From 83a3cc5fc7b63e27b930ecde287438ec737a6959 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Mon, 11 Dec 2023 11:37:11 +0000 Subject: [PATCH] initial Signed-off-by: Mark Bolwell --- .config/.gitleaks-report.json | 322 ----------------------------- .config/.secrets.baseline | 128 ------------ .pre-commit-config.yaml | 4 - tasks/Cat3/RHEL-09-2xxxxx.yml | 20 +- tasks/Cat3/RHEL-09-4xxxxx.yml | 2 +- tasks/main.yml | 15 +- tasks/parse_etc_password.yml | 2 +- templates/ansible_vars_goss.yml.j2 | 12 ++ 8 files changed, 32 insertions(+), 473 deletions(-) delete mode 100644 .config/.gitleaks-report.json delete mode 100644 .config/.secrets.baseline diff --git a/.config/.gitleaks-report.json b/.config/.gitleaks-report.json deleted file mode 100644 index 170a3d7..0000000 --- a/.config/.gitleaks-report.json +++ /dev/null @@ -1,322 +0,0 @@ -[ - { - "Description": "Generic API Key", - "StartLine": 4, - "EndLine": 4, - "StartColumn": 8, - "EndColumn": 53, - "Match": "key_pubkey_name: gpg-pubkey-b86b3716-61e69f29 ", - "Secret": "gpg-pubkey-b86b3716-61e69f29", - "File": "vars/AlmaLinux.yml", - "SymlinkFile": "", - "Commit": "164d8c9077b2506985a40cb5f8176dc34ec936a1", - "Entropy": 3.824863, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-12-09T09:41:14Z", - "Message": "initial\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "164d8c9077b2506985a40cb5f8176dc34ec936a1:vars/AlmaLinux.yml:generic-api-key:4" - }, - { - "Description": "Generic API Key", - "StartLine": 3, - "EndLine": 3, - "StartColumn": 8, - "EndColumn": 53, - "Match": "key_pubkey_name: gpg-pubkey-8d8b756f-629e59ec ", - "Secret": "gpg-pubkey-8d8b756f-629e59ec", - "File": "vars/OracleLinux.yml", - "SymlinkFile": "", - "Commit": "164d8c9077b2506985a40cb5f8176dc34ec936a1", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-12-09T09:41:14Z", - "Message": "initial\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "164d8c9077b2506985a40cb5f8176dc34ec936a1:vars/OracleLinux.yml:generic-api-key:3" - }, - { - "Description": "Generic API Key", - "StartLine": 4, - "EndLine": 4, - "StartColumn": 8, - "EndColumn": 53, - "Match": "key_pubkey_name: gpg-pubkey-fd431d51-4ae0493b ", - "Secret": "gpg-pubkey-fd431d51-4ae0493b", - "File": "vars/RedHat.yml", - "SymlinkFile": "", - "Commit": "164d8c9077b2506985a40cb5f8176dc34ec936a1", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-12-09T09:41:14Z", - "Message": "initial\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "164d8c9077b2506985a40cb5f8176dc34ec936a1:vars/RedHat.yml:generic-api-key:4" - }, - { - "Description": "Generic API Key", - "StartLine": 4, - "EndLine": 4, - "StartColumn": 8, - "EndColumn": 53, - "Match": "key_pubkey_name: gpg-pubkey-350d275d-6279464b ", - "Secret": "gpg-pubkey-350d275d-6279464b", - "File": "vars/Rocky.yml", - "SymlinkFile": "", - "Commit": "164d8c9077b2506985a40cb5f8176dc34ec936a1", - "Entropy": 3.9946804, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-12-09T09:41:14Z", - "Message": "initial\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "164d8c9077b2506985a40cb5f8176dc34ec936a1:vars/Rocky.yml:generic-api-key:4" - }, - { - "Description": "Generic API Key", - "StartLine": 8, - "EndLine": 8, - "StartColumn": 14, - "EndColumn": 59, - "Match": "key_pubkey_name: gpg-pubkey-b86b3716-61e69f29\"", - "Secret": "gpg-pubkey-b86b3716-61e69f29", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.824863, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:8" - }, - { - "Description": "Generic API Key", - "StartLine": 9, - "EndLine": 9, - "StartColumn": 5, - "EndColumn": 43, - "Match": "Secret\": \"gpg-pubkey-b86b3716-61e69f29\"", - "Secret": "gpg-pubkey-b86b3716-61e69f29", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.824863, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:9" - }, - { - "Description": "Generic API Key", - "StartLine": 28, - "EndLine": 28, - "StartColumn": 14, - "EndColumn": 59, - "Match": "key_pubkey_name: gpg-pubkey-8d8b756f-629e59ec\"", - "Secret": "gpg-pubkey-8d8b756f-629e59ec", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:28" - }, - { - "Description": "Generic API Key", - "StartLine": 29, - "EndLine": 29, - "StartColumn": 5, - "EndColumn": 43, - "Match": "Secret\": \"gpg-pubkey-8d8b756f-629e59ec\"", - "Secret": "gpg-pubkey-8d8b756f-629e59ec", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:29" - }, - { - "Description": "Generic API Key", - "StartLine": 48, - "EndLine": 48, - "StartColumn": 14, - "EndColumn": 59, - "Match": "key_pubkey_name: gpg-pubkey-fd431d51-4ae0493b\"", - "Secret": "gpg-pubkey-fd431d51-4ae0493b", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:48" - }, - { - "Description": "Generic API Key", - "StartLine": 49, - "EndLine": 49, - "StartColumn": 5, - "EndColumn": 43, - "Match": "Secret\": \"gpg-pubkey-fd431d51-4ae0493b\"", - "Secret": "gpg-pubkey-fd431d51-4ae0493b", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:49" - }, - { - "Description": "Generic API Key", - "StartLine": 68, - "EndLine": 68, - "StartColumn": 14, - "EndColumn": 59, - "Match": "key_pubkey_name: gpg-pubkey-350d275d-6279464b\"", - "Secret": "gpg-pubkey-350d275d-6279464b", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.9946804, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:68" - }, - { - "Description": "Generic API Key", - "StartLine": 69, - "EndLine": 69, - "StartColumn": 5, - "EndColumn": 43, - "Match": "Secret\": \"gpg-pubkey-350d275d-6279464b\"", - "Secret": "gpg-pubkey-350d275d-6279464b", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "0f8cc513337c04717a008890982e1d6ecc3ce399", - "Entropy": 3.9946804, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:48:08Z", - "Message": "updatedfile\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "0f8cc513337c04717a008890982e1d6ecc3ce399:.config/.gitleaks-report.json:generic-api-key:69" - }, - { - "Description": "Generic API Key", - "StartLine": 4, - "EndLine": 5, - "StartColumn": 9, - "EndColumn": 1, - "Match": "key_pubkey_name: gpg-pubkey-b86b3716-61e69f29", - "Secret": "gpg-pubkey-b86b3716-61e69f29", - "File": "vars/AlmaLinux.yml", - "SymlinkFile": "", - "Commit": "61117f4e20cc0475038d77d33d548d94966a2dd8", - "Entropy": 3.824863, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:44:05Z", - "Message": "initial development\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "61117f4e20cc0475038d77d33d548d94966a2dd8:vars/AlmaLinux.yml:generic-api-key:4" - }, - { - "Description": "Generic API Key", - "StartLine": 4, - "EndLine": 5, - "StartColumn": 9, - "EndColumn": 1, - "Match": "key_pubkey_name: gpg-pubkey-fd431d51-4ae0493b", - "Secret": "gpg-pubkey-fd431d51-4ae0493b", - "File": "vars/RedHat.yml", - "SymlinkFile": "", - "Commit": "61117f4e20cc0475038d77d33d548d94966a2dd8", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:44:05Z", - "Message": "initial development\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "61117f4e20cc0475038d77d33d548d94966a2dd8:vars/RedHat.yml:generic-api-key:4" - }, - { - "Description": "Generic API Key", - "StartLine": 3, - "EndLine": 4, - "StartColumn": 9, - "EndColumn": 1, - "Match": "key_pubkey_name: gpg-pubkey-8d8b756f-629e59ec", - "Secret": "gpg-pubkey-8d8b756f-629e59ec", - "File": "vars/OracleLinux.yml", - "SymlinkFile": "", - "Commit": "61117f4e20cc0475038d77d33d548d94966a2dd8", - "Entropy": 3.96772, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:44:05Z", - "Message": "initial development\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "61117f4e20cc0475038d77d33d548d94966a2dd8:vars/OracleLinux.yml:generic-api-key:3" - }, - { - "Description": "Generic API Key", - "StartLine": 4, - "EndLine": 5, - "StartColumn": 9, - "EndColumn": 1, - "Match": "key_pubkey_name: gpg-pubkey-350d275d-6279464b", - "Secret": "gpg-pubkey-350d275d-6279464b", - "File": "vars/Rocky.yml", - "SymlinkFile": "", - "Commit": "61117f4e20cc0475038d77d33d548d94966a2dd8", - "Entropy": 3.9946804, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-10-12T15:44:05Z", - "Message": "initial development\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "61117f4e20cc0475038d77d33d548d94966a2dd8:vars/Rocky.yml:generic-api-key:4" - } -] diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline deleted file mode 100644 index e94c045..0000000 --- a/.config/.secrets.baseline +++ /dev/null @@ -1,128 +0,0 @@ -{ - "version": "1.4.0", - "plugins_used": [ - { - "name": "ArtifactoryDetector" - }, - { - "name": "AWSKeyDetector" - }, - { - "name": "AzureStorageKeyDetector" - }, - { - "name": "Base64HighEntropyString", - "limit": 4.5 - }, - { - "name": "BasicAuthDetector" - }, - { - "name": "CloudantDetector" - }, - { - "name": "DiscordBotTokenDetector" - }, - { - "name": "GitHubTokenDetector" - }, - { - "name": "HexHighEntropyString", - "limit": 3.0 - }, - { - "name": "IbmCloudIamDetector" - }, - { - "name": "IbmCosHmacDetector" - }, - { - "name": "JwtTokenDetector" - }, - { - "name": "KeywordDetector", - "keyword_exclude": "" - }, - { - "name": "MailchimpDetector" - }, - { - "name": "NpmDetector" - }, - { - "name": "PrivateKeyDetector" - }, - { - "name": "SendGridDetector" - }, - { - "name": "SlackDetector" - }, - { - "name": "SoftlayerDetector" - }, - { - "name": "SquareOAuthDetector" - }, - { - "name": "StripeDetector" - }, - { - "name": "TwilioKeyDetector" - } - ], - "filters_used": [ - { - "path": "detect_secrets.filters.allowlist.is_line_allowlisted" - }, - { - "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", - "min_level": 2 - }, - { - "path": "detect_secrets.filters.heuristic.is_indirect_reference" - }, - { - "path": "detect_secrets.filters.heuristic.is_likely_id_string" - }, - { - "path": "detect_secrets.filters.heuristic.is_lock_file" - }, - { - "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" - }, - { - "path": "detect_secrets.filters.heuristic.is_potential_uuid" - }, - { - "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" - }, - { - "path": "detect_secrets.filters.heuristic.is_sequential_string" - }, - { - "path": "detect_secrets.filters.heuristic.is_swagger_file" - }, - { - "path": "detect_secrets.filters.heuristic.is_templated_secret" - }, - { - "path": "detect_secrets.filters.regex.should_exclude_file", - "pattern": [ - ".config/.gitleaks-report.json" - ] - } - ], - "results": { - "tasks/parse_etc_password.yml": [ - { - "type": "Secret Keyword", - "filename": "tasks/parse_etc_password.yml", - "hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "is_verified": false, - "line_number": 19 - } - ] - }, - "generated_at": "2023-12-09T09:43:31Z" -} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0151ac7..187d1a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,15 +34,11 @@ repos: rev: v1.4.0 hooks: - id: detect-secrets - args: [ '--baseline', '.config/.secrets.baseline' ] - exclude: .config/.gitleaks-report.json - repo: https://github.com/gitleaks/gitleaks rev: v8.18.0 hooks: - id: gitleaks - args: ['--baseline-path', '.config/.gitleaks-report.json'] - exclude: .config/.secrets.baseline - repo: https://github.com/ansible-community/ansible-lint rev: v6.21.1 diff --git a/tasks/Cat3/RHEL-09-2xxxxx.yml b/tasks/Cat3/RHEL-09-2xxxxx.yml index 56cea20..d472619 100644 --- a/tasks/Cat3/RHEL-09-2xxxxx.yml +++ b/tasks/Cat3/RHEL-09-2xxxxx.yml @@ -17,11 +17,11 @@ name: rngd state: started -- name: "LOW | RHEL-09-211050 | PATCH | RHEL 9 must enable mitigations against processor-based vulnerabilities." +- name: "LOW | RHEL-09-212050 | PATCH | RHEL 9 must enable mitigations against processor-based vulnerabilities." when: - - rhel_09_211050 + - rhel_09_212050 tags: - - RHEL-09-211050 + - RHEL-09-212050 - CAT2 - CCI-000381 - CCI-002824 @@ -35,23 +35,23 @@ notify: - Change_requires_reboot block: - - name: "LOW | RHEL-09-211050 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." + - name: "LOW | RHEL-09-212050 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." ansible.builtin.shell: grep "^GRUB_CMD" /etc/default/grub | grep pti changed_when: false failed_when: rhel9stig_grub_pti_enabled.rc not in [ 0, 1 ] register: rhel9stig_grub_pti_enabled - - name: "LOW | RHEL-09-211050 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." + - name: "LOW | RHEL-09-212050 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." when: - rhel9stig_grub_pti_enabled is defined - rhel9stig_grub_pti_enabled.rc == 1 ansible.builtin.shell: grubby --update-kernel=ALL --args="pti=on" -- name: "LOW | RHEL-09-211055 | PATCH | RHEL 9 must enable auditing of processes that start prior to the audit daemon." +- name: "LOW | RHEL-09-212055 | PATCH | RHEL 9 must enable auditing of processes that start prior to the audit daemon." when: - - rhel_09_211055 + - rhel_09_212055 tags: - - RHEL-09-211055 + - RHEL-09-212055 - CAT2 - CCI-000130 - CCI-000135 @@ -78,13 +78,13 @@ notify: - Change_requires_reboot block: - - name: "LOW | RHEL-09-211050 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." + - name: "LOW | RHEL-09-212055 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." ansible.builtin.shell: grep "^GRUB_CMD" /etc/default/grub | grep 'audit=1' changed_when: false failed_when: rhel9stig_grub_audit_enabled.rc not in [ 0, 1 ] register: rhel9stig_grub_audit_enabled - - name: "LOW | RHEL-09-211050 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." + - name: "LOW | RHEL-09-212055 | AUDIT | RHEL 9 must enable mitigations against processor-based vulnerabilities." when: - rhel9stig_grub_audit_enabled is defined - rhel9stig_grub_audit_enabled.rc == 1 diff --git a/tasks/Cat3/RHEL-09-4xxxxx.yml b/tasks/Cat3/RHEL-09-4xxxxx.yml index 4fed926..d49835a 100644 --- a/tasks/Cat3/RHEL-09-4xxxxx.yml +++ b/tasks/Cat3/RHEL-09-4xxxxx.yml @@ -18,7 +18,7 @@ - tmux ansible.builtin.lineinfile: path: /etc/shells - regexp: '^tmux' + regexp: 'tmux' state: absent - name: "LOW | RHEL-09-412040 | PATCH | RHEL 9 must limit the number of concurrent sessions to ten for all accounts and/or account types." diff --git a/tasks/main.yml b/tasks/main.yml index 046b4ec..8df031c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -132,13 +132,14 @@ - CAT2 - medium -# - name: Include CAT III patches -# ansible.builtin.import_tasks: Cat3/main.yml -# when: -# - rhel9stig_cat3 -# tags: -# - CAT3 -# - low +- name: Include CAT III patches + ansible.builtin.import_tasks: + file: Cat3/main.yml + when: + - rhel9stig_cat3 + tags: + - CAT3 + - low - name: Run auditd logic when: diff --git a/tasks/parse_etc_password.yml b/tasks/parse_etc_password.yml index 3ed90fd..669fe6e 100644 --- a/tasks/parse_etc_password.yml +++ b/tasks/parse_etc_password.yml @@ -16,7 +16,7 @@ vars: ld_passwd_regex: >- ^(?P[^:]*):(?P[^:]*):(?P[^:]*):(?P[^:]*):(?P[^:]*):(?P[^:]*):(?P[^:]*) - ld_passwd_yaml: | + ld_passwd_yaml: | # pragma: allowlist secret id: >-4 \g password: >-4 diff --git a/templates/ansible_vars_goss.yml.j2 b/templates/ansible_vars_goss.yml.j2 index c61a698..e684480 100644 --- a/templates/ansible_vars_goss.yml.j2 +++ b/templates/ansible_vars_goss.yml.j2 @@ -511,6 +511,18 @@ rhel_09_654260: {{ rhel_09_654260 }} rhel_09_654265: {{ rhel_09_654265 }} rhel_09_654270: {{ rhel_09_654270 }} rhel_09_654275: {{ rhel_09_654275 }} + +rhel_09_671015: {{ rhel_09_671015 }} +rhel_09_671020: {{ rhel_09_671020 }} +rhel_09_671025: {{ rhel_09_671025 }} +rhel_09_672010: {{ rhel_09_672010 }} +rhel_09_672020: {{ rhel_09_672020 }} +rhel_09_672025: {{ rhel_09_672025 }} +rhel_09_672035: {{ rhel_09_672035 }} +rhel_09_672040: {{ rhel_09_672040 }} +rhel_09_672045: {{ rhel_09_672045 }} +rhel_09_672050: {{ rhel_09_672050 }} + # Cat 3 controls ### Cat3 rhel_09_211035: {{ rhel_09_211035 }}