diff --git a/tasks/main.yml b/tasks/main.yml index d5c0194..7efecbb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -152,7 +152,7 @@ tags: - CCE-82214-8 - NIST-800-53-CM-6(a) - - PCI-DSSv4-10.2.1.5 + - PCI-DSSv4-2.2.6 - enable_strategy - low_complexity - low_disruption @@ -300,7 +300,7 @@ tags: - CCE-83798-9 - PCI-DSS-Req-10.2.5 - - PCI-DSSv4-10.2.1.5 + - PCI-DSSv4-2.2.6 - low_complexity - low_disruption - medium_severity @@ -332,7 +332,7 @@ tags: - CCE-83798-9 - PCI-DSS-Req-10.2.5 - - PCI-DSSv4-10.2.1.5 + - PCI-DSSv4-2.2.6 - low_complexity - low_disruption - medium_severity @@ -341,7 +341,7 @@ - sudo_add_use_pty - name: Find /etc/sudoers.d/ files - find: + ansible.builtin.find: paths: - /etc/sudoers.d/ register: sudoers @@ -366,7 +366,7 @@ - sudo_remove_no_authenticate | bool - name: Remove lines containing !authenticate from sudoers files - replace: + ansible.builtin.replace: regexp: (^(?!#).*[\s]+\!authenticate.*$) replace: '# \g<1>' path: '{{ item.path }}' @@ -395,7 +395,7 @@ - sudo_remove_no_authenticate | bool - name: Find /etc/sudoers.d/ files - find: + ansible.builtin.find: paths: - /etc/sudoers.d/ register: sudoers @@ -420,7 +420,7 @@ - sudo_remove_nopasswd | bool - name: Remove lines containing NOPASSWD from sudoers files - replace: + ansible.builtin.replace: regexp: (^(?!#).*[\s]+NOPASSWD[\s]*\:.*$) replace: '# \g<1>' path: '{{ item.path }}' @@ -760,6 +760,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -791,6 +792,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -822,6 +824,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -851,6 +854,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -893,6 +897,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -4346,7 +4351,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_dcredit - low_complexity - low_disruption @@ -4386,7 +4390,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_dcredit - low_complexity - low_disruption @@ -4406,7 +4409,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_lcredit - low_complexity - low_disruption @@ -4446,7 +4448,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_lcredit - low_complexity - low_disruption @@ -4467,7 +4468,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_minlen - low_complexity - low_disruption @@ -4508,7 +4508,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_minlen - low_complexity - low_disruption @@ -4581,8 +4580,6 @@ - NIST-800-53-IA-5(4) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_ucredit - low_complexity - low_disruption @@ -4621,8 +4618,6 @@ - NIST-800-53-IA-5(4) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_ucredit - low_complexity - low_disruption @@ -4908,7 +4903,7 @@ - NIST-800-53-IA-5(1)(d) - NIST-800-53-IA-5(f) - PCI-DSS-Req-8.2.4 - - PCI-DSSv4-8.3.10.1 + - PCI-DSSv4-8.3.9 - accounts_maximum_age_login_defs - low_complexity - low_disruption @@ -4948,7 +4943,7 @@ - NIST-800-53-IA-5(1)(d) - NIST-800-53-IA-5(f) - PCI-DSS-Req-8.2.4 - - PCI-DSSv4-8.3.10.1 + - PCI-DSSv4-8.3.9 - accounts_maximum_age_login_defs - low_complexity - low_disruption @@ -7226,6 +7221,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -7258,6 +7254,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -7291,6 +7288,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -8114,6 +8112,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8145,6 +8144,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8177,6 +8177,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8210,6 +8211,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8239,6 +8241,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8269,6 +8272,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8379,6 +8383,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8411,6 +8416,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8444,6 +8450,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8826,6 +8833,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -8854,6 +8862,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -8883,6 +8892,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9067,6 +9077,7 @@ - NIST-800-53-SC-5(2) - NIST-800-53-SC-5(3)(a) - PCI-DSS-Req-1.4.1 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9099,6 +9110,7 @@ - NIST-800-53-SC-5(2) - NIST-800-53-SC-5(3)(a) - PCI-DSS-Req-1.4.1 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9132,6 +9144,7 @@ - NIST-800-53-SC-5(2) - NIST-800-53-SC-5(3)(a) - PCI-DSS-Req-1.4.1 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9168,7 +9181,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9201,7 +9214,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9235,7 +9248,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9272,6 +9285,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9304,6 +9318,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9337,6 +9352,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9372,7 +9388,7 @@ - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.3.1 - PCI-DSS-Req-1.3.2 - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9404,7 +9420,7 @@ - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.3.1 - PCI-DSS-Req-1.3.2 - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9437,7 +9453,7 @@ - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.3.1 - PCI-DSS-Req-1.3.2 - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9714,6 +9730,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9743,6 +9760,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9768,6 +9786,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9803,6 +9822,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9829,6 +9849,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9844,6 +9865,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9870,6 +9892,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9895,6 +9918,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -9921,6 +9945,7 @@ - DISA-STIG-RHEL-08-010190 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) + - PCI-DSSv4-2.2.6 - dir_perms_world_writable_sticky_bits - low_complexity - low_disruption @@ -10163,7 +10188,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_owner_etc_shadow - low_complexity @@ -10196,7 +10221,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_owner_etc_shadow - low_complexity @@ -10214,7 +10239,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_permissions_etc_group - low_complexity @@ -10247,7 +10272,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_permissions_etc_group - low_complexity @@ -10310,7 +10335,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_permissions_etc_passwd - low_complexity @@ -10343,7 +10368,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_permissions_etc_passwd - low_complexity @@ -10361,7 +10386,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_permissions_etc_shadow - low_complexity @@ -10394,7 +10419,7 @@ - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - PCI-DSS-Req-8.7.c - - PCI-DSSv4-7.2.6 + - PCI-DSSv4-2.2.6 - configure_strategy - file_permissions_etc_shadow - low_complexity @@ -13397,9 +13422,7 @@ - CCE-80912-9 - NIST-800-53-SI-11(a) - NIST-800-53-SI-11(b) - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13425,9 +13448,7 @@ - CCE-80912-9 - NIST-800-53-SI-11(a) - NIST-800-53-SI-11(b) - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13454,9 +13475,7 @@ - CCE-80912-9 - NIST-800-53-SI-11(a) - NIST-800-53-SI-11(b) - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13583,7 +13602,7 @@ - NIST-800-53-SC-30 - NIST-800-53-SC-30(2) - PCI-DSS-Req-2.2.1 - - PCI-DSSv4-2.2.3 + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13614,7 +13633,7 @@ - NIST-800-53-SC-30 - NIST-800-53-SC-30(2) - PCI-DSS-Req-2.2.1 - - PCI-DSSv4-2.2.3 + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13646,7 +13665,7 @@ - NIST-800-53-SC-30 - NIST-800-53-SC-30(2) - PCI-DSS-Req-2.2.1 - - PCI-DSSv4-2.2.3 + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13975,7 +13994,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - - PCI-DSSv4-2.2.4 + - PCI-DSSv4-1.4.2 - low_complexity - low_disruption - medium_severity @@ -14006,7 +14025,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - - PCI-DSSv4-2.2.4 + - PCI-DSSv4-1.4.2 - low_complexity - low_disruption - medium_severity @@ -14097,6 +14116,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - NIST-800-53-IA-5(1)(c) + - PCI-DSSv4-2.2.4 - disable_strategy - high_severity - low_complexity @@ -14140,6 +14160,7 @@ state: absent tags: - CCE-82180-1 + - PCI-DSSv4-2.2.4 - disable_strategy - low_complexity - low_disruption @@ -14234,6 +14255,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) + - PCI-DSSv4-2.2.4 - disable_strategy - high_severity - low_complexity @@ -14255,6 +14277,7 @@ state: absent tags: - CCE-83590-0 + - PCI-DSSv4-2.2.4 - disable_strategy - low_complexity - low_disruption