CIS v4.0.0 release to main #340

uk-bolly · 2024-06-20T16:17:21Z

Overall Review of Changes:
Update to CIS benchmark v4.0.0
workflow updates
rebase took place due to legacy data

How has this been tested?:
Manually and pipeline

Signed-off-by: Anže Luzar <[email protected]>

Task validation fixes (by Steampunk Spotter)

Signed-off-by: Mark Bolwell <[email protected]>

Discord link, lint files and lint

Signed-off-by: Mark Bolwell <[email protected]>

Update to collection and linting

updates: - [github.com/pre-commit/pre-commit-hooks: v3.2.0 → v4.5.0](pre-commit/pre-commit-hooks@v3.2.0...v4.5.0) - [github.com/gitleaks/gitleaks: v8.17.0 → v8.18.1](gitleaks/gitleaks@v8.17.0...v8.18.1) - [github.com/ansible-community/ansible-lint: v6.17.2 → v6.22.1](ansible/ansible-lint@v6.17.2...v6.22.1) - [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0)

…nfig [pre-commit.ci] pre-commit autoupdate

updates: - [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](ansible/ansible-lint@v6.22.1...v6.22.2)

…nfig [pre-commit.ci] pre-commit autoupdate

updates: - [github.com/gitleaks/gitleaks: v8.18.1 → v8.18.2](gitleaks/gitleaks@v8.18.1...v8.18.2) - [github.com/ansible-community/ansible-lint: v6.22.2 → v24.2.0](ansible/ansible-lint@v6.22.2...v24.2.0) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1)

…nfig [pre-commit.ci] pre-commit autoupdate

Signed-off-by: Mark Bolwell <[email protected]>

Audit only and lint

updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](pre-commit/pre-commit-hooks@v4.5.0...v4.6.0) - [github.com/ansible-community/ansible-lint: v24.2.0 → v24.2.1](ansible/ansible-lint@v24.2.0...v24.2.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

updates: - [github.com/ansible-community/ansible-lint: v24.2.1 → v24.2.2](ansible/ansible-lint@v24.2.1...v24.2.2) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

updates: - [github.com/Yelp/detect-secrets: v1.4.0 → v1.5.0](Yelp/detect-secrets@v1.4.0...v1.5.0) - [github.com/gitleaks/gitleaks: v8.18.2 → v8.18.3](gitleaks/gitleaks@v8.18.2...v8.18.3) - [github.com/ansible-community/ansible-lint: v24.2.2 → v24.6.0](ansible/ansible-lint@v24.2.2...v24.6.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

updates: - [github.com/gitleaks/gitleaks: v8.18.3 → v8.18.4](gitleaks/gitleaks@v8.18.3...v8.18.4)

…nfig [pre-commit.ci] pre-commit autoupdate

* section1_updates Signed-off-by: Mark Bolwell <[email protected]> * section2_updates Signed-off-by: Mark Bolwell <[email protected]> * section3-6 updates Signed-off-by: Mark Bolwell <[email protected]> * initial v4.0.0 Signed-off-by: Mark Bolwell <[email protected]> * initial_v4.0.0 Signed-off-by: Mark Bolwell <[email protected]> * fixed documentation format Signed-off-by: Mark Bolwell <[email protected]> * Added levels Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * layout improvement Signed-off-by: Mark Bolwell <[email protected]> * alignment Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * improved testing Signed-off-by: Mark Bolwell <[email protected]> * typos and improvements Signed-off-by: Mark Bolwell <[email protected]> * added 1.3.3 Signed-off-by: Mark Bolwell <[email protected]> * fix typo Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * added ignore secrets line false positive Signed-off-by: Mark Bolwell <[email protected]> * removed files not required Signed-off-by: Mark Bolwell <[email protected]> * updated to new workflow Signed-off-by: Mark Bolwell <[email protected]> * update of audit components Signed-off-by: Mark Bolwell <[email protected]> * updated Signed-off-by: Mark Bolwell <[email protected]> * updated var naming Signed-off-by: Mark Bolwell <[email protected]> * lint and vars naming Signed-off-by: Mark Bolwell <[email protected]> * updated var naming * layout updated Signed-off-by: Mark Bolwell <[email protected]> * updated title Signed-off-by: Mark Bolwell <[email protected]> * lint and tidy up Signed-off-by: Mark Bolwell <[email protected]> * module naming Signed-off-by: Mark Bolwell <[email protected]> * lint ordering Signed-off-by: Mark Bolwell <[email protected]> * command to shell module Signed-off-by: Mark Bolwell <[email protected]> * rename dest to path Signed-off-by: Mark Bolwell <[email protected]> * Lint Signed-off-by: Mark Bolwell <[email protected]> * remove dupe entry Signed-off-by: Mark Bolwell <[email protected]> * command to shell Signed-off-by: Mark Bolwell <[email protected]> * handler naming updates Signed-off-by: Mark Bolwell <[email protected]> * updated titles ands naming Signed-off-by: Mark Bolwell <[email protected]> * quote on file permissions Signed-off-by: Mark Bolwell <[email protected]> * updated var naming Signed-off-by: Mark Bolwell <[email protected]> * update var naming Signed-off-by: Mark Bolwell <[email protected]> * update var naming Signed-off-by: Mark Bolwell <[email protected]> * var naming Signed-off-by: Mark Bolwell <[email protected]> * fixed handler naming Signed-off-by: Mark Bolwell <[email protected]> * updated workflows Signed-off-by: Mark Bolwell <[email protected]> * updated gitleaks version Signed-off-by: Mark Bolwell <[email protected]> * Tidy up level tags Signed-off-by: Mark Bolwell <[email protected]> * tidy up register Signed-off-by: Mark Bolwell <[email protected]> * renamed vars Signed-off-by: Mark Bolwell <[email protected]> * removed blank lines Signed-off-by: Mark Bolwell <[email protected]> * updated var name Signed-off-by: Mark Bolwell <[email protected]> --------- Signed-off-by: Mark Bolwell <[email protected]>

Signed-off-by: Mark Bolwell <[email protected]>

Update and align devel

uk-bolly · 2024-06-24T15:48:06Z

main pipeline expected to fail as new rules
will be running through next set of PRs to clear up with using new workflow

georgenalen

Looks good!

anzoman and others added 30 commits September 14, 2023 19:07

Replace service with systemd module

895d42b

Signed-off-by: Anže Luzar <[email protected]>

Use FQCNs in tasks/section_5/cis_5.5.x.yml

30667fd

Signed-off-by: Anže Luzar <[email protected]>

Use FQCN for user module

fd6be3b

Signed-off-by: Anže Luzar <[email protected]>

Use FQCN for debug module

2cde1d5

Signed-off-by: Anže Luzar <[email protected]>

Use name instead of list in package

7e98687

Signed-off-by: Anže Luzar <[email protected]>

Add that parameter and remove when for the assert module

aa610ce

Signed-off-by: Anže Luzar <[email protected]>

Merge pull request #321 from anzoman/steampunk-spotter-fixes

21614a6

Task validation fixes (by Steampunk Spotter)

updated discord link

f909ed3

Signed-off-by: Mark Bolwell <[email protected]>

updated required pkgs

9011895

Signed-off-by: Mark Bolwell <[email protected]>

updated lint files

fd5cf5f

Signed-off-by: Mark Bolwell <[email protected]>

discord update

e8395fc

Signed-off-by: Mark Bolwell <[email protected]>

Merge pull request #323 from ansible-lockdown/discord_link

ba758e4

Discord link, lint files and lint

lint updates

e4a71db

Signed-off-by: Mark Bolwell <[email protected]>

Aligned and updated

87ba519

Signed-off-by: Mark Bolwell <[email protected]>

removed quality badge since galaxy-ng

4a23d1f

Signed-off-by: Mark Bolwell <[email protected]>

updated since galaxy changes

0e6102b

Signed-off-by: Mark Bolwell <[email protected]>

Merge pull request #324 from ansible-lockdown/collections_lint

d7f643a

Update to collection and linting

Merge pull request #325 from ansible-lockdown/pre-commit-ci-update-co…

0799090

…nfig [pre-commit.ci] pre-commit autoupdate

[pre-commit.ci] pre-commit autoupdate

4683d8c

updates: - [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](ansible/ansible-lint@v6.22.1...v6.22.2)

Merge pull request #327 from ansible-lockdown/pre-commit-ci-update-co…

be6c58f

…nfig [pre-commit.ci] pre-commit autoupdate

Merge pull request #331 from ansible-lockdown/pre-commit-ci-update-co…

8185c1e

…nfig [pre-commit.ci] pre-commit autoupdate

updated for galaxy_ng

79a9f64

Signed-off-by: Mark Bolwell <[email protected]>

Add audit_only and tidy up

addb0cd

Signed-off-by: Mark Bolwell <[email protected]>

Lint updates

8d8fa94

Signed-off-by: Mark Bolwell <[email protected]>

Merge pull request #333 from ansible-lockdown/audit_only

69799a4

Audit only and lint

[pre-commit.ci] pre-commit autoupdate (#336)

0b0536a

updates: - [github.com/ansible-community/ansible-lint: v24.2.1 → v24.2.2](ansible/ansible-lint@v24.2.1...v24.2.2) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

pre-commit-ci bot and others added 6 commits June 17, 2024 17:46

[pre-commit.ci] pre-commit autoupdate

4cec1eb

updates: - [github.com/gitleaks/gitleaks: v8.18.3 → v8.18.4](gitleaks/gitleaks@v8.18.3...v8.18.4)

Merge pull request #339 from ansible-lockdown/pre-commit-ci-update-co…

bfa8528

…nfig [pre-commit.ci] pre-commit autoupdate

Merge branch 'main' into devel

8b28d75

Signed-off-by: Mark Bolwell <[email protected]>

removed files in wrong location

66f002c

Signed-off-by: Mark Bolwell <[email protected]>

Merge pull request #341 from ansible-lockdown/fixes

b90e300

Update and align devel

georgenalen approved these changes Jun 25, 2024

View reviewed changes

uk-bolly marked this pull request as ready for review June 26, 2024 08:31

uk-bolly merged commit 29af589 into main Jun 26, 2024
3 of 4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CIS v4.0.0 release to main #340

CIS v4.0.0 release to main #340

uk-bolly commented Jun 20, 2024

uk-bolly commented Jun 24, 2024

georgenalen left a comment

CIS v4.0.0 release to main #340

CIS v4.0.0 release to main #340

Conversation

uk-bolly commented Jun 20, 2024

uk-bolly commented Jun 24, 2024

georgenalen left a comment

Choose a reason for hiding this comment