sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Merge pull request #390 from polski-g/modular_section_5_r2

Browse source 
Support section modularization (for Sec 5 only right now)
This commit is contained in:
uk-bolly 2025-10-01 10:24:44 +01:00 committed by GitHub
commit 23b60bc629
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 44 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

65
tasks/section_5/main.yml
View file

@ -5,45 +5,56 @@
- name: "SECTION | 5.1 | Configure SSH Server"
when:
- "'openssh-server' in ansible_facts.packages"
- rhel9cis_section5_1
ansible.builtin.import_tasks:
file: cis_5.1.x.yml
- name: "SECTION | 5.2 | Configure privilege escalation"
when:
- - rhel9cis_section5_2
ansible.builtin.import_tasks:
file: cis_5.2.x.yml
- name: "SECTION | 5.3.1.x | Configure PAM software packages"
ansible.builtin.import_tasks:
file: cis_5.3.1.x.yml
- name: "SECTION | 5.3"
when:
- rhel9cis_section5_3
block:
- name: "SECTION | 5.3.1.x | Configure PAM software packages"
ansible.builtin.import_tasks:
file: cis_5.3.1.x.yml
- name: "SECTION | 5.3.2.x | Configure authselect"
ansible.builtin.import_tasks:
file: cis_5.3.2.x.yml
- name: "SECTION | 5.3.2.x | Configure authselect"
ansible.builtin.import_tasks:
file: cis_5.3.2.x.yml
- name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
ansible.builtin.import_tasks:
file: cis_5.3.3.1.x.yml
- name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
ansible.builtin.import_tasks:
file: cis_5.3.3.1.x.yml
- name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
ansible.builtin.import_tasks:
file: cis_5.3.3.2.x.yml
- name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
ansible.builtin.import_tasks:
file: cis_5.3.3.2.x.yml
- name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
ansible.builtin.import_tasks:
file: cis_5.3.3.3.x.yml
- name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
ansible.builtin.import_tasks:
file: cis_5.3.3.3.x.yml
- name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
ansible.builtin.import_tasks:
file: cis_5.3.3.4.x.yml
- name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
ansible.builtin.import_tasks:
file: cis_5.3.3.4.x.yml
- name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
ansible.builtin.import_tasks:
file: cis_5.4.1.x.yml
- name: "SECTION | 5.4"
when:
- rhel9cis_section5_4
block:
- name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
ansible.builtin.import_tasks:
file: cis_5.4.1.x.yml
- name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
ansible.builtin.import_tasks:
file: cis_5.4.2.x.yml
- name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
ansible.builtin.import_tasks:
file: cis_5.4.2.x.yml
- name: "SECTION | 5.4.3.x | Configure user default environment"
ansible.builtin.import_tasks:
file: cis_5.4.3.x.yml
- name: "SECTION | 5.4.3.x | Configure user default environment"
ansible.builtin.import_tasks:
file: cis_5.4.3.x.yml