From 5e5174a5b0981585726191b392a9984efa760aa5 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 10 Mar 2023 15:19:35 +0000 Subject: [PATCH] updated marker Signed-off-by: Mark Bolwell --- tasks/section_1/cis_1.3.x.yml | 2 +- tasks/section_4/cis_4.2.1.x.yml | 12 ++++++------ tasks/section_5/cis_5.6.x.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tasks/section_1/cis_1.3.x.yml b/tasks/section_1/cis_1.3.x.yml index 2c61fc8..1275d86 100644 --- a/tasks/section_1/cis_1.3.x.yml +++ b/tasks/section_1/cis_1.3.x.yml @@ -57,7 +57,7 @@ - name: "1.3.3 | Ensure cryptographic mechanisms are used to protect the integrity of audit tools" ansible.builtin.blockinfile: path: /etc/aide.conf - marker: "# {mark} Audit tools (CIS - Ansible)" + marker: "# {mark} Audit tools - CIS benchmark - Ansible-lockdown" block: | /sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512 /sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512 diff --git a/tasks/section_4/cis_4.2.1.x.yml b/tasks/section_4/cis_4.2.1.x.yml index 4eeb61d..10e0ac2 100644 --- a/tasks/section_4/cis_4.2.1.x.yml +++ b/tasks/section_4/cis_4.2.1.x.yml @@ -75,7 +75,7 @@ - name: "4.2.1.5 | PATCH | Ensure logging is configured | mail.* log setting" ansible.builtin.blockinfile: path: /etc/rsyslog.conf - marker: "# {mark} MAIL LOG SETTINGS (ANSIBLE MANAGED)" + marker: "# {mark} MAIL LOG SETTINGS - CIS benchmark - Ansible-lockdown" block: | # mail logging additions to meet CIS standards mail.* -/var/log/mail @@ -90,7 +90,7 @@ ansible.builtin.blockinfile: path: /etc/rsyslog.conf state: present - marker: "# {mark} NEWS LOG SETTINGS (ANSIBLE MANAGED)" + marker: "# {mark} NEWS LOG SETTINGS - CIS benchmark - Ansible-lockdown" block: | # news logging additions to meet CIS standards news.crit -/var/log/news/news.crit @@ -103,7 +103,7 @@ ansible.builtin.blockinfile: path: /etc/rsyslog.conf state: present - marker: "# {mark} MISC. LOG SETTINGS (ANSIBLE MANAGED)" + marker: "# {mark} MISC. LOG SETTINGS - CIS benchmark - Ansible-lockdown" block: | # misc. logging additions to meet CIS standards *.=warning;*.=err -/var/log/warn @@ -117,7 +117,7 @@ ansible.builtin.blockinfile: path: /etc/rsyslog.conf state: present - marker: "#{mark} LOCAL LOG SETTINGS (ANSIBLE MANAGED)" + marker: "#{mark} LOCAL LOG SETTINGS - CIS benchmark - Ansible-lockdown" block: | # local log settings to meet CIS standards local0,local1.* -/var/log/localmessages @@ -132,7 +132,7 @@ ansible.builtin.blockinfile: path: /etc/rsyslog.conf state: present - marker: "#{mark} Auth SETTINGS (ANSIBLE MANAGED)" + marker: "#{mark} Auth SETTINGS - CIS benchmark - Ansible-lockdown" block: | # Private settings to meet CIS standards auth,authpriv.* /var/log/secure @@ -143,7 +143,7 @@ ansible.builtin.blockinfile: path: /etc/rsyslog.conf state: present - marker: "#{mark} Cron SETTINGS (ANSIBLE MANAGED)" + marker: "#{mark} Cron SETTINGS - CIS benchmark - Ansible-lockdown" block: | # Cron settings to meet CIS standards cron.* /var/log/cron diff --git a/tasks/section_5/cis_5.6.x.yml b/tasks/section_5/cis_5.6.x.yml index 349095a..adea221 100644 --- a/tasks/section_5/cis_5.6.x.yml +++ b/tasks/section_5/cis_5.6.x.yml @@ -48,7 +48,7 @@ ansible.builtin.blockinfile: path: "{{ item.path }}" state: "{{ item.state }}" - marker: "# {mark} CIS 5.6.3 ANSIBLE MANAGED" + marker: "# {mark} - CIS benchmark - Ansible-lockdown" create: true mode: 0644 block: |