Skip to content

Commit

Permalink
Merge branch 'devel' into stig_v1r12
Browse files Browse the repository at this point in the history
Signed-off-by: uk-bolly <[email protected]>
  • Loading branch information
uk-bolly authored Feb 21, 2024
2 parents ad7e0a2 + 64313cd commit 0222b10
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 10 deletions.
8 changes: 4 additions & 4 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ ci:

repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
rev: v4.5.0
hooks:
# Safety
- id: detect-aws-credentials
Expand Down Expand Up @@ -35,12 +35,12 @@ repos:
- id: detect-secrets

- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.0
rev: v8.18.2
hooks:
- id: gitleaks

- repo: https://github.com/ansible-community/ansible-lint
rev: v6.20.2
rev: v24.2.0
hooks:
- id: ansible-lint
name: Ansible-lint
Expand All @@ -59,6 +59,6 @@ repos:
- ansible-core>=2.10.1

- repo: https://github.com/adrienverge/yamllint.git
rev: v1.32.0 # or higher tag
rev: v1.35.1 # or higher tag
hooks:
- id: yamllint
6 changes: 1 addition & 5 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -867,10 +867,6 @@ rhel8stig_path_to_sshkey: "/root/.ssh/"
# To conform to STIG standards these directories need to be 755 or less permissive
rhel8stig_lib_dir_perms: 0755

# RHEL-08-010510
# rhel8stig_sshd_compression to meet STIG requirements needs to be set to "no" or "delayed"
rhel8stig_sshd_compression: "no"

# now in prelim
# rhel8stig_interactive_uid_start: '1000'

Expand Down Expand Up @@ -916,7 +912,7 @@ rhel8stig_ssh_server_crypto_settings: "-oCiphers=aes256-ctr,aes192-ctr,aes128-ct
# RHEL-08-010295
# This will be teh GnuTLS ecryption packages. The task sets the +VERS-ALL: setting, the only items needed are the DoD approved encryptions
# to conform to STIG standards this variable must contain +VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0
rhel8stig_gnutls_encryption: "-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0"
rhel8stig_gnutls_encryption: "+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0"

# RHEL-08-020070
# This is the value for the tmux lock after setting. To conform to STIG standards value needs to be set to 900 or less
Expand Down
2 changes: 1 addition & 1 deletion tasks/fix-cat2.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3300,7 +3300,7 @@
- name: "MEDIUM | RHEL-08-020030 | PATCH | RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions."
block:
- name: "MEDIUM | RHEL-08-020030 | AUDIT | RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions. | Check for lock-enabled"
ansible.builtin.shell: "grep -IlR ^lock-enabled /etc/dconf/db/*"
ansible.builtin.shell: "grep -IlR ^lock-enabled /etc/dconf/db/*
changed_when: false
failed_when: false
register: rhel_08_020030_lock_enabled
Expand Down

0 comments on commit 0222b10

Please sign in to comment.