Release devel -> main #104
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: James Vornhagen <[email protected]>
bugfix: When IPv6 is disabled / not available we can not add ufw rule.
Signed-off-by: Colin Bruner <[email protected]>
Modify /etc/aide.conf when ubtu22cis_config_aide is true
Signed-off-by: Mark Bolwell <[email protected]>
…" with error "'state' cannot be specified on a template" Signed-off-by: Jason Hendry <[email protected]>
…d-timesyncd fix: #68 Role fails when ubtu22cis_time_sync_tool: "systemd-timesyncd…
Signed-off-by: Mark Bolwell <[email protected]>
Added condition for associated task #67
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
updates and improvements
…nsively. Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: Anže Luzar <[email protected]>
Signed-off-by: Anže Luzar <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
Task validation fixes (by Steampunk Spotter)
Signed-off-by: Bernd Grobauer <[email protected]>
…container Removing duplicate variable signifying containerized systems.
Signed-off-by: Bernd Grobauer <[email protected]>
- The previous regex requires exactly *one* space between
`default=ignore]` and `pam_unix.so` which on a default OS installetion never matches, is now fixed
- The `.*` in `(.*)(remember=([0-9]{1,})|)` was greedy, which means that
everything after it never matches
- I name the groups now which is easier than the numbers
- I took care that when inserting a non-existing `remember=` before and after it is at least one space.
- A the same time I make sure that *not* on every run, an additonal
space is added on replacement, so that the line is *not* endlessly
growing.
- The `ansible.builtin.shell: grep 'password.*pam_unix.so' /etc/pam.d/common-password` do not require
the `[success=1 default=ignore]` but the lineinfile regexs did,
which would mean that the grep-regex match but not later lineinfile-regexes not ⇒
I updated it, so that no one requires the `[success=1 default=ignore]`
still prserves it.
Signed-off-by: Fabian Raab <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
update discord link
…inally in the lockdown role. Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
…bles Improve variable documentation in `defaults/main.yml` (issue #84)
I think this is a transition error from an old implementation. In CIS Ubuntu 20.04 v1.1 it was still /var/log/faillog, but in CIS Ubuntu 20.04 v2.0 it has changed to /var/run/faillock and hence in CIS Ubuntu 22.04 v1.0 it is also /var/run/faillock. For Debian it is the same, for Debian 10 v1.0 it is /var/log/faillog, but for Debian 11 v1.0 it is /var/run/faillock. Signed-off-by: Fabian Raab <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…sers_not_detected_correctly Optimization of `interactive-users` detection(issue #86)
…ith Ansible-Galaxy linting requirements Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
…SessionProfileCreation Fixing syntax for 1.8.4, sub-task | session profile |
Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: Bernd Grobauer <[email protected]>
…ot_quite_correct Getting rule 4.1.3.2 in line with what CIS expects.
Removing restricting of chage operations to UIDs > 1000
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
…sword_reuse_limited fix(R5.4.3). Correct regexes so that they match
🐛(R4.1.3.12): Change wrong /var/log/faillog to /var/run/faillock
Signed-off-by: Mark Bolwell <[email protected]>
frederickw082922
approved these changes
Sep 26, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overall Review of Changes:
Many issues address
new workflow
updated linting
link updates
multiple improvements
Issue Fixes:
Many thanks to all those who contributed
#62
#67
#68
#79
#81
#88
PRS
#61
#63
#64
#66
#69
#70
#71
#72
#74
#75
#78
#83
#85
#87
#92
#95
#97
#98
#99
#100
Enhancements:
Lint updated
pre-commit added to the repository
multiple improvements to logic and tests
How has this been tested?:
Manually
pipeline to devel