Tags: ansible-lockdown/RHEL8-CIS
Tags
Release on CIS v3.0 (#386) * initial v3.0.0 Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * removed old conflict line Signed-off-by: Mark Bolwell <[email protected]> * tidy up warning on 432 Signed-off-by: Mark Bolwell <[email protected]> * tidy up ec2_checks Signed-off-by: Mark Bolwell <[email protected]> * updated warning on line 435 Signed-off-by: Mark Bolwell <[email protected]> * updated prelim and typos Signed-off-by: Mark Bolwell <[email protected]> * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/ansible-community/ansible-lint: v24.2.0 → v24.2.1](ansible/ansible-lint@v24.2.0...v24.2.1) * March 24 updates (#356) * added conditional to user password check #354 thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <[email protected]> * updated logic to check root passwd locked Signed-off-by: Mark Bolwell <[email protected]> * Updated Signed-off-by: Mark Bolwell <[email protected]> * lint and audit order change Signed-off-by: Mark Bolwell <[email protected]> * updated for documentation format Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> * Allow for a local site policy for the openSSH server. (#358) If changes to the system-wide crypto policy are required to meet local site policy for the openSSH server, these changes should be done with a sub-policy assigned to the system-wide crypto policy. The role defaults can be overridden by the user's vars. The user should implement a .pmod file, and add its basename to `rhel8cis_allowed_crypto_policies_modules`. The role vars are harder to change due to the 21 priority levels of Ansible. Signed-off-by: Bas Meijer <[email protected]> * Issues March24 (#366) * #359 addressed thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <[email protected]> * sysctl matches requirement & handler added Signed-off-by: Mark Bolwell <[email protected]> * container updated and cautions updated Signed-off-by: Mark Bolwell <[email protected]> * issues #360 addressed thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * Added #361 ensure local interface on 3.4.2.2 Signed-off-by: Mark Bolwell <[email protected]> * issue #363 addressed Signed-off-by: Mark Bolwell <[email protected]> * variable naming and lint Signed-off-by: Mark Bolwell <[email protected]> * variable naming and lint Signed-off-by: Mark Bolwell <[email protected]> * updated handler Signed-off-by: Mark Bolwell <[email protected]> * variable naming and lint updates Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * fix issues with pam_unix Signed-off-by: Mark Bolwell <[email protected]> * added extra options Signed-off-by: Mark Bolwell <[email protected]> * issue #365 addressed Signed-off-by: Mark Bolwell <[email protected]> * fixed commenting alternate file Signed-off-by: Mark Bolwell <[email protected]> * updated var name to discovered Signed-off-by: Mark Bolwell <[email protected]> * renamed variable tomake it clearer Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * fix typo Signed-off-by: Mark Bolwell <[email protected]> * updated discovered variable naming Signed-off-by: Mark Bolwell <[email protected]> * updated variable naming Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> * [pre-commit.ci] pre-commit autoupdate (#367) updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](pre-commit/pre-commit-hooks@v4.5.0...v4.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * [pre-commit.ci] pre-commit autoupdate (#368) updates: - [github.com/ansible-community/ansible-lint: v24.2.1 → v24.2.2](ansible/ansible-lint@v24.2.1...v24.2.2) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * updated for audit and url alignment (#370) Signed-off-by: Mark Bolwell <[email protected]> * [pre-commit.ci] pre-commit autoupdate (#372) updates: - [github.com/Yelp/detect-secrets: v1.4.0 → v1.5.0](Yelp/detect-secrets@v1.4.0...v1.5.0) - [github.com/gitleaks/gitleaks: v8.18.2 → v8.18.3](gitleaks/gitleaks@v8.18.2...v8.18.3) - [github.com/ansible-community/ansible-lint: v24.2.2 → v24.6.0](ansible/ansible-lint@v24.2.2...v24.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * use RHEL8 chrony.conf (#371) Signed-off-by: Tomáš Kuba <[email protected]> * Update Alma 8 GPG Key (#369) * Update Alma 8 GPG Key Update AlmaLinux.yml Signed-off-by: ajython <[email protected]> * Update AlmaLinux.yml Replace depricated Alma 8 GPG key Signed-off-by: ajython <[email protected]> --------- Signed-off-by: ajython <[email protected]> * May 24 updates (#376) * updated path to match disa for audit tools Signed-off-by: Mark Bolwell <[email protected]> * updated dict control Signed-off-by: Mark Bolwell <[email protected]> * updated nullok logic Signed-off-by: Mark Bolwell <[email protected]> * updated typos Signed-off-by: Mark Bolwell <[email protected]> * updated typ thanks to @msachikanta Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> * [pre-commit.ci] pre-commit autoupdate (#383) updates: - [github.com/gitleaks/gitleaks: v8.18.3 → v8.18.4](gitleaks/gitleaks@v8.18.3...v8.18.4) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * updated known issues thanks to @fgierlinger Signed-off-by: Mark Bolwell <[email protected]> * Interactive users logic and workflow (#385) * interactive user vars updates Signed-off-by: Mark Bolwell <[email protected]> * improved conditionals checks Signed-off-by: Mark Bolwell <[email protected]> * Tidy up titles Signed-off-by: Mark Bolwell <[email protected]> * updated with latest devel Signed-off-by: Mark Bolwell <[email protected]> * removed file not required Signed-off-by: Mark Bolwell <[email protected]> * improved logic for /dev/null home dirs Signed-off-by: Mark Bolwell <[email protected]> * Updated workflow to new runner Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> Signed-off-by: Bas Meijer <[email protected]> Signed-off-by: Tomáš Kuba <[email protected]> Signed-off-by: ajython <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Bas <[email protected]> Co-authored-by: tomkuba <[email protected]> Co-authored-by: ajython <[email protected]> Co-authored-by: Fred W <[email protected]>
PreviousNext