Skip to content

Commit

Permalink
Merge pull request #18 from ansible-lockdown/meta_lint_updates
Browse files Browse the repository at this point in the history
Meta lint updates
Signed-off-by: George Nalen <[email protected]>
  • Loading branch information
georgenalen authored May 11, 2021
2 parents e35d7f9 + 9ab1844 commit dfd2efd
Show file tree
Hide file tree
Showing 13 changed files with 58 additions and 60 deletions.
11 changes: 11 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
parseable: true
quiet: true
skip_list:
- '204'
- '305'
- '303'
- '403'
- '306'
- '602'
use_default_rules: true
verbosity: 0
20 changes: 20 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
ignore: |
tests/
molecule/
.gitlab-ci.yml
*molecule.yml

extends: default

rules:
indentation:
spaces: 4
truthy: disable
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
4 changes: 2 additions & 2 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -499,7 +499,7 @@ ubtu20cis_logrotate: "daily"

# Control 4.3
# ubtu20cis_logrotate_create_settings are the settings for the create parameter in /etc/logrotate.conf
# The permissions need to be 640 or more restrictive.
# The permissions need to be 640 or more restrictive.
ubtu20cis_logrotate_create_settings: "0640 root utmp"

# Section 5 Control Variables
Expand Down Expand Up @@ -614,4 +614,4 @@ ubtu20cis_suid_adjust: false

# Control 6.2.5 Allow ansible to adjust world-writable files. False will just display world-writable files, True will remove world-writable
# ubtu20cis_passwd_label: "{{ (this_item | default(item)).id }}: {{ (this_item | default(item)).dir }}"
ubtu20cis_passwd_label: "{{ (this_item | default(item)).id }}: {{ (this_item | default(item)).dir }}"
ubtu20cis_passwd_label: "{{ (this_item | default(item)).id }}: {{ (this_item | default(item)).dir }}"
2 changes: 1 addition & 1 deletion handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,4 @@
state: restarted

- name: reload gdm
command: dpkg-reconfigure gdm3
command: dpkg-reconfigure gdm3
63 changes: 15 additions & 48 deletions meta/main.yml
Original file line number Diff line number Diff line change
@@ -1,53 +1,20 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: "George Nalen, Mark Bolwell, and DFed"
description: "Apply the Ubuntu 20 CIS benmarks"
company: "MindPoint Group"
license: MIT
min_ansible_version: 2.9.0

# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
platforms:
- name: Ubuntu
versions:
- focal

# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)

min_ansible_version: 2.9

# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99

galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
galaxy_tags:
- system
- security
- ubuntu2004
- cis
- hardening

dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

2 changes: 1 addition & 1 deletion site.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@
- role: "{{ playbook_dir }}"
ubtu20cis_system_is_container: "{{ is_container | default(false) }}"
ubtu20cis_skip_for_travis: false
ubtu20cis_oscap_scan: yes
ubtu20cis_oscap_scan: yes
2 changes: 1 addition & 1 deletion tasks/section_1/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,4 @@
include: cis_1.8.x.yml

- name: "SECTION | 1.9 | Ensure updates, patches, and additional security software are installed"
include: cis_1.9.yml
include: cis_1.9.yml
4 changes: 2 additions & 2 deletions tasks/section_2/cis_2.1.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -299,8 +299,8 @@

- name: "AUTOMATED | 2.1.10 | PATCH | Ensure HTTP server is not installed"
apt:
name: apache2
state: absent
name: apache2
state: absent
when:
- ubtu20cis_rule_2_1_10
- not ubtu20cis_httpd_server
Expand Down
2 changes: 1 addition & 1 deletion tasks/section_2/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@
include: cis_2.2.x.yml

- name: "SECTION | 2.3 | Ensure nonessential services are removed or masked"
include: cis_2.3.yml
include: cis_2.3.yml
2 changes: 1 addition & 1 deletion tasks/section_3/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@
include: cis_3.4.x.yml

- name: "SECTION | 3.5 | Firewall Configuration"
include: cis_3.5.x.yml
include: cis_3.5.x.yml
2 changes: 1 addition & 1 deletion tasks/section_4/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@
include: cis_4.3.yml

- name: "SECTION | 4.4 | Ensure logrotate assigns appropriate permissions"
include: cis_4.4.yml
include: cis_4.4.yml
2 changes: 1 addition & 1 deletion tasks/section_5/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@
include: cis_5.6.yml

- name: "SECTION | 5.7 | Ensure access to the su command is restricted"
include: cis_5.7.yml
include: cis_5.7.yml
2 changes: 1 addition & 1 deletion tasks/section_6/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
include: cis_6.1.x.yml

- name: "SECTION | 6.2 | User and Group Settings"
include: cis_6.2.x.yml
include: cis_6.2.x.yml

0 comments on commit dfd2efd

Please sign in to comment.