March 24 updates #68
Merged
March 24 updates #68
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
Signed-off-by: Mark Bolwell <[email protected]>
uk-bolly
added a commit
that referenced
this pull request
Apr 15, 2024
* Fixing issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/3 by editing the destination path! Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/4 by masking both the socket and the service! Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/6 by editing the value of `clientalivecountmax` to 3! Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/2 by using `import_tasks` module so as the rules will get added and executed! Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/5 by adding the necessary lines to both sshd_config file and sshd_config.d/ files. The same method is used for all the rules from 4.2.x, to make them compliant with CISs checks. Signed-off-by: Diana-Maria Dumitru <[email protected]> * Removing trailing whitespaces Signed-off-by: Diana-Maria Dumitru <[email protected]> * Removing trailing whitespaces and fixing an end-of-file Signed-off-by: Diana-Maria Dumitru <[email protected]> * Refactoring docs Signed-off-by: Diana-Maria Dumitru <[email protected]> * Small fixings for https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/19 Signed-off-by: Diana-Maria Dumitru <[email protected]> * Removing trailing whitespace Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing fail message so that is states the correct number of the rule that requires the root password to be set Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing inconsistencies for issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/22 Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing minor syntax issues by adding missing "PATCH" keywords or missing "|". Signed-off-by: Diana-Maria Dumitru <[email protected]> * Fixing PRELIM task "PRELIM | 4.3.3 | Find all sudoers files" mentioned in issue https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/amazon2023-cis/-/issues/22. Signed-off-by: Diana-Maria Dumitru <[email protected]> * Removing 1.1.2.1 from multiline task 1.1.2.2 ,1.1.2.3, 1.1.2.4 because it was not supposed to be there! Signed-off-by: Diana-Maria Dumitru <[email protected]> * Removing prelim for installing authconfig, as it is not used. Signed-off-by: Diana-Maria Dumitru <[email protected]> * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/pre-commit/pre-commit-hooks: v4.4.0 → v4.5.0](pre-commit/pre-commit-hooks@v4.4.0...v4.5.0) - [github.com/gitleaks/gitleaks: v8.17.0 → v8.18.2](gitleaks/gitleaks@v8.17.0...v8.18.2) - [github.com/ansible-community/ansible-lint: v6.18.0 → v24.2.0](ansible/ansible-lint@v6.18.0...v24.2.0) - [github.com/adrienverge/yamllint.git: v1.32.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.35.1) * Removing the 6.1.12 duplicate task and adding it to the 6.1.10 task as it was implementing something needed by 6.1.10. Signed-off-by: Diana-Maria Dumitru <[email protected]> * De-commenting allow and deny variables for sshd. Signed-off-by: Diana-Maria Dumitru <[email protected]> * Removing double import of cis_5.3.yml. Signed-off-by: Diana-Maria Dumitru <[email protected]> * As authconfig is not needed anymore, the variable related to its installation is removed! Signed-off-by: Diana-Maria Dumitru <[email protected]> * Feb 24 updates to devel (#58) * updated to use ansible_facts variables Signed-off-by: Mark Bolwell <[email protected]> * Squashed commit of the following: commit 0cad737fe35db33ff0b867ac4439688cd2bcb009 Author: Mark Bolwell <[email protected]> Date: Fri Feb 23 09:41:39 2024 +0000 updated and tidied up Signed-off-by: Mark Bolwell <[email protected]> commit 1fa72013209866be66f7f2a353b9cf6264a3681d Author: Mark Bolwell <[email protected]> Date: Fri Feb 23 09:41:10 2024 +0000 audit_only Signed-off-by: Mark Bolwell <[email protected]> Signed-off-by: Mark Bolwell <[email protected]> * Always tag for 1.2.1 gpg_key package update #14 Signed-off-by: Mark Bolwell <[email protected]> * tidy up prelim removal step Signed-off-by: Mark Bolwell <[email protected]> * updated changelog Signed-off-by: Mark Bolwell <[email protected]> * removed inject facts as vars Signed-off-by: Mark Bolwell <[email protected]> * 4.6.5 related to #27 thanks to @DianaMariaDDM Signed-off-by: Mark Bolwell <[email protected]> * 6.1.10 thanks to @DianaMariaDDM #37 Signed-off-by: Mark Bolwell <[email protected]> * tage change to alwasy thanks to @DianaMariaDDM #41 Signed-off-by: Mark Bolwell <[email protected]> * updated changelog Signed-off-by: Mark Bolwell <[email protected]> * updated changelog Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> * updated ansible fact naming and checkout action (#64) * updated ansible fact naming for ansible_facts.virtualization_type Signed-off-by: Mark Bolwell <[email protected]> * updated checkout version Signed-off-by: Mark Bolwell <[email protected]> * ansible fact update Signed-off-by: Mark Bolwell <[email protected]> * updated ansible facts and timeout now inherited Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> * [pre-commit.ci] pre-commit autoupdate (#65) updates: - [github.com/ansible-community/ansible-lint: v24.2.0 → v24.2.1](ansible/ansible-lint@v24.2.0...v24.2.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * 4.2.16: Add variable for SSH MaxAuthTries (#66) Signed-off-by: Tom Henderson <[email protected]> * 4.2.16: Correct variable name and required max value (#67) Signed-off-by: Tom Henderson <[email protected]> * March 24 updates (#68) * addressed #59 thanks to @DianaMariaDDM Signed-off-by: Mark Bolwell <[email protected]> * issue #59 thanks to @DianaMariaDDM Signed-off-by: Mark Bolwell <[email protected]> * issue #62 thanks to @DianaMariaDDM Signed-off-by: Mark Bolwell <[email protected]> * updated variable name in conditional Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * updated container check Signed-off-by: Mark Bolwell <[email protected]> * updated authselect PR Signed-off-by: Mark Bolwell <[email protected]> * fix conditional typo Signed-off-by: Mark Bolwell <[email protected]> * fix conditional typo Signed-off-by: Mark Bolwell <[email protected]> * fix var typo Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]> * [pre-commit.ci] pre-commit autoupdate (#69) updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](pre-commit/pre-commit-hooks@v4.5.0...v4.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --------- Signed-off-by: Diana-Maria Dumitru <[email protected]> Signed-off-by: DianaMariaDDM <[email protected]> Signed-off-by: Mark Bolwell <[email protected]> Signed-off-by: Tom Henderson <[email protected]> Co-authored-by: Diana-Maria Dumitru <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: DianaMariaDDM <[email protected]> Co-authored-by: Tom Henderson <[email protected]> Co-authored-by: Tom Henderson <[email protected]>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overall Review of Changes:
Many issues and PRs
improvements to multiple control
Issue Fixes:
auditd_conf_filesregister is empty o… #60Enhancements:
New variable discovery and naming for interactve users
How has this been tested?:
Manually