From 2074aac592fef54d158fb18b8d2b32bd3bd4d1ed Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 22 Sep 2023 14:21:57 +0100 Subject: [PATCH 1/4] updated truthy Signed-off-by: Mark Bolwell --- .yamllint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.yamllint b/.yamllint index ec46929..65faae6 100644 --- a/.yamllint +++ b/.yamllint @@ -30,4 +30,4 @@ rules: trailing-spaces: enable truthy: allowed-values: ['true', 'false'] - check-keys: false + check-keys: true From 91fc33739710fe9b89efb37e42c448ded7c3ef13 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 22 Sep 2023 14:22:21 +0100 Subject: [PATCH 2/4] updated Signed-off-by: Mark Bolwell --- .config/.secrets.baseline | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline index d1d2ada..c1b01c1 100644 --- a/.config/.secrets.baseline +++ b/.config/.secrets.baseline @@ -105,18 +105,15 @@ }, { "path": "detect_secrets.filters.heuristic.is_templated_secret" + }, + { + "path": "detect_secrets.filters.regex.should_exclude_file", + "pattern": [ + ".config/.gitleaks-report.json", + "tasks/parse_etc_password.yml" + ] } ], - "results": { - "tasks/parse_etc_password.yml": [ - { - "type": "Secret Keyword", - "filename": "tasks/parse_etc_password.yml", - "hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "is_verified": false, - "line_number": 18 - } - ] - }, - "generated_at": "2023-08-23T10:10:15Z" + "results": {}, + "generated_at": "2023-09-22T13:20:34Z" } From 7e8d8283eb09350c529f85bcf5b8b001f7acd964 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 22 Sep 2023 14:23:30 +0100 Subject: [PATCH 3/4] updated Signed-off-by: Mark Bolwell --- README.md | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 83b3854..87243e1 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,4 @@ -# AMAZON 2023 CIS - Beta - -**************************** -NOTE AUDIT NOT YET AVAILABLE -**************************** +# AMAZON 2023 CIS ## Configure a Amazon 2023 machine to be [CIS](https://www.cisecurity.org/cis-benchmarks/) compliant @@ -16,7 +12,7 @@ NOTE AUDIT NOT YET AVAILABLE ![followers](https://img.shields.io/github/followers/ansible-lockdown?style=social) [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/AnsibleLockdown.svg?style=social&label=Follow%20%40AnsibleLockdown)](https://twitter.com/AnsibleLockdown) -![Ansible Galaxy Quality](https://img.shields.io/ansible/quality/61781?label=Quality&&logo=ansible) +![Ansible Galaxy Quality](https://img.shields.io/ansible/quality/?label=Quality&&logo=ansible) ![Discord Badge](https://img.shields.io/discord/925818806838919229?logo=discord) ![Release Branch](https://img.shields.io/badge/Release%20Branch-Main-brightgreen) @@ -38,9 +34,9 @@ NOTE AUDIT NOT YET AVAILABLE ## Looking for support? -[Lockdown Enterprise](https://www.lockdownenterprise.com#GH_AL_RH9_cis) +[Lockdown Enterprise](https://www.lockdownenterprise.com#GH_AL_AMZ2023_cis) -[Ansible support](https://www.mindpointgroup.com/cybersecurity-products/ansible-counselor#GH_AL_RH9_cis) +[Ansible support](https://www.mindpointgroup.com/cybersecurity-products/ansible-counselor#GH_AL_AMZ2023_cis) ### Community @@ -96,10 +92,10 @@ Refer to [AMAZON2023-CIS-Audit](https://github.com/ansible-lockdown/AMAZON2023-C ## Documentation - [Read The Docs](https://ansible-lockdown.readthedocs.io/en/latest/) -- [Getting Started](https://www.lockdownenterprise.com/docs/getting-started-with-lockdown#GH_AL_RH9_cis) -- [Customizing Roles](https://www.lockdownenterprise.com/docs/customizing-lockdown-enterprise#GH_AL_RH9_cis) -- [Per-Host Configuration](https://www.lockdownenterprise.com/docs/per-host-lockdown-enterprise-configuration#GH_AL_RH9_cis) -- [Getting the Most Out of the Role](https://www.lockdownenterprise.com/docs/get-the-most-out-of-lockdown-enterprise#GH_AL_RH9_cis) +- [Getting Started](https://www.lockdownenterprise.com/docs/getting-started-with-lockdown#GH_AL_AMZ2023_cis) +- [Customizing Roles](https://www.lockdownenterprise.com/docs/customizing-lockdown-enterprise#GH_AL_AMZ2023_cis) +- [Per-Host Configuration](https://www.lockdownenterprise.com/docs/per-host-lockdown-enterprise-configuration#GH_AL_AMZ2023_cis) +- [Getting the Most Out of the Role](https://www.lockdownenterprise.com/docs/get-the-most-out-of-lockdown-enterprise#GH_AL_AMZ2023_cis) ## Requirements @@ -195,7 +191,6 @@ uses: ## Added Extras -- makefile - this is there purely for testing and initial setup purposes. - [pre-commit](https://pre-commit.com) can be tested and can be run from within the directory ```sh From 858aabfe23e1297f1552f4d15c585f69d6ef8699 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 22 Sep 2023 14:25:31 +0100 Subject: [PATCH 4/4] removed skip for fqcn Signed-off-by: Mark Bolwell --- .ansible-lint | 2 -- 1 file changed, 2 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 057c65e..b717f67 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,12 +6,10 @@ skip_list: - 'schema' - 'no-changed-when' - 'var-spacing' - - 'fqcn-builtins' - 'experimental' - 'name[play]' - 'name[casing]' - 'name[template]' - - 'fqcn[action]' - 'key-order[task]' - '204' - '305'