sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

section 5 v2 initial

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-07-24 14:00:45 +01:00
parent f1c4d96412
commit 9755b0fb62
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
9 changed files with 1404 additions and 537 deletions
Download patch file Download diff file Expand all files Collapse all files

56
tasks/section_5/main.yml
View file

@ -2,38 +2,48 @@
# Access, Authentication, and Authorization
- name: "SECTION | 5.1 | Configure time-based job schedulers"
ansible.builtin.import_tasks:
file: cis_5.1.x.yml
- name: "SECTION | 5.2 | Configure SSH Server"
ansible.builtin.import_tasks:
file: cis_5.2.x.yml
- name: "SECTION | 5.1 | Configure SSH Server"
when:
- "'openssh-server' in ansible_facts.packages"
- name: "SECTION | 5.3 | Configure privilege escalation"
- "'openssh-server' in ansible_facts.packages"
ansible.builtin.import_tasks:
file: cis_5.3.x.yml
file: cis_5.1.x.yml
- name: "SECTION | 5.4 | Configure authselect"
- name: "SECTION | 5.2 | Configure privilege escalation"
ansible.builtin.import_tasks:
file: cis_5.4.x.yml
file: cis_5.2.x.yml
- name: "SECTION | 5.5 | Configure PAM | not authselect"
- name: "SECTION | 5.3.1.x | Configure PAM software packages"
ansible.builtin.import_tasks:
file: cis_5.5.x.yml
when: not rhel9cis_authselect_custom_profile_select
file: cis_5.3.1.x.yml
- name: "SECTION | 5.5 | Configure PAM | authselect"
- name: "SECTION | 5.3.2.x | Configure authselect"
ansible.builtin.import_tasks:
file: cis_5.5.x_authselect.yml
when: rhel9cis_authselect_custom_profile_select
file: cis_5.3.2.x.yml
- name: "SECTION | 5.6.1.x | Shadow Password Suite Parameters"
- name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
ansible.builtin.import_tasks:
file: cis_5.6.1.x.yml
file: cis_5.3.3.1.x.yml
- name: "SECTION | 5.6.x | Misc. User Account Settings"
- name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
ansible.builtin.import_tasks:
file: cis_5.6.x.yml
file: cis_5.3.3.2.x.yml
- name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
ansible.builtin.import_tasks:
file: cis_5.3.3.3.x.yml
- name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
ansible.builtin.import_tasks:
file: cis_5.3.3.4.x.yml
- name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
ansible.builtin.import_tasks:
file: cis_5.4.1.x.yml
- name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
ansible.builtin.import_tasks:
file: cis_5.4.2.x.yml
- name: "SECTION | 5.4.3.x | Configure user default environment"
ansible.builtin.import_tasks:
file: cis_5.4.3.x.yml