sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Removed -automated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-13 14:15:50 +00:00
parent 83bd6cd87c
commit 50d4cd83aa
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
11 changed files with 2 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tasks/section_1/cis_1.1.x.yml
View file

@ -21,7 +21,6 @@
tags: tags:
- level1-server - level1-server
- level2-workstation - level2-workstation
- automated
- patch - patch
- mounts - mounts
- removable_storage - removable_storage

1
tasks/section_1/cis_1.2.x.yml
View file

@ -61,7 +61,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- rule_1.2.2 - rule_1.2.2

7
tasks/section_1/cis_1.6.1.x.yml
View file

@ -9,7 +9,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- rule_1.6.1.1 - rule_1.6.1.1
@ -45,7 +44,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- selinux - selinux
- patch - patch
- rule_1.6.1.3 - rule_1.6.1.3
@ -61,7 +59,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- selinux - selinux
- patch - patch
- rule_1.6.1.4 - rule_1.6.1.4
@ -78,7 +75,6 @@
tags: tags:
- level2-server - level2-server
- level2-workstation - level2-workstation
- automated
- selinux - selinux
- patch - patch
- rule_1.6.1.5 - rule_1.6.1.5
@ -106,7 +102,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- audit - audit
- services - services
- rule_1.6.1.6 - rule_1.6.1.6
@ -120,7 +115,6 @@
- "'setroubleshoot' in ansible_facts.packages" - "'setroubleshoot' in ansible_facts.packages"
tags: tags:
- level1-server - level1-server
- automated
- selinux - selinux
- patch - patch
- rule_1.6.1.7 - rule_1.6.1.7
@ -134,6 +128,5 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- rule_1.6.1.8 - rule_1.6.1.8

5
tasks/section_1/cis_1.8.x.yml
View file

@ -9,7 +9,6 @@
- "'gdm' in ansible_facts.packages" - "'gdm' in ansible_facts.packages"
tags: tags:
- level2-server - level2-server
- automated
- patch - patch
- gui - gui
- gdm - gdm
@ -39,7 +38,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- gui - gui
- gdm - gdm
@ -67,7 +65,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- gui - gui
- rule_1.8.3 - rule_1.8.3
@ -92,7 +89,6 @@
tags: tags:
- level1-server - level1-server
- level2-workstation - level2-workstation
- automated
- patch - patch
- gui - gui
- rule_1.8.6 - rule_1.8.6
@ -109,7 +105,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- gui - gui
- rule_1.8.4 - rule_1.8.4

4
tasks/section_2/cis_2.3.x.yml
View file

@ -11,7 +11,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- telnet - telnet
- rule_2.3.1 - rule_2.3.1
@ -27,7 +26,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- ldap - ldap
- rule_2.3.2 - rule_2.3.2
@ -43,7 +41,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- tftp - tftp
- rule_2.3.3 - rule_2.3.3
@ -59,7 +56,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- ftp - ftp
- rule_2.3.4 - rule_2.3.4

1
tasks/section_4/cis_4.1.2.x.yml
View file

@ -11,7 +11,6 @@
tags: tags:
- level2-server - level2-server
- level2-workstation - level2-workstation
- automated
- patch - patch
- auditd - auditd
- rule_4.1.2.1 - rule_4.1.2.1

1
tasks/section_4/cis_4.1.3.x.yml
View file

@ -61,7 +61,6 @@
tags: tags:
- level2-server - level2-server
- level2-workstation - level2-workstation
- automated
- patch - patch
- auditd - auditd
- rule_4.1.3.5 - rule_4.1.3.5

6
tasks/section_4/cis_4.2.2.x.yml
View file

@ -63,7 +63,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- journald - journald
- rule_4.2.2.1.4 - rule_4.2.2.1.4
@ -98,7 +97,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- audit - audit
- journald - journald
- rule_4.2.2.2 - rule_4.2.2.2
@ -114,7 +112,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- journald - journald
- rule_4.2.2.3 - rule_4.2.2.3
@ -130,7 +127,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- journald - journald
- rule_4.2.2.4 - rule_4.2.2.4
@ -184,7 +180,7 @@
- name: "4.2.2.7 | AUDIT | Ensure journald default file permissions configured | Set live file" - name: "4.2.2.7 | AUDIT | Ensure journald default file permissions configured | Set live file"
ansible.builtin.set_fact: ansible.builtin.set_fact:
systemd_conf_file: /etc/tmpfiles.d/systemd.conf systemd_conf_file: /etc/tmpfiles.d/systemd.conf
when: rhel9cis_4_2_2_7_override_stat.exists when: rhel9cis_4_2_2_7_override.stat.exists
- name: "4.2.2.7 | PATCH | Ensure journald default file permissions configured | Set permission" - name: "4.2.2.7 | PATCH | Ensure journald default file permissions configured | Set permission"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:

1
tasks/section_4/cis_4.2.3.yml
View file

@ -21,7 +21,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- logfiles - logfiles
- rule_4.2.3 - rule_4.2.3

1
tasks/section_6/cis_6.1.x.yml
View file

@ -142,7 +142,6 @@
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- automated
- patch - patch
- files - files
- permissions - permissions

2
tasks/warning_facts.yml
View file

@ -14,7 +14,7 @@
# #
# warn_count the main variable for the number of warnings and each time a warn_control_id is added # warn_count the main variable for the number of warnings and each time a warn_control_id is added
# the count increases by a value of 1 # the count increases by a value of 1
- name: "NO CONTROL ID | AUDIT | Set fact for manual task warning." - name: "{{ warn_control_id }} | AUDIT | Set fact for manual task warning."
ansible.builtin.set_fact: ansible.builtin.set_fact:
warn_control_list: "{{ warn_control_list }} [{{ warn_control_id }}]" warn_control_list: "{{ warn_control_list }} [{{ warn_control_id }}]"
warn_count: "{{ warn_count | int + 1 }}" warn_count: "{{ warn_count | int + 1 }}"