-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge devel to main #214
Merged
Merge devel to main #214
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
April issues
Signed-off-by: Chandler Swift <chandler+pearson@chandlerswift.com>
Always run parse_etc_passwd.yml
Signed-off-by: Pawel Fiuto <pavloos@gmail.com>
Allow setting environment for run_audit.sh invocation
Fixes #192. From the issue: > **Describe the Issue** > 6.5.2 has a flipped conditional, and locks out roughly the complement > of the set it should lock out. > > **Expected Behavior** > System accounts (UID<1000) have shell set to `nologin`, and have a > locked password in `/etc/shadow`. > > **Actual Behavior** > All accounts except those (well, not counting an off-by-one bug with > the account 1000) get locked out, but not the onew that are supposed > to be locked out. > > **Control(s) Affected** > 6.5.2 > > **Additional Notes** > As noted in the CIS documentation, `rhel8cis_int_gid` should be parsed > out of `/etc/login.defs`, not hardcoded. > > The CIS docs suggest we should be comparing the `item.uid` of the > user, not `item.gid`. > > Since I'm not aware of the full rationale behind those two points, > I've excluded those fixes from the PR. Signed-off-by: Chandler Swift <chandler+pearson@chandlerswift.com>
Fixes #194 Signed-off-by: Chandler Swift <chandler+pearson@chandlerswift.com>
…-194 Fix path for /etc/group control 6.1.5
Signed-off-by: Jeffrey van Pelt <jeff@vanpelt.one>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
fixed typo in 4.1.3.7 rule
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Improvements
Signed-off-by: Jeffrey van Pelt <jeff@vanpelt.one>
Excluded nobody user from 6.2.10
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Audit alignment
Idempotent improvements
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
added managed by ansible warning to templates
georgenalen
approved these changes
Jun 30, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Mark Bolwell mark.bollyuk@gmail.com
Issues linked
Thanks to the community:
@ccravens
#160
#183
#204
@flwitten
#180
#181
#182
#185
@ChandlerSwift
#187
#192
#195
@scottdoane
#203
@ztmr
#190
@Thulium-Drake
#196
#198
#200
#208
@pavloos
#186
#201
#205
#210
#211
#213
Enhancements