Benchmark v2.0.0

.ansible-lint

@@ -3,21 +3,7 @@
 parseable: true
 quiet: true
 skip_list:
-    - 'schema'
-    - 'no-changed-when'
-    - 'var-spacing'
-    - 'experimental'
-    - 'name[play]'
-    - 'name[casing]'
-    - 'name[template]'
-    - 'key-order[task]'
-    - 'yaml[line-length]'
-    - '204'
-    - '305'
-    - '303'
-    - '403'
-    - '306'
-    - '602'
-    - '208'
+  - 'package-latest'
+  - 'risky-shell-pipe'
 use_default_rules: true
 verbosity: 0

.github/workflows/devel_pipeline_validation.yml

@@ -27,7 +27,7 @@
   jobs:
     # This will create messages for first time contributers and direct them to the Discord server
       welcome:
-        runs-on: self-hosted
+        runs-on: ubuntu-latest
 
         steps:
             - uses: actions/first-interaction@main

.pre-commit-config.yaml

@@ -2,21 +2,26 @@
 ##### CI for use by github no need for action to be added
 ##### Inherited
 ci:
-    autofix_prs: false
-    skip: [detect-aws-credentials, ansible-lint ]
+  autofix_prs: false
+  skip: [detect-aws-credentials, ansible-lint ]
 
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
   rev: v5.0.0
   hooks:
   # Safety
   - id: detect-aws-credentials
+    name: Detect AWS Credentials
   - id: detect-private-key
+    name: Detect Private Keys
 
   # git checks
   - id: check-merge-conflict
+    name: Check for merge conflicts
   - id: check-added-large-files
+    name: Check for Large files
   - id: check-case-conflict
+    name: Check case conflict
 
   # General checks
   - id: trailing-whitespace
@@ -27,19 +32,18 @@ repos:
     types: [text]
     args: [--markdown-linebreak-ext=md]
   - id: end-of-file-fixer
+    name: Ensure line at end of file
 
 # Scan for passwords
 - repo: https://github.com/Yelp/detect-secrets
   rev: v1.5.0
   hooks:
   - id: detect-secrets
-    args: [ '--baseline', '.config/.secrets.baseline' ]
 
 - repo: https://github.com/gitleaks/gitleaks
   rev: v8.21.2
   hooks:
   - id: gitleaks
-    args: ['--baseline-path', '.config/.gitleaks-report.json']
 
 - repo: https://github.com/ansible-community/ansible-lint
   rev: v24.10.0
@@ -53,14 +57,15 @@ repos:
     # https://github.com/ansible/ansible-lint/issues/611
     pass_filenames: false
     always_run: true
-    additional_dependencies:
+    # additional_dependencies:
     # https://github.com/pre-commit/pre-commit/issues/1526
     # If you want to use specific version of ansible-core or ansible, feel
     # free to override `additional_dependencies` in your own hook config
     # file.
-    - ansible-core>=2.10.1
+    # - ansible-core>=2.10.1
 
 - repo: https://github.com/adrienverge/yamllint.git
   rev: v1.35.1  # or higher tag
   hooks:
   - id: yamllint
+    name: Check YAML Lint

.yamllint

@@ -1,34 +1,38 @@
 ---
-
 extends: default
-
 ignore: |
     tests/
     molecule/
     .github/
     .gitlab-ci.yml
     *molecule.yml
-
 rules:
-    indentation:
-        # Requiring 4 space indentation
-        spaces: 4
-        # Requiring consistent indentation within a file, either indented or not
-        indent-sequences: consistent
-    braces:
-        max-spaces-inside: 1
-        level: error
-    brackets:
-        max-spaces-inside: 1
-        level: error
-    empty-lines:
-        max: 1
-    line-length: disable
-    key-duplicates: enable
-    new-line-at-end-of-file: enable
-    new-lines:
-        type: unix
-    trailing-spaces: enable
-    truthy:
-        allowed-values: ['true', 'false']
-        check-keys: true
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  comments:
+    ignore-shebangs: true
+    min-spaces-from-content: 1 # prettier compatibility
+  comments-indentation: enable
+  empty-lines:
+    max: 1
+  indentation:
+    # Requiring 2 space indentation
+    spaces: 2
+    # Requiring consistent indentation within a file, either indented or not
+    indent-sequences: consistent
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  octal-values:
+    forbid-implicit-octal: true # yamllint defaults to false
+    forbid-explicit-octal: true
+  trailing-spaces: enable
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: true

Changelog.md

@@ -1,5 +1,21 @@
 # Ubuntu22CIS
 
+## Based on CIS v2.0.0
+
+### Do not migrate
+
+CIS have rewritten with a full release including but not limited to
+
+- reordering
+- new sections and controls in differing sections
+
+This is a rewrite off approx 75% of controls
+
+- New variables
+- improved audit related checks
+- greater options on some controls
+- linting improvements and updated to latest
+
 ## Based on CIS V1.0.0
 
 ### 1.1.1

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 MindPoint Group / Lockdown Enterprise / Lockdown Enterprise Releases
+Copyright (c) 2025 Mindpoint Group - A Tyto Athene Company / Ansible Lockdown
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -2,7 +2,7 @@
 
 ## Configure a Ubuntu 22 machine to be [CIS](https://www.cisecurity.org/cis-benchmarks/) compliant
 
-### Based on CIS Ubuntu Linux 22.04 LTS Benchmark v1.0.0 [Release](https://learn.cisecurity.org/l/799323/2022-09-15/3l9d2k)
+### Based on CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0 [Release](https://downloads.cisecurity.org/#/)
 
 ![Org Stars](https://img.shields.io/github/stars/ansible-lockdown?label=Org%20Stars&style=social)
 ![Stars](https://img.shields.io/github/stars/ansible-lockdown/ubuntu22-cis?label=Repo%20Stars&style=social)

collections/requirements.yml

@@ -1,14 +1,14 @@
 ---
 
 collections:
-    - name: community.general
-      source: https://github.com/ansible-collections/community.general
-      type: git
+  - name: community.general
+    source: https://github.com/ansible-collections/community.general
+    type: git
 
-    - name: community.crypto
-      source: https://github.com/ansible-collections/community.crypto
-      type: git
+  - name: community.crypto
+    source: https://github.com/ansible-collections/community.crypto
+    type: git
 
-    - name: ansible.posix
-      source: https://github.com/ansible-collections/ansible.posix
-      type: git
+  - name: ansible.posix
+    source: https://github.com/ansible-collections/ansible.posix
+    type: git