sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity
763 commits 2 branches 15 tags 2.5 MiB
Commit graph

763 commits

This branch
This branch
All branches
Author SHA1 Message Date
John Foster
7fde313f85
Main task was failing when using an AD account to connect to host. 
With an AD account there isn't an entry in the /etc/shadow file. This
caused the password length check to treat it as a zero length password.
Now local password check is skipped for AD account.
Also added an additional check for a locked local account for the sudo
user.

Signed-off-by: John Foster <robopickle@proton.me>
 2024-02-13 15:37:39 +00:00
pre-commit-ci[bot]
0a98ad4aea
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/gitleaks/gitleaks: v8.18.1 → v8.18.2](https://github.com/gitleaks/gitleaks/compare/v8.18.1...v8.18.2)
- [github.com/ansible-community/ansible-lint: v6.22.2 → v24.2.0](https://github.com/ansible-community/ansible-lint/compare/v6.22.2...v24.2.0)
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.34.0](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.34.0)
 2024-02-12 17:38:29 +00:00
rjacobs1990
742165cd72
fix: more readable condition and prevent skipping 0600 #173 
Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>
 2024-02-12 16:21:31 +01:00
rjacobs1990
8652390beb
fix: idempotency molecule issue fixed for logfiles and prevent skipping 0600 #173 
Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>
 2024-02-12 15:55:42 +01:00
rjacobs1990
c805ee398b
fix: idempotency molecule issue fixed for logfiles #173 
Signed-off-by: rjacobs1990 <ricardojacobs20@gmail.com>
 2024-02-12 14:47:12 +01:00
Bas Meijer
cc7f9ccfd0
X11Forwarding found in /etc/ssh/sshd_config.d/50-redhat.conf 
Signed-off-by: Bas Meijer <bas.meijer@me.com>
 2024-02-10 00:43:17 +01:00
Bas Meijer
baf8987a5f
PermitRootLogin found in /etc/ssh/sshd_config.d/01-permitrootlogin.conf 
Signed-off-by: Bas Meijer <bas.meijer@me.com>
 2024-02-10 00:43:17 +01:00
Illibur
fcab25c61f
Update cis_6.1.x.yml 
Fixed:
[DEPRECATION WARNING]: Specifying a list of dictionaries for vars is deprecated in favor of specifying a dictionary. This feature will be removed in version 2.18.

Signed-off-by: Illibur <72218972+Illibur@users.noreply.github.com>
 2024-02-06 18:46:30 +02:00
Ionut Pruteanu
e2738f0a44
Fixing indentation for lines reported by yamllint 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 21:31:14 +02:00
Ionut Pruteanu
18803420f0
Replacing secure-configuration of 'audit' and 'audit_backlog_limit' from the /etc/default/grub approach to grubby(actually used by CIS) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 21:27:00 +02:00
Ionut Pruteanu
3581793d8e
Documenting also new added(space_left & admin_space_left) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 20:31:03 +02:00
Ionut Pruteanu
f2a2757d1b
Fixing yaml-lint errors 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 20:30:25 +02:00
Ionut Pruteanu
a83678e9ce
Removing statement about SSH precedence vars. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 20:27:07 +02:00
Ionut Pruteanu
c70c23680a
Aplying patch to be used for extending-documentation 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2024-01-31 10:26:10 +02:00
uk-bolly
3fe681c0d2
Merge pull request #159 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-01-26 12:50:54 +00:00
uk-bolly
b726c2e444
Merge pull request #154 from jLemmings/patch-3 
Remove trailing comma to align with other roles
 2024-01-26 12:44:07 +00:00
uk-bolly
902956e51d
Merge pull request #151 from sickbock/devel 
Corrections to tags and a variable
 2024-01-26 12:37:20 +00:00
uk-bolly
df1aef8d31
Merge pull request #148 from siemens/siemens/feat/AuditVarsRefactoring 
Siemens/feat/audit vars refactoring
 2024-01-26 12:34:30 +00:00
uk-bolly
ac5eee81df
Merge pull request #112 from siemens/siemens/feat/ensure_default_umask_027_5_6_5 
Adding new entry in /etc/pam.d/system-auth
 2024-01-26 12:32:45 +00:00
pre-commit-ci[bot]
aa8a60b4ee
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](https://github.com/ansible-community/ansible-lint/compare/v6.22.1...v6.22.2)
 2024-01-22 17:33:49 +00:00
uk-bolly
068c45f509
Merge pull request #105 from siemens/siemens/feat/reverse_path_filtering_3_3_7 
Adding missing lines to usr: sysctl.d/50-default.conf
 2024-01-18 13:15:28 +00:00
Joshua Hemmings
87d2685f4e
Update cis_1.1.7.x.yml 
Signed-off-by: Joshua Hemmings <josh@hemmings.ch>
 2024-01-10 16:11:27 +01:00
uk-bolly
200b2c244b
Merge pull request #152 from jLemmings/patch-1 
Remove trailing comma to align with other roles
 2024-01-09 16:48:20 +00:00
Joshua Hemmings
d73f26a7ab
Remove trailing comma to align with other roles 
Signed-off-by: Joshua Hemmings <josh@hemmings.ch>
 2024-01-09 09:17:00 +01:00
Joachim la Poutré
e0491ccb8f
Update cis_6.2.x.yml 
Corrected tag: rule_6.2.3

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:20:08 +01:00
Joachim la Poutré
d6b44aac70
Update cis_6.1.x.yml 
Corrected tags: rule_6.1.8 & rule_6.1.12

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:18:52 +01:00
Joachim la Poutré
3b256ff831
Update cis_5.6.1.x.yml 
Corrected tag: rule_5.6.1.5

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:16:20 +01:00
Joachim la Poutré
712b8b6ecd
Update cis_5.6.1.x.yml 
Corrected tag: rule_5.6.1.1

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:15:11 +01:00
Joachim la Poutré
4d749d988d
Update cis_1.8.x.yml 
Corrected tag rule_1.8.10

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:13:32 +01:00
Joachim la Poutré
1e55d86001
Update cis_1.3.x.yml 
Correction to "when":  1_3_3

Signed-off-by: Joachim la Poutré <14360383+sickbock@users.noreply.github.com>
 2024-01-03 11:12:06 +01:00
uk-bolly
6f8a95c73a
Merge pull request #143 from siemens/siemens/feat/4.2.1.3conditionalAndSectionHeader 
Siemens/feat/4.2.1.3conditional and section header
 2023-12-21 08:40:41 +00:00
uk-bolly
e545b89c7b
Merge pull request #145 from siemens/siemens/feat/5.4.2_addVarUsage 
Using rhel9cis_authselect['options'], otherwise not used at all
 2023-12-21 08:39:48 +00:00
Ionut Pruteanu
ca41b128cd
Defining some threshold for (audit_)space_left vars, as well as a bool which governs if extra params will be configured 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-20 22:21:14 +02:00
Ionut Pruteanu
88ffe32137
Storing max_log_file under rhel9cis_auditd dict variable. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-20 21:58:49 +02:00
uk-bolly
145ac85e52
Merge pull request #103 from Corey0219/update-4-2-3 
find hidden files in /var/log for 4.3.2
 2023-12-20 09:48:47 +00:00
Corey Reid
8d85f178e2
find hidden files in /var/log for 4.3.2 
Signed-off-by: Corey Reid <corey.nathan.reid@gmail.com>
 2023-12-17 17:36:34 +00:00
uk-bolly
c56ea1ac9a
Merge pull request #140 from siemens/siemens/feat/3.4.2.5_fixConditional 
3.4.2.5 conditional fix
 2023-12-13 08:44:08 +00:00
uk-bolly
82d1c2bdfb
Merge pull request #138 from siemens/siemens/feat/2.3.4_fixConditional 
Using correct conditional for ftpd
 2023-12-13 08:43:07 +00:00
uk-bolly
779c90ea0e
Merge pull request #136 from siemens/siemens/feat/2.2.16_fixingNFSLogicBetweenMaskingServiceVsRemovingPackage 
Masking service when server package is needed
 2023-12-13 08:42:33 +00:00
uk-bolly
74f21e5303
Merge pull request #133 from siemens/siemens/feat/timeoutValueDefinedNotUsed 
Timeout value defined in defaults/main.yml file not used
 2023-12-13 08:40:02 +00:00
uk-bolly
ecbd514df1
Merge pull request #129 from siemens/siemens/feat/removingRedundantConditionals 
Removing redundant conditional statements
 2023-12-13 08:27:49 +00:00
uk-bolly
998eaf30ba
Merge pull request #121 from dulin/fix-chrony 
Fixed chrony configuration options
 2023-12-13 08:23:13 +00:00
uk-bolly
d022977723
Merge pull request #127 from ansible-lockdown/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2023-12-13 08:20:34 +00:00
uk-bolly
b7936bc633
Merge pull request #122 from senihucar/patch-1 
Update cis_5.6.1.x.yml
 2023-12-13 08:19:58 +00:00
Ionut Pruteanu
c19e350b7d
Using rhel9cis_authselect['options'], otherwise not used at all 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 16:44:30 +02:00
Ionut Pruteanu
e0de491263
whole section defined in cis_4.2.1.x.yml gets executed only when: rhel9cis_syslog == 'rsyslog', having same condition is redundant and may confuse users. 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 12:03:00 +02:00
Ionut Pruteanu
d79bba53c6
Rsyslog subsection corrected header(was using 4.2 logging name, instead of 4.2.1. rsyslog name) 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-08 12:01:10 +02:00
Ionut Pruteanu
81fd98e2c6
Using correct conditional for Task relying on 'firewall-cmd --get-active-zones' cmd 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 20:38:20 +02:00
Ionut Pruteanu
cd04537bf1
Using correct conditional for ftpd 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 18:58:02 +02:00
Ionut Pruteanu
9d988b483f
Masking service when server package is needed 
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
 2023-12-07 18:10:09 +02:00