From fc407f832976666f72e3d057afb706fb3ca67715 Mon Sep 17 00:00:00 2001 From: Kristian Date: Tue, 27 Sep 2022 17:15:49 +0200 Subject: [PATCH] tss user and spacing Signed-off-by: Kristian --- collections/requirements.yml | 3 --- tasks/section_3/cis_3.1.x.yml | 2 +- tasks/section_4/main.yml | 2 +- tasks/section_5/cis_5.1.x.yml | 2 +- tasks/section_5/cis_5.2.x.yml | 4 ++-- tasks/section_5/cis_5.6.1.x.yml | 2 +- tasks/section_6/cis_6.1.x.yml | 10 +++++----- tasks/section_6/cis_6.2.x.yml | 1 + 8 files changed, 12 insertions(+), 14 deletions(-) diff --git a/collections/requirements.yml b/collections/requirements.yml index 4a418ef..d35b7e9 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,8 +1,5 @@ --- - collections: - name: community.general - - name: community.crypto - - name: ansible.posix diff --git a/tasks/section_3/cis_3.1.x.yml b/tasks/section_3/cis_3.1.x.yml index 6eaf58f..ebe4325 100644 --- a/tasks/section_3/cis_3.1.x.yml +++ b/tasks/section_3/cis_3.1.x.yml @@ -64,7 +64,7 @@ - name: "3.1.4 | PATCH | Ensure wireless interfaces are disabled" block: - - name: "3.1.4 | AUDIT | Ensure wireless interfaces are disabled | Check if nmcli command is available" + - name: "3.1.4 | AUDIT | Ensure wireless interfaces are disabled | Check if nmcli command is available" command: rpm -q NetworkManager changed_when: false failed_when: false diff --git a/tasks/section_4/main.yml b/tasks/section_4/main.yml index 6128f16..a4f05d2 100644 --- a/tasks/section_4/main.yml +++ b/tasks/section_4/main.yml @@ -15,7 +15,7 @@ import_tasks: cis_4.2.1.x.yml when: rhel9cis_syslog == 'rsyslog' -- name: "SECTION | 4.2.2 Configure journald" +- name: "SECTION | 4.2.2 | Configure journald" import_tasks: cis_4.2.2.x.yml when: rhel9cis_syslog == 'journald' diff --git a/tasks/section_5/cis_5.1.x.yml b/tasks/section_5/cis_5.1.x.yml index ef82f98..6af5981 100644 --- a/tasks/section_5/cis_5.1.x.yml +++ b/tasks/section_5/cis_5.1.x.yml @@ -148,7 +148,7 @@ dest: /etc/at.deny state: absent - - name: "5.1.9 | PATCH | Ensure at is restricted to authorized users | Check if at.allow exists" + - name: "5.1.9 | PATCH | Ensure at is restricted to authorized users | Check if at.allow exists" stat: path: "/etc/at.allow" register: rhel9cis_5_1_9_at_allow_state diff --git a/tasks/section_5/cis_5.2.x.yml b/tasks/section_5/cis_5.2.x.yml index 202ee8c..14484b6 100644 --- a/tasks/section_5/cis_5.2.x.yml +++ b/tasks/section_5/cis_5.2.x.yml @@ -296,7 +296,7 @@ - ssh - rule_5.2.14 -- name: "5.2.15 | PATCH | Ensure SSH warning banner is configured" +- name: "5.2.15 | PATCH | Ensure SSH warning banner is configured" lineinfile: path: /etc/ssh/sshd_config regexp: '^Banner' @@ -343,7 +343,7 @@ - ssh - rule_5.2.17 -- name: "5.2.18 | PATCH | Ensure SSH MaxSessions is set to 10 or less" +- name: "5.2.18 | PATCH | Ensure SSH MaxSessions is set to 10 or less" lineinfile: path: /etc/ssh/sshd_config regexp: "^#MaxSessions|^MaxSessions" diff --git a/tasks/section_5/cis_5.6.1.x.yml b/tasks/section_5/cis_5.6.1.x.yml index 1163abb..358d075 100644 --- a/tasks/section_5/cis_5.6.1.x.yml +++ b/tasks/section_5/cis_5.6.1.x.yml @@ -78,7 +78,7 @@ - password - rule_5.6.1.4 -- name: "5.6.1.5 | PATCH | Ensure all users last password change date is in the past" +- name: "5.6.1.5 | PATCH | Ensure all users last password change date is in the past" block: - name: "5.6.1.5 | AUDIT | Ensure all users last password change date is in the past | Get current date in Unix Time" shell: echo $(($(date --utc --date "$1" +%s)/86400)) diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml index 2cef0f7..099eb0e 100644 --- a/tasks/section_6/cis_6.1.x.yml +++ b/tasks/section_6/cis_6.1.x.yml @@ -96,7 +96,7 @@ - permissions - rule_6.1.4 -- name: "6.1.5 | PATCH | Ensure permissions on /etc/group are configured" +- name: "6.1.5 | PATCH | Ensure permissions on /etc/group are configured" file: dest: /etc/group- owner: root @@ -299,7 +299,7 @@ loop_control: label: "{{ item.mount }}" - - name: "6.1.14 | AUDIT | Audit SUID executables | Alert no SUID executables exist" + - name: "6.1.14 | AUDIT | Audit SUID executables | Alert no SUID executables exist" debug: msg: "Good news! We have not found any SUID executable files on your system" failed_when: false @@ -307,7 +307,7 @@ when: - rhel_08_6_1_14_perms_results.stdout is not defined - - name: "6.1.14 | AUDIT | Audit SUID executables | Alert SUID executables exist" + - name: "6.1.14 | AUDIT | Audit SUID executables | Alert SUID executables exist" debug: msg: "Manual intervention is required -- SUID set on items in {{ item.item.mount }}: {{ item.stout_lines | join(', ') }}" with_items: "{{ rhel_08_6_1_14_perms_results.stdout_lines }}" @@ -334,7 +334,7 @@ loop_control: label: "{{ item.mount }}" - - name: "6.1.15 | AUDIT | Audit SGID executables | Alert no SGID executables exist" + - name: "6.1.15 | AUDIT | Audit SGID executables | Alert no SGID executables exist" debug: msg: "Good news! We have not found any SGID executable files on your system" failed_when: false @@ -342,7 +342,7 @@ when: - rhel_08_6_1_15_perms_results.stdout is not defined - - name: "6.1.15 | AUDIT | Audit SGID executables | Alert SGID executables exist" + - name: "6.1.15 | AUDIT | Audit SGID executables | Alert SGID executables exist" debug: msg: "Manual intervention is required -- SGID set on items in {{ item.item.mount }}: {{ item.stout_lines | join(', ') }}" with_items: "{{ rhel_08_6_1_15_perms_results.stdout_lines }}" diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml index eb4bcde..235146e 100644 --- a/tasks/section_6/cis_6.2.x.yml +++ b/tasks/section_6/cis_6.2.x.yml @@ -333,6 +333,7 @@ when: - item.uid >= min_int_uid | int - item.id != 'nobody' + - (item.id != 'tss' and item.dir != '/dev/null') - rhel9cis_rule_6_2_10 tags: - skip_ansible_lint # settings found on 6_2_7