Merge pull request #235 from ansible-lockdown/sysctl_and_collections

Sysctl and collections
ansible-lockdown · Oct 24, 2023 · 012e8c3 · 012e8c3
2 parents 5dd0bda + 4af031e
commit 012e8c3
Show file tree

Hide file tree

Showing 14 changed files with 271 additions and 323 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@ ci:
 
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v3.2.0
+  rev: v4.4.0
   hooks:
   # Safety
   - id: detect-aws-credentials
@@ -37,13 +37,13 @@ repos:
     exclude: .config/.gitleaks-report.json
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.17.0
+  rev: v8.18.0
   hooks:
   - id: gitleaks
     args: ['--baseline-path', '.config/.gitleaks-report.json']
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v6.17.2
+  rev: v6.20.2
   hooks:
   - id: ansible-lint
     name: Ansible-lint

diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,12 @@
 # Changes to RHEL8STIG
 
+## 3.0.3 - Stig V1R11 - 26th July 2023
+q
+- updates to collections since galaxy updated
+- updates to audit
+
+- #229 thanks to @JacobBuskirk
+
 ## 3.0.2 - Stig V1R11 - 26th July 2023
 
 - workflow and pipeline updates

diff --git a/README.md b/README.md
@@ -12,7 +12,6 @@ This role is based on RHEL 8 DISA STIG: [Version 1, Rel 11 released on July 26,
 ![followers](https://img.shields.io/github/followers/ansible-lockdown?style=social)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/AnsibleLockdown.svg?style=social&label=Follow%20%40AnsibleLockdown)](https://twitter.com/AnsibleLockdown)
 
-![Ansible Galaxy Quality](https://img.shields.io/ansible/quality/56380?label=Quality&&logo=ansible)
 ![Discord Badge](https://img.shields.io/discord/925818806838919229?logo=discord)
 
 ![Release Branch](https://img.shields.io/badge/Release%20Branch-Main-brightgreen)

diff --git a/ansible.cfg b/ansible.cfg
@@ -18,6 +18,7 @@ record_host_keys=False
 
 [ssh_connection]
 transfer_method=scp
+ssh_args = -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
 
 [accelerate]
 

diff --git a/collections/requirements.yml b/collections/requirements.yml
@@ -2,7 +2,13 @@
 
 collections:
     - name: community.general
+      source: https://github.com/ansible-collections/community.general
+      type: git
 
     - name: community.crypto
+      source: https://github.com/ansible-collections/community.crypto
+      type: git
 
     - name: ansible.posix
+      source: https://github.com/ansible-collections/ansible.posix
+      type: git
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -484,6 +484,9 @@ rhel8stig_smartcard: false
 # Configure your smartcard driver
 rhel8stig_smartcarddriver: cackey
 
+# Set the file that sysctl should write to
+rhel8stig_sysctl_file: /etc/sysctl.d/99_stig_sysctl.conf
+
 # Whether or not system uses remote automounted home directories via autofs
 rhel8stig_autofs_remote_home_dirs: false
 

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -5,16 +5,6 @@
   when:
       - not system_is_container
 
-- name: update sysctl
-  ansible.builtin.template:
-      src: 99-sysctl.conf.j2
-      dest: /etc/sysctl.d/99-sysctl.conf
-      owner: root
-      group: root
-      mode: 0644
-  notify: sysctl system
-  when: "'procps-ng' in ansible_facts.packages"
-
 - name: sysctl system
   ansible.builtin.shell: sysctl --system
   when: "'procps-ng' in ansible_facts.packages"

diff --git a/tasks/LE_audit_setup.yml b/tasks/LE_audit_setup.yml
@@ -7,16 +7,16 @@
       owner: root
       group: root
       checksum: "{{ audit_bin_version.checksum }}"
-      mode: 0555
+      mode: '0555'
   when:
       - get_audit_binary_method == 'download'
 
 - name: Pre Audit Setup | copy audit binary
   ansible.builtin.copy:
       src: "{{ audit_bin_copy_location }}"
       dest: "{{ audit_bin }}"
-      mode: 0555
       owner: root
       group: root
+      mode: '0555'
   when:
       - get_audit_binary_method == 'copy'