Improvements (#5)

* container standards

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* logic on handlers

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* initial container ignore

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* tags and containder discovery

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* logic on auditd task

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* tags and crypto logic

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* distro update for rocky

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* system_is_container updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* ssh pkg check

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* logrotate pkg check

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* logic in container check

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* add pkg fact and audit conditionals

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* tidy up crypto step

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Added missing tags

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* container vars file now a variable

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* added uid discovery and usage

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Updated OS checks and conditionals

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fixed empty become

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* change audit to include task

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Added OS_specific vars

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated import/include

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* OS Specific vars

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated tags

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated changed_when

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fixed UID logic

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* added github templates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated layout

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Added .github ignore again

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

This commit is contained in:

uk-bolly

2022-02-02 11:34:50 +00:00

• committed by

GitHub

parent 02a36f7f8d

commit 9db4b7fd81

No known key found for this signature in database

GPG key ID: 4AEE18F83AFDEB23

7 changed files with 168 additions and 0 deletions

									
										3

tasks/section_6/cis_6.2.x.yml
									
										View file
										
				@ -137,6 +137,9 @@

				        with_items: "{{ rhel9cis_passwd | selectattr('uid', '>=', min_int_uid | int) | selectattr('uid', '<', max_int_uid | int) | selectattr('dir', '!=', '/') | map(attribute='dir') | list }}"

				        register: rhel_09_6_2_7_audit

				      - debug:

				          var: rhel_09_6_2_7_audit

				      - name: "6.2.7 | L1 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive"

				        shell: find -H {{ item.0 | quote }} -not -type l -perm /027

				        args:

Rows
Columns

Improvements (#5)

3 tasks/section_6/cis_6.2.x.yml Unescape Escape View file

3

tasks/section_6/cis_6.2.x.yml

View file