-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release on CIS v3.0 #386
Merged
Release on CIS v3.0 #386
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
V3.0.0 initial
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
updated prelim and typos
updates: - [github.com/ansible-community/ansible-lint: v24.2.0 → v24.2.1](ansible/ansible-lint@v24.2.0...v24.2.1)
…nfig [pre-commit.ci] pre-commit autoupdate
* added conditional to user password check #354 thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated logic to check root passwd locked Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint and audit order change Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated for documentation format Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
If changes to the system-wide crypto policy are required to meet local site policy for the openSSH server, these changes should be done with a sub-policy assigned to the system-wide crypto policy. The role defaults can be overridden by the user's vars. The user should implement a .pmod file, and add its basename to `rhel8cis_allowed_crypto_policies_modules`. The role vars are harder to change due to the 21 priority levels of Ansible. Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
* #359 addressed thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * sysctl matches requirement & handler added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * container updated and cautions updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * issues #360 addressed thanks to @bbaassssiiee Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added #361 ensure local interface on 3.4.2.2 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * issue #363 addressed Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * variable naming and lint Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * variable naming and lint Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated handler Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * variable naming and lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix issues with pam_unix Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added extra options Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * issue #365 addressed Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed commenting alternate file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated var name to discovered Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * renamed variable tomake it clearer Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated discovered variable naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated variable naming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](pre-commit/pre-commit-hooks@v4.5.0...v4.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
updates: - [github.com/ansible-community/ansible-lint: v24.2.1 → v24.2.2](ansible/ansible-lint@v24.2.1...v24.2.2) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
updates: - [github.com/Yelp/detect-secrets: v1.4.0 → v1.5.0](Yelp/detect-secrets@v1.4.0...v1.5.0) - [github.com/gitleaks/gitleaks: v8.18.2 → v8.18.3](gitleaks/gitleaks@v8.18.2...v8.18.3) - [github.com/ansible-community/ansible-lint: v24.2.2 → v24.6.0](ansible/ansible-lint@v24.2.2...v24.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Signed-off-by: Tomáš Kuba <tom.kuba@gmail.com>
* Update Alma 8 GPG Key Update AlmaLinux.yml Signed-off-by: ajython <ajython@users.noreply.github.com> * Update AlmaLinux.yml Replace depricated Alma 8 GPG key Signed-off-by: ajython <ajython@users.noreply.github.com> --------- Signed-off-by: ajython <ajython@users.noreply.github.com>
* updated path to match disa for audit tools Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated dict control Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated nullok logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated typos Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated typ thanks to @msachikanta Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
updates: - [github.com/gitleaks/gitleaks: v8.18.3 → v8.18.4](gitleaks/gitleaks@v8.18.3...v8.18.4) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
updated known issues thanks to @fgierlinger
* interactive user vars updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * improved conditionals checks Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Tidy up titles Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated with latest devel Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed file not required Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * improved logic for /dev/null home dirs Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Updated workflow to new runner Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
georgenalen
approved these changes
Jun 20, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overall Review of Changes:
Full rewrite of playbook to match new updates
auditd updated
precommit-updates
general improvements fo new release
workflow updates
Issue Fixes:
#356
#358
#366
#370
#371
#373
#374
#383
#385
Enhancements:
Workflow updated to new runner
How has this been tested?:
Manually