERVISHx 2023-11-24 15:38:40 +00:00
3e18bf15cc

Solved minor conflicts in defaults/main.yml file, when re-basing Marcin Dulinski 2023-11-22 09:17:15 +00:00
4a5154538b

Removing not useful line from docs Ionut Pruteanu 2024-01-19 16:16:18 +02:00
e2cc850a74

Revert "Added vars for streams." [IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal. Ionut Pruteanu 2024-01-19 15:55:42 +02:00
4c11b4a53a

Improving doc for journald log parameters. Ionut Pruteanu 2024-01-19 15:37:44 +02:00
6a07d25daf

Added vars for streams. root@DERVISHx 2023-12-27 15:39:46 +00:00
a9981edb4a

Finalising the docs content & syntax Ionut Pruteanu 2024-01-17 20:17:21 +02:00
e44c45d1a2

Changes after rebasing. Ionut Pruteanu 2024-01-30 23:49:27 +02:00
0464c937c5

Doc additions for: - Sections 2.2 && 2.3 - Section 3 - Section 4.1 Ionut Pruteanu 2023-12-07 22:53:01 +02:00
13db3ab89e

Doc additions for: - Yum repos, - bootloader, - crypto policies, - SELinux - NTP Ionut Pruteanu 2023-12-06 22:20:32 +02:00
39acb53d30

Rebasing after: ~~~ Small additions to first part of documentation. Ionut Pruteanu 2023-12-05 21:01:06 +02:00
71c2f804a0

Document variables in defaults/main.yml, Fix 5 from devel root@DERVISHx 2023-11-29 15:50:23 +00:00
898659edbf

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-01-22 17:33:49 +00:00
2f820a811c

Update cis_1.1.7.x.yml Joshua Hemmings 2024-01-10 16:11:27 +01:00
ed8039ad55

Update cis_6.2.x.yml Joachim la Poutré 2024-01-03 11:20:08 +01:00
8f39b97923

Update cis_6.1.x.yml Joachim la Poutré 2024-01-03 11:18:52 +01:00
6c2358084f

Update cis_5.6.1.x.yml Joachim la Poutré 2024-01-03 11:16:20 +01:00
fa8c680420

Update cis_5.6.1.x.yml Joachim la Poutré 2024-01-03 11:15:11 +01:00
b80031be14

Update cis_1.8.x.yml Joachim la Poutré 2024-01-03 11:13:32 +01:00
e5f8044509

Update cis_1.3.x.yml Joachim la Poutré 2024-01-03 11:12:06 +01:00
70a18cd8ff

Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured Ionut Pruteanu 2023-12-20 22:21:14 +02:00
9e7cf73aed

Storing max_log_file under rhel9cis_auditd dict variable. Ionut Pruteanu 2023-12-20 21:58:49 +02:00
397ff0a553

Adding new entry in /etc/pam.d/system-auth root@DERVISHx 2023-11-10 15:28:12 +00:00
de3a25dd3a

Adding missing lines to sysctl.d/50-default.conf Bernd Grobauer 2023-10-12 12:56:20 +02:00
1d609e10cb

Remove trailing comma to align with other roles Joshua Hemmings 2024-01-09 09:17:00 +01:00
46cd4b67eb

whole section defined in cis_4.2.1.x.yml gets executed only when: rhel9cis_syslog == 'rsyslog', having same condition is redundant and may confuse users. Ionut Pruteanu 2023-12-08 12:03:00 +02:00
72ba83fbaa

Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) Ionut Pruteanu 2023-12-08 12:01:10 +02:00
f3082dd02e

Using rhel9cis_authselect['options'], otherwise not used at all Ionut Pruteanu 2023-12-08 16:44:30 +02:00
7da06eeaa8

find hidden files in /var/log for 4.3.2 Corey Reid 2023-10-19 13:19:07 +01:00
50bf410a7b

Using correct conditional for Task relying on 'firewall-cmd --get-active-zones' cmd Ionut Pruteanu 2023-12-07 20:38:20 +02:00
b40c5813fb

Using correct conditional for ftpd Ionut Pruteanu 2023-12-07 18:58:02 +02:00
e1cf40c5d2

Masking service when server package is needed Ionut Pruteanu 2023-12-07 18:10:09 +02:00
bf94c2f708

Timeout value defined in defaults/main.yml file not used Ionut Pruteanu 2023-12-05 20:40:50 +02:00
973af36ed0

Removing redundant conditional statements Ionut Pruteanu 2023-12-05 14:42:51 +02:00
495355b067

Fixed chrony configuration options Marcin Dulinski 2023-11-22 09:17:15 +00:00
d2df59f8e9

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2023-12-04 17:36:20 +00:00
844a351155

Update cis_5.6.1.x.yml Senih 2023-11-23 12:02:37 -08:00
22a7e32750

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2023-11-20 17:35:48 +00:00
437db7b2a6

fixed typo Mark Bolwell 2023-11-21 12:37:09 +00:00
e769b97e1a

updated benchmark name Mark Bolwell 2023-11-21 12:28:06 +00:00
1752212eb3

fixed benchmark_name Mark Bolwell 2023-11-21 10:11:08 +00:00
bc4be734f7

updated Mark Bolwell 2023-11-21 10:00:27 +00:00
9f16c3ce49

removed dupe line Mark Bolwell 2023-11-21 09:50:11 +00:00
df63880353

addition of audit_only config Mark Bolwell 2023-11-21 09:49:36 +00:00
9f6c9adb42

audit variables seperated Mark Bolwell 2023-11-21 09:48:49 +00:00
463ba0a718

[pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2023-11-13 17:46:18 +00:00
6c86a8dd19

updated workflow for galaxy and versions Mark Bolwell 2023-10-31 15:21:19 +00:00
ba769cac5b

updated collections Mark Bolwell 2023-10-06 22:02:41 +01:00
99bfe893b0

updated 5.6.5 Mark Bolwell 2023-09-22 08:44:43 +01:00
2819352701

updated Mark Bolwell 2023-09-21 16:26:28 +01:00
d12a4b2a56

quoted file mode Mark Bolwell 2023-09-21 16:25:59 +01:00
d7cfb0c64c

updated Mark Bolwell 2023-09-21 15:45:49 +01:00