diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 76c3a8a4..1680d197 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -66,4 +66,4 @@ following text in your contribution commit message: This message can be entered manually, or if you have configured git with the correct `user.name` and `user.email`, you can use the `-s` -option to `git commit` to automatically include the signoff message. \ No newline at end of file +option to `git commit` to automatically include the signoff message. diff --git a/templates/ansible_vars_goss.yml.j2 b/templates/ansible_vars_goss.yml.j2 index 5ee2bcf9..fb608066 100644 --- a/templates/ansible_vars_goss.yml.j2 +++ b/templates/ansible_vars_goss.yml.j2 @@ -3,13 +3,11 @@ audit_run: ansible # This is forced to wrapper by running the run_audit wrapper benchmark_version: '2.0.1' - -# Some audit tests may need to scan every filesystem or have an impact on a system +# Some audit tests may need to scan every filesystem or have an impact on a system # these may need be scheduled to minimise impact also ability to set a timeout if taking too long run_heavy_tests: {{ audit_run_heavy_tests }} timeout_ms: {{ audit_cmd_timeout }} - ubtu20cis_section1: true ubtu20cis_section2: true ubtu20cis_section3: true @@ -281,7 +279,6 @@ ubtu20cis_rule_5_1_2_7: {{ ubtu20cis_rule_5_1_2_7 }} ubtu20cis_rule_5_1_3: {{ ubtu20cis_rule_5_1_3 }} - ubtu20cis_rule_5_2_1_1: {{ ubtu20cis_rule_5_2_1_1 }} ubtu20cis_rule_5_2_1_2: {{ ubtu20cis_rule_5_2_1_2 }} ubtu20cis_rule_5_2_1_3: {{ ubtu20cis_rule_5_2_1_3 }} @@ -339,7 +336,6 @@ ubtu20cis_rule_6_1_11: {{ ubtu20cis_rule_6_1_11 }} ubtu20cis_rule_6_1_12: {{ ubtu20cis_rule_6_1_12 }} ubtu20cis_rule_6_1_13: {{ ubtu20cis_rule_6_1_13 }} - ubtu20cis_rule_6_2_1: {{ ubtu20cis_rule_6_2_1 }} ubtu20cis_rule_6_2_2: {{ ubtu20cis_rule_6_2_2 }} ubtu20cis_rule_6_2_3: {{ ubtu20cis_rule_6_2_3 }} @@ -353,7 +349,6 @@ ubtu20cis_rule_6_2_10: {{ ubtu20cis_rule_6_2_10 }} ubtu20cis_rule_6_2_11: {{ ubtu20cis_rule_6_2_11 }} ubtu20cis_rule_6_2_12: {{ ubtu20cis_rule_6_2_12 }} - # AIDE ubtu20cis_config_aide: true @@ -442,7 +437,6 @@ ubtu20_exim_conf: - dc_mailname_in_oh='true' - dc_localdelivery='mail_spool' - ubtu20cis_rsyncd_server: {{ ubtu20cis_rsync_server }} ubtu20cis_nis_server: {{ ubtu20cis_nis_server }} @@ -455,7 +449,6 @@ ubtu20cis_telnet_required: {{ ubtu20cis_telnet_required }} ubtu20cis_ldap_clients_required: {{ ubtu20cis_ldap_clients_required }} ubtu20cis_rpc_required: {{ ubtu20cis_rpc_required }} - # Section 3 # IPv6 required ubtu20cis_ipv6_required: {{ ubtu20cis_ipv6_required }} @@ -463,7 +456,6 @@ ubtu20cis_ipv6_required: {{ ubtu20cis_ipv6_required }} # System network parameters (host only OR host and router) ubtu20cis_is_router: false - ubtu20cis_firewall: {{ ubtu20cis_firewall_package }} ubtu20_default_firewall_zone: public @@ -519,7 +511,6 @@ ubtu20cis_ssh_weak_kex: - diffie-hellman-group14-sha1 - diffie-hellman-group-exchange-sha1 - ubtu20cis_ssh_aliveinterval: 300 ubtu20cis_ssh_countmax: 3 ## PAM diff --git a/templates/audit/ubtu20cis_5_2_3_6_privileged.rules.j2 b/templates/audit/ubtu20cis_5_2_3_6_privileged.rules.j2 index a005b3c2..47de8267 100644 --- a/templates/audit/ubtu20cis_5_2_3_6_privileged.rules.j2 +++ b/templates/audit/ubtu20cis_5_2_3_6_privileged.rules.j2 @@ -1,3 +1,3 @@ -{% for proc in priv_procs.stdout_lines -%} +{% for proc in priv_procs.stdout_lines -%} -a always,exit -F path={{ proc }} -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged {% endfor %} diff --git a/templates/chrony.conf.j2 b/templates/chrony.conf.j2 index 119165dc..1102ce60 100644 --- a/templates/chrony.conf.j2 +++ b/templates/chrony.conf.j2 @@ -90,4 +90,4 @@ logchange 0.5 # change it if necessary. rtconutc -user {{ ubtu20cis_chrony_user }} \ No newline at end of file +user {{ ubtu20cis_chrony_user }} diff --git a/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 b/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 index 7442cd42..9136a6bf 100644 --- a/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 +++ b/templates/etc/systemd/timesyncd.conf.d/50-timesyncd.conf.j2 @@ -6,6 +6,4 @@ NTP={% for pool in ubtu20cis_time_pool %}{{ pool.name }}{% endfor %} - FallbackNTP={% for servers in ubtu20cis_time_servers %}{{ servers.name }} {% endfor %} - diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2 index 1a8bbecf..d2d32f1f 100644 --- a/templates/ntp.conf.j2 +++ b/templates/ntp.conf.j2 @@ -66,4 +66,4 @@ restrict source notrap nomodify noquery #fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware #server 127.127.22.1 # ATOM(PPS) -#fudge 127.127.22.1 flag3 1 # enable PPS API \ No newline at end of file +#fudge 127.127.22.1 flag3 1 # enable PPS API