Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test merging upsteam #2

Open
wants to merge 92 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
92 commits
Select commit Hold shift + click to select a range
4f02266
Update ubuntu-18-type.yml
Kirkland-gh Nov 7, 2022
2f7efe4
Changed the name of the CIS-Oracle8.yml file to CIS-OracleLinux-8.yml…
Conundrum Jan 5, 2023
3bdc415
cleaning up before starting RHEL9 work
dsglaser Mar 30, 2023
fac5178
Merge pull request #45 from dsglaser/dev
dsglaser Mar 30, 2023
4bdc660
starting RHEL9 udpates
dsglaser Mar 30, 2023
41fcf62
Changes due to handler name changes
dsglaser Apr 6, 2023
190143e
Updates to rules files due to RHEL9 CIS controls
dsglaser Apr 6, 2023
3456d06
Update for handler name change
dsglaser Apr 6, 2023
3e3b72e
new variales for RHEL9, update for linting rules
dsglaser Apr 6, 2023
54e77a3
change to include_tasks for updated ansible
dsglaser Apr 6, 2023
2840382
changed handler lines due to name change
dsglaser Apr 10, 2023
2be51d5
new variables for RHEL 9
dsglaser Apr 10, 2023
e35a959
Removed reboot timeout
dsglaser Apr 10, 2023
8266d16
Updated Notify service names
dsglaser Apr 10, 2023
8f1e00e
New RHEL9 commit file - testing
dsglaser Apr 10, 2023
16018d9
fixed network settings issue
dsglaser Apr 10, 2023
9f3e580
updated for linter
dsglaser Apr 10, 2023
62b0c21
Syncing with RHEL 8 as needed
dsglaser Apr 11, 2023
9b7ae00
started to rework to v2.0.0
dsglaser Apr 11, 2023
d0e2269
Added new variables for RHEL9 and RHEL8
dsglaser Apr 13, 2023
808dae4
New rules file for RHEL 8/9
dsglaser Apr 13, 2023
87a93f3
New RHEL 9 v1.0 and RHEL8 v2.0 controls
dsglaser Apr 13, 2023
cea599c
Updates for RHEL9 rules
dsglaser Apr 17, 2023
8e4a98a
Added RHEL9 rules
dsglaser Apr 17, 2023
169ef25
Added mew versions
dsglaser Apr 17, 2023
d325e11
Merge pull request #46 from dsglaser/dev
dsglaser Apr 17, 2023
f51be61
Ran README.md through a linter
dsglaser Apr 17, 2023
36b5f6d
Ran file through linter
dsglaser Apr 17, 2023
b87599c
Merge pull request #43 from Conundrum/Oracle8
dsglaser Apr 17, 2023
72d95bb
Merge pull request #41 from Kirkland-gh/patch-1
dsglaser Apr 17, 2023
a260594
Update duplicate_groups.sh
Pierre-Gronau-ndaal Apr 25, 2023
1876f86
Update duplicate_guids.sh
Pierre-Gronau-ndaal Apr 25, 2023
6465e24
Update duplicate_uids.sh
Pierre-Gronau-ndaal Apr 25, 2023
e537c5a
Update duplicate_users.sh
Pierre-Gronau-ndaal Apr 25, 2023
74542e0
Update non_existant_homedirs.sh
Pierre-Gronau-ndaal Apr 25, 2023
461add5
Update path_check.sh
Pierre-Gronau-ndaal Apr 25, 2023
64e978e
Update undefined_groups.sh
Pierre-Gronau-ndaal Apr 25, 2023
e30ead3
Update README.md
dsglaser Apr 27, 2023
51173a7
Update README.md
dsglaser Apr 27, 2023
afde2f1
Updated with ubuntu 22, added a RHEL9 control.
dsglaser May 2, 2023
a74ac4f
do a daemon-reload on restarting aide
dsglaser May 2, 2023
ff83767
added 6.2.3 control, formatting and cleanup
dsglaser May 2, 2023
3ae1fd7
Updated to handle ubuntu 22.04+
dsglaser May 2, 2023
f778a83
updated with Ubuntu 22.04+ variables
dsglaser May 2, 2023
d375a30
added a standard rsyslog.conf config file
dsglaser May 2, 2023
86b1743
Initial controls for Ubuntu 22.04!
dsglaser May 2, 2023
ab7f2c9
Initial 22.04 controls
dsglaser May 2, 2023
24d6a72
minor formatting changes
dsglaser May 2, 2023
84cd29a
Merge pull request #54 from dsglaser/dev
dsglaser May 2, 2023
e0a2b7c
Merge pull request #53 from Pierre-Gronau-ndaal/patch-7
dsglaser May 2, 2023
32a3e6e
Merge pull request #52 from Pierre-Gronau-ndaal/patch-6
dsglaser May 2, 2023
becefa6
Merge pull request #51 from Pierre-Gronau-ndaal/patch-5
dsglaser May 2, 2023
6d7e716
Merge pull request #50 from Pierre-Gronau-ndaal/patch-4
dsglaser May 2, 2023
bb2526d
Merge pull request #49 from Pierre-Gronau-ndaal/patch-3
dsglaser May 2, 2023
72084f3
Merge pull request #48 from Pierre-Gronau-ndaal/patch-2
dsglaser May 2, 2023
2013ddc
Merge pull request #47 from Pierre-Gronau-ndaal/patch-1
dsglaser May 2, 2023
3a80c57
comment fix for Ubuntu 22.04 in Readme
dsglaser May 2, 2023
a46832a
fixed metadata for Ubuntu 22.04
dsglaser May 2, 2023
83bd47f
upped galaxy version number
dsglaser May 2, 2023
b16ecaa
Merge pull request #55 from dsglaser/dev
dsglaser May 2, 2023
749d3c1
fixed unused filesystems issue.
dsglaser May 10, 2023
e5e2de2
updated z stream number
dsglaser May 10, 2023
bdfefb0
Merge pull request #57 from dsglaser/dev
dsglaser May 10, 2023
ace826f
updated /bin/true tests to /bin/false per controls
dsglaser May 12, 2023
334943e
change dconf dir from local to distro
dsglaser May 12, 2023
561f4b0
Merge pull request #63 from dsglaser/dev
dsglaser May 12, 2023
4cbf19a
handling machines with disabled Linux
dsglaser May 12, 2023
7981509
bump release number
dsglaser May 12, 2023
4840687
Merge pull request #65 from dsglaser/dev
dsglaser May 12, 2023
d90b751
updates to handle mount_options correctly
dsglaser May 12, 2023
0a8bdd5
fixes for rhel8 passalgo and 5.6.5
dsglaser May 12, 2023
2806ec9
Merge pull request #68 from dsglaser/dev
dsglaser May 12, 2023
46fa906
fixed restart auditd service handler
dsglaser May 12, 2023
1dca8ed
Merge pull request #69 from dsglaser/dev
dsglaser May 12, 2023
7012b49
Fix control 3.3.2
dsglaser May 15, 2023
594153d
Merge pull request #71 from dsglaser/dev
dsglaser May 15, 2023
9505b4e
added blacklist to unused filesystems per v2.0.0
dsglaser May 16, 2023
efcb155
Merge pull request #74 from dsglaser/dev
dsglaser May 16, 2023
51aa977
minor fixes and typo fixes
dsglaser May 16, 2023
9d8329c
Remove spaces from issue file to meet CIS remedetion
mogamal1 May 18, 2023
84b8d3e
Update banner
mogamal1 May 18, 2023
6115b24
Merge pull request #75 from mogamal1/patch-1
dsglaser Jun 8, 2023
176ff15
updated with lint fixes
dsglaser Jun 28, 2023
763e009
updates for jinja rules
dsglaser Jun 28, 2023
ced796b
Update controls_list_win.md
devops-nick Aug 23, 2023
13213a1
Merge pull request #81 from devops-nick/dev
dsglaser Sep 28, 2023
99ecc11
Merge branch 'dev' of github.com:dsglaser/cis-security into dev
dsglaser Sep 28, 2023
13c3cab
Finished the error in Issue #80
dsglaser Sep 28, 2023
7a78024
formatting fixes per Issue #72
dsglaser Sep 28, 2023
bda8054
fixed symllnk location per Issue #78
dsglaser Sep 28, 2023
a1ebd90
for some reason I need to push them again?
dsglaser Sep 28, 2023
d7609c1
Merge pull request #82 from dsglaser/dev
dsglaser Sep 28, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Added new variables for RHEL9 and RHEL8
  • Loading branch information
dsglaser committed Apr 13, 2023
commit d0e22699d1390b5b2d9de8f68ce12f671251098c
3 changes: 3 additions & 0 deletions roles/cis_security/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -53,11 +53,13 @@ ypbind: false
graphical_interface: false # Whether to disable the GDM greeter service. The service will disabled on 'false'

log_service: "journald" # journald or rsyslog for logging. Choose one. Currently only implemented in RHEL 9!
remote_log_service: false # Whether to configure journald to start systemd-journal-remote.service
# Rsyslog service
log_host: false # Linux: Whether this machine will host rsyslog messages for other machines
log_port: 514 # Linux: Port to listen to RSYSLOG messages on (if log_host is true)
log_file_size: 8 # Linux: log file size. RHEL default is 8MB, control has no default
# rsyslog_file: # Linux: Uncomment to copy file listed to /etc/rsyslog.d
logrotate_file: # Linux: RHEL 8/9, Copy file listed for logrotate

# network security settings
tcpwrappers: false # Linux: Configure tcpwrappers controls. RHEL 7 control only
@@ -101,6 +103,7 @@ password_req_digit: true # Linux
password_req_upper: true # Linux
password_req_lower: true # Linux
password_req_special: true # Linux
password_hash_alg: "yescrypt" # Linux (RHEL 8/9), set password hashing algorithm, set to 'sha512' or 'yescrypt'
password_min_days: 7 # Common: Windows has this control listed as 1 day
password_expire_days: 365 # Common: Windows has this control listed as 24 days
password_warning_days: 7 # Common: Windows has this control listed as 'between 5 and 14 days'