ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 07:23:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Commit graph

  • 159a06dab3
         Finalising the docs content & syntax Ionut Pruteanu 2024-01-17 20:17:21 +02:00
  • d1434f6b5b
         Rebasing root@DERVISHx 2023-11-24 15:38:40 +00:00
  • 5815c43654
         Added vars for streams. root@DERVISHx 2023-12-27 15:39:46 +00:00
  • e40d8cb58c
         Fixing conflicts Last docs part - additions Ionut Pruteanu 2023-12-08 20:17:43 +02:00
  • 85ed8ce781
         Doc additions for: - Sections 2.2 && 2.3 - Section 3 - Section 4.1 Ionut Pruteanu 2023-12-07 22:53:01 +02:00
  • 490a47eb0f
         Doc additions for: - Yum repos, - bootloader, - crypto policies, - SELinux - NTP Ionut Pruteanu 2023-12-06 22:20:32 +02:00
  • 65aed536fa
         Fixing conflicts after rebase --continue Ionut Pruteanu 2023-12-05 21:01:06 +02:00
  • b262d0a3e8
         Solving conflicts after latest rebase ~~~~~ Document variables in defaults/main.yml, Fix 5 from devel root@DERVISHx 2023-11-29 15:50:23 +00:00
  • a6213412cb
         Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel root@DERVISHx 2023-11-27 16:57:40 +00:00
  • 7641fd3684
         As Nuno discovered, I was accidentally adding a new line(un-needed) Ionut Pruteanu 2023-11-22 14:17:42 +02:00
  • af7e032d34
         Using again sfera_automation_pipeline's master branch Ionut Pruteanu 2023-11-21 17:08:25 +02:00
  • 3b91e9ca5f
         Adding newest test results for L2. Ionut Pruteanu 2023-11-21 11:00:20 +02:00
  • 8815f14e02
         new branch in Sfera_automation_pipeline, OIDC-testing Ionut Pruteanu 2023-11-21 10:48:23 +02:00
  • ad107e79c5
         As Nuno discovered, I was accidentally adding a new line(un-needed) Ionut Pruteanu 2023-11-22 14:17:42 +02:00
  • 8bcb3c2be7
         Using again sfera_automation_pipeline's master branch Ionut Pruteanu 2023-11-21 17:08:25 +02:00
  • 80fd642f10
         Adding newest test results for L2. Ionut Pruteanu 2023-11-21 11:00:20 +02:00
  • 4cbc2e371a
         new branch in Sfera_automation_pipeline, OIDC-testing Ionut Pruteanu 2023-11-21 10:48:23 +02:00
  • 4dff7f01b3
         Naming the Ansible vars in tesfile properly, with respect to rhel9 tasks. Ionut Pruteanu 2023-11-15 17:37:39 +02:00
  • 5884ef426e
         Adding testfile with L1. Ionut Pruteanu 2023-11-15 10:46:58 +02:00
  • 0e671e84b3
         Adding CI file Ionut Pruteanu 2023-11-15 10:46:38 +02:00
  • fd4ba5bfca
         Merge branch 'siemens/feat/5_6_5_pam-d_files_session' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/5_6_5_pam-d_files_session Ionut Pruteanu 2024-01-30 21:26:29 +02:00
  • 47a00a1fd1
         Solving conflicts after previous commit: Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth} Ionut Pruteanu 2024-01-30 20:51:32 +02:00
  • e41a340fb0
         Ensuring "session optional pam_umask.so " is present in /etc/pam.d/{system-auth | password-auth} Ionut Pruteanu 2024-01-30 20:51:32 +02:00
  • e860d61e1b
         Replacing secure-configuration of 'audit' and 'audit_backlog_limit' from the /etc/default/grub approach to grubby(actually used by CIS) Ionut Pruteanu 2024-01-26 16:52:28 +02:00
  • 3fe681c0d2
         Merge pull request #159 from ansible-lockdown/pre-commit-ci-update-config uk-bolly 2024-01-26 12:50:54 +00:00
  • b726c2e444
         Merge pull request #154 from jLemmings/patch-3 uk-bolly 2024-01-26 12:44:07 +00:00
  • 902956e51d
         Merge pull request #151 from sickbock/devel uk-bolly 2024-01-26 12:37:20 +00:00
  • df1aef8d31
         Merge pull request #148 from siemens/siemens/feat/AuditVarsRefactoring uk-bolly 2024-01-26 12:34:30 +00:00
  • ac5eee81df
         Merge pull request #112 from siemens/siemens/feat/ensure_default_umask_027_5_6_5 uk-bolly 2024-01-26 12:32:45 +00:00
  • 7bab634a45
         Updating the testfile with documented findings Ionut Pruteanu 2024-01-25 10:31:11 +02:00
  • aa8a60b4ee
         [pre-commit.ci] pre-commit autoupdate pre-commit-ci[bot] 2024-01-22 17:33:49 +00:00
  • e780e076d1
         Merge branch 'siemens/feat/document_main_variables' into siemens/rhel9/devel Ionut Pruteanu 2024-01-19 20:01:18 +02:00
  • da62626a9d
         Fixing conflicts after rebasing current feature branch onto 'devel' root@DERVISHx 2023-11-24 15:38:40 +00:00
  • 9ce1fb6556
         Solved minor conflicts in defaults/main.yml file, when re-basing Marcin Dulinski 2023-11-22 09:17:15 +00:00
  • 221f64da14
         Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel Ionut Pruteanu 2024-01-19 19:47:15 +02:00
  • b931555eb2
         As Nuno discovered, I was accidentally adding a new line(un-needed) Ionut Pruteanu 2023-11-22 14:17:42 +02:00
  • cd116a59b7
         Using again sfera_automation_pipeline's master branch Ionut Pruteanu 2023-11-21 17:08:25 +02:00
  • 89d1373373
         Adding newest test results for L2(rebasing siemens/rhel9/devel onto devel) Ionut Pruteanu 2023-11-21 11:00:20 +02:00
  • b89fa21c0a
         new branch in Sfera_automation_pipeline, OIDC-testing Ionut Pruteanu 2023-11-21 10:48:23 +02:00
  • 06b39c0683
         Fixing conflicts after rebasing branch:"/siemens/rhel9/devel" onto up-to-date "devel" branch Ionut Pruteanu 2023-11-15 10:46:58 +02:00
  • d6ae2b6d36
         Merge branch 'siemens/rhel9/devel' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel root@DERVISHx 2023-11-27 16:57:40 +00:00
  • 5cb6108e18
         As Nuno discovered, I was accidentally adding a new line(un-needed) Ionut Pruteanu 2023-11-22 14:17:42 +02:00
  • c2630dcb65
         Using again sfera_automation_pipeline's master branch Ionut Pruteanu 2023-11-21 17:08:25 +02:00
  • d62e60d235
         Adding newest test results for L2. Ionut Pruteanu 2023-11-21 11:00:20 +02:00
  • a52d2a62ec
         new branch in Sfera_automation_pipeline, OIDC-testing Ionut Pruteanu 2023-11-21 10:48:23 +02:00
  • 19693c08de
         Naming the Ansible vars in tesfile properly, with respect to rhel9 tasks. Ionut Pruteanu 2023-11-15 17:37:39 +02:00
  • 6ef4e38674
         As Nuno discovered, I was accidentally adding a new line(un-needed) Ionut Pruteanu 2023-11-22 14:17:42 +02:00
  • 9614e9d7e1
         Adding testfile with L1. Ionut Pruteanu 2023-11-15 10:46:58 +02:00
  • 7190ecb573
         Using again sfera_automation_pipeline's master branch Ionut Pruteanu 2023-11-21 17:08:25 +02:00
  • 3724f3f830
         Adding newest test results for L2. Ionut Pruteanu 2023-11-21 11:00:20 +02:00
  • 17592cc608
         new branch in Sfera_automation_pipeline, OIDC-testing Ionut Pruteanu 2023-11-21 10:48:23 +02:00
  • f5b2299c79
         Naming the Ansible vars in tesfile properly, with respect to rhel9 tasks. Ionut Pruteanu 2023-11-15 17:37:39 +02:00
  • dfffb19e4c
         Adding testfile with L1. Ionut Pruteanu 2023-11-15 10:46:58 +02:00
  • 3dde4b1c78
         Adding CI file Ionut Pruteanu 2023-11-15 10:46:38 +02:00
  • 36ab51d600
         Removing not useful line from docs Ionut Pruteanu 2024-01-19 16:16:18 +02:00
  • 48f0c7db53
         Using again the default values used by Lockdown for sshd vars, as they shouldn't be altered Ionut Pruteanu 2024-01-19 16:11:02 +02:00
  • 073f6b7192
         Revert "Added vars for streams." [IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal. Ionut Pruteanu 2024-01-19 15:55:42 +02:00
  • b4bef292ca
         Improving doc for journald log parameters. Ionut Pruteanu 2024-01-19 15:37:44 +02:00
  • 8fc85fcc59
         Documenting usage of chrony variables. Ionut Pruteanu 2024-01-19 15:32:01 +02:00
  • 677424d853
         Merge branch 'devel' of github.com:siemens/RHEL9-CIS into siemens/feat/document_main_variables Ionut Pruteanu 2024-01-19 11:03:46 +02:00
  • 068c45f509
         Merge pull request #105 from siemens/siemens/feat/reverse_path_filtering_3_3_7 uk-bolly 2024-01-18 13:15:28 +00:00
  • 14cd1e0397
         Merge branch 'siemens/feat/document_main_variables' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables Ionut Pruteanu 2024-01-17 20:39:49 +02:00
  • 560475ea4e
         Finalising the docs content & syntax Ionut Pruteanu 2024-01-17 20:17:21 +02:00
  • 884377c529
         Use the proper sub-task name when authselect custom profile is selected. Ionut Pruteanu 2024-01-17 19:19:22 +02:00
  • 85e2eb1264
         RH9 does not require extra authselect options(just with-faillock). Therefore var-attr is not needed anymore. Ionut Pruteanu 2024-01-17 19:06:21 +02:00
  • 87d2685f4e
         Update cis_1.1.7.x.yml Joshua Hemmings 2024-01-10 16:11:27 +01:00
  • 29f7129474
         Align RHEL9 hardening to RHEL8 to pass OpenSCAP check Joshua Hemmings 2024-01-10 08:46:04 +01:00
  • 200b2c244b
         Merge pull request #152 from jLemmings/patch-1 uk-bolly 2024-01-09 16:48:20 +00:00
  • d73f26a7ab
         Remove trailing comma to align with other roles Joshua Hemmings 2024-01-09 09:17:00 +01:00
  • e0491ccb8f
         Update cis_6.2.x.yml Joachim la Poutré 2024-01-03 11:20:08 +01:00
  • d6b44aac70
         Update cis_6.1.x.yml Joachim la Poutré 2024-01-03 11:18:52 +01:00
  • 3b256ff831
         Update cis_5.6.1.x.yml Joachim la Poutré 2024-01-03 11:16:20 +01:00
  • 712b8b6ecd
         Update cis_5.6.1.x.yml Joachim la Poutré 2024-01-03 11:15:11 +01:00
  • 4d749d988d
         Update cis_1.8.x.yml Joachim la Poutré 2024-01-03 11:13:32 +01:00
  • 1e55d86001
         Update cis_1.3.x.yml Joachim la Poutré 2024-01-03 11:12:06 +01:00
  • a57333dcf1
         Added vars for streams. root@DERVISHx 2023-12-27 15:39:46 +00:00
  • 6f8a95c73a
         Merge pull request #143 from siemens/siemens/feat/4.2.1.3conditionalAndSectionHeader uk-bolly 2023-12-21 08:40:41 +00:00
  • e545b89c7b
         Merge pull request #145 from siemens/siemens/feat/5.4.2_addVarUsage uk-bolly 2023-12-21 08:39:48 +00:00
  • ca41b128cd
         Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured Ionut Pruteanu 2023-12-20 22:21:14 +02:00
  • 88ffe32137
         Storing max_log_file under rhel9cis_auditd dict variable. Ionut Pruteanu 2023-12-20 21:58:49 +02:00
  • 145ac85e52
         Merge pull request #103 from Corey0219/update-4-2-3 uk-bolly 2023-12-20 09:48:47 +00:00
  • 8d85f178e2
         find hidden files in /var/log for 4.3.2 Corey Reid 2023-10-19 13:19:07 +01:00
  • c56ea1ac9a
         Merge pull request #140 from siemens/siemens/feat/3.4.2.5_fixConditional uk-bolly 2023-12-13 08:44:08 +00:00
  • 82d1c2bdfb
         Merge pull request #138 from siemens/siemens/feat/2.3.4_fixConditional uk-bolly 2023-12-13 08:43:07 +00:00
  • 779c90ea0e
         Merge pull request #136 from siemens/siemens/feat/2.2.16_fixingNFSLogicBetweenMaskingServiceVsRemovingPackage uk-bolly 2023-12-13 08:42:33 +00:00
  • 74f21e5303
         Merge pull request #133 from siemens/siemens/feat/timeoutValueDefinedNotUsed uk-bolly 2023-12-13 08:40:02 +00:00
  • ecbd514df1
         Merge pull request #129 from siemens/siemens/feat/removingRedundantConditionals uk-bolly 2023-12-13 08:27:49 +00:00
  • 998eaf30ba
         Merge pull request #121 from dulin/fix-chrony uk-bolly 2023-12-13 08:23:13 +00:00
  • d022977723
         Merge pull request #127 from ansible-lockdown/pre-commit-ci-update-config uk-bolly 2023-12-13 08:20:34 +00:00
  • b7936bc633
         Merge pull request #122 from senihucar/patch-1 uk-bolly 2023-12-13 08:19:58 +00:00
  • 28a61fa71d
         Last docs part - additions Ionut Pruteanu 2023-12-08 20:17:43 +02:00
  • c19e350b7d
         Using rhel9cis_authselect['options'], otherwise not used at all Ionut Pruteanu 2023-12-08 16:44:30 +02:00
  • e0de491263
         whole section defined in cis_4.2.1.x.yml gets executed only when: rhel9cis_syslog == 'rsyslog', having same condition is redundant and may confuse users. Ionut Pruteanu 2023-12-08 12:03:00 +02:00
  • d79bba53c6
         Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) Ionut Pruteanu 2023-12-08 12:01:10 +02:00
  • 6dfbe18612
         Doc additions for: - Sections 2.2 && 2.3 - Section 3 - Section 4.1 Ionut Pruteanu 2023-12-07 22:53:01 +02:00
  • 81fd98e2c6
         Using correct conditional for Task relying on 'firewall-cmd --get-active-zones' cmd Ionut Pruteanu 2023-12-07 20:38:20 +02:00
  • cd04537bf1
         Using correct conditional for ftpd Ionut Pruteanu 2023-12-07 18:58:02 +02:00
  • 9d988b483f
         Masking service when server package is needed Ionut Pruteanu 2023-12-07 18:10:09 +02:00
  • 06489db6a8
         Doc additions for: - Yum repos, - bootloader, - crypto policies, - SELinux - NTP Ionut Pruteanu 2023-12-06 22:20:32 +02:00
  • dc59c320c8
         Small additions to first part of documentation. Ionut Pruteanu 2023-12-05 21:01:06 +02:00