Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cis 2.0.1 release #91

Merged
merged 124 commits into from
Sep 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
124 commits
Select commit Hold shift + click to select a range
01e70f8
1.1.1.7 now level2
uk-bolly Jul 6, 2023
0072409
1.1.2.x controls updated
uk-bolly Jul 6, 2023
3a33af2
updated ansible version
uk-bolly Jul 6, 2023
6328a0f
renamed file
uk-bolly Jul 6, 2023
64e558f
1.1.3.x updated
uk-bolly Jul 7, 2023
86b596e
1.1.4.x updated
uk-bolly Jul 7, 2023
41b5ddd
1.1.5.x updated
uk-bolly Jul 7, 2023
b7d1495
1.1.6.x updated
uk-bolly Jul 7, 2023
2427936
1.1.7.x updated
uk-bolly Jul 7, 2023
6ccdd65
1.1.8.x updated
uk-bolly Jul 7, 2023
b12b09e
1.2.x updated
uk-bolly Jul 7, 2023
2de8517
1.3.x updated
uk-bolly Jul 7, 2023
dab5c04
1.4.x updated
uk-bolly Jul 7, 2023
032345f
1.5.x updated
uk-bolly Jul 7, 2023
c5e377b
1.6.x updated
uk-bolly Jul 7, 2023
ed0cb4a
1.7 updated
uk-bolly Jul 7, 2023
e04f157
1.8.x updated
uk-bolly Jul 7, 2023
fbdfa71
1.9 removed
uk-bolly Jul 7, 2023
368ba9f
2.1.x updated
uk-bolly Jul 7, 2023
a4df444
2.2.x updated
uk-bolly Jul 7, 2023
9c12095
2.3.x and 2.4 updates
uk-bolly Jul 7, 2023
6a4a482
3.1.x updated
uk-bolly Jul 7, 2023
2818b1d
3.4.x updated
uk-bolly Jul 7, 2023
ec8afec
4.1.x and 4.2.x updated
uk-bolly Jul 7, 2023
6772c87
4.3.x updated
uk-bolly Jul 7, 2023
c67bed4
4.4.x updated
uk-bolly Jul 7, 2023
e97de44
fix typos
uk-bolly Jul 7, 2023
1b7a05c
4.5.x updated
uk-bolly Jul 7, 2023
e63c12c
section 4 update
uk-bolly Jul 7, 2023
4732e9a
5.1.1.x updated
uk-bolly Jul 10, 2023
d5d214d
5.1.2 and 5.1.3 updated
uk-bolly Jul 10, 2023
ba2267c
5.2.1/2/3 updated
uk-bolly Jul 10, 2023
1e5874c
updated
uk-bolly Jul 10, 2023
ca7b3ba
removed files
uk-bolly Jul 10, 2023
0f3da84
fixed labels
uk-bolly Jul 10, 2023
ced5620
5.2.4 updated
uk-bolly Jul 10, 2023
28e4988
5.2.4 rules added
uk-bolly Jul 10, 2023
7f9d81f
6.1 updated
uk-bolly Jul 10, 2023
d3cff66
lint and tidyup
uk-bolly Jul 10, 2023
553d5ec
version updates
uk-bolly Jul 10, 2023
0e969bb
fixed rule is for root passwd
uk-bolly Jul 10, 2023
f1de825
amened order of rules
uk-bolly Jul 10, 2023
f13bdbc
updated rules
uk-bolly Jul 10, 2023
2ae6dbb
updated tags and control ids
uk-bolly Jul 10, 2023
9a989ab
fixed case
uk-bolly Jul 10, 2023
85c87f1
reorder conditional
uk-bolly Jul 10, 2023
0a0e018
update variable name
uk-bolly Jul 10, 2023
1ce0024
add conditionals
uk-bolly Jul 10, 2023
e120f3d
Added files
uk-bolly Jul 10, 2023
ea067d7
updated default vars
uk-bolly Jul 10, 2023
561f399
improved bluetooth control
uk-bolly Jul 10, 2023
d5d77a3
updated vars
uk-bolly Jul 10, 2023
8c9927c
updated sudo vars
uk-bolly Jul 10, 2023
ae783ab
updated sudoers file discovery
uk-bolly Jul 10, 2023
630cb4d
fixed 1.5.3 with create
uk-bolly Jul 10, 2023
4faaa7b
updated to add chrony sources.d directory
uk-bolly Jul 10, 2023
0d97fa8
fixed notify naming
uk-bolly Jul 10, 2023
98b36b9
updated vars
uk-bolly Jul 10, 2023
25e307c
changed to system from service
uk-bolly Jul 10, 2023
4b7bb9a
fixed naming
uk-bolly Jul 10, 2023
e7a8bb9
update notify
uk-bolly Jul 10, 2023
a41a3d7
update var
uk-bolly Jul 10, 2023
26ae789
fixed multiple rule names
uk-bolly Jul 10, 2023
da9eb2f
changed syslog service handler naming
uk-bolly Jul 10, 2023
e5aee70
fixed conditional
uk-bolly Jul 10, 2023
9651d6f
fixed path and name 5.2.3.3
uk-bolly Jul 10, 2023
29fa9f3
Added new prelim check and discovery
uk-bolly Jul 11, 2023
bdbb70b
fixed typos
uk-bolly Jul 11, 2023
4a2e862
fix typos
uk-bolly Jul 11, 2023
2bf0a92
improve logic
uk-bolly Jul 11, 2023
23334f9
Added new default vars and container default
uk-bolly Jul 11, 2023
f75656d
Add container discovery
uk-bolly Jul 11, 2023
788c836
Time source options for chrony pools or servers
uk-bolly Jul 11, 2023
c1cdc77
rework of chrony control
uk-bolly Jul 11, 2023
8244b01
fix permissions
uk-bolly Jul 11, 2023
999c8be
make idempotent
uk-bolly Jul 11, 2023
738923b
fix conditional name match
uk-bolly Jul 11, 2023
352c5b7
fix conditional name match
uk-bolly Jul 11, 2023
90c7c16
fixed handler and removed state
uk-bolly Jul 11, 2023
ff317e1
fixed logic
uk-bolly Jul 11, 2023
1ae870e
Added template
uk-bolly Jul 11, 2023
7635923
removed file not required
uk-bolly Jul 11, 2023
358a90d
initial
uk-bolly Jul 11, 2023
ca5ac5a
fix logic
uk-bolly Jul 11, 2023
7e20e05
default time sync timesyncd
uk-bolly Jul 11, 2023
efa969e
improve logic
uk-bolly Jul 11, 2023
0a0609b
idempotency improvement
uk-bolly Jul 11, 2023
98085a2
fix conditional
uk-bolly Jul 11, 2023
1371f4f
updated
uk-bolly Jul 12, 2023
8693696
updated template
uk-bolly Jul 18, 2023
1188655
fix logic
uk-bolly Jul 18, 2023
a5be1f5
Added directory if missing
uk-bolly Jul 18, 2023
8b14261
reboot in post tasks only
uk-bolly Jul 18, 2023
424a80f
var alignment
uk-bolly Jul 18, 2023
e92b5c0
fixed var name
uk-bolly Jul 19, 2023
f2f4ecf
Added step to stop service
uk-bolly Jul 19, 2023
c4f565c
removed invalid entries and tidy up
uk-bolly Jul 19, 2023
737c58d
fixed rules
uk-bolly Jul 19, 2023
0d44075
Added missing mode
uk-bolly Jul 19, 2023
734002a
add min_uid var
uk-bolly Jul 19, 2023
c03dacb
lint updates
uk-bolly Jul 19, 2023
928bcbe
syslog service var added
uk-bolly Jul 19, 2023
5902dea
ufw default firewall
uk-bolly Jul 19, 2023
b87ca2e
fixed loop
uk-bolly Jul 19, 2023
792478a
fixed control 3.4.1.7
uk-bolly Jul 19, 2023
7ef3f26
Add sudo user password check
uk-bolly Jul 26, 2023
90b80d7
Merge branch 'devel' into cis_2.0.1
uk-bolly Sep 11, 2023
71b2757
updated handler naming
uk-bolly Sep 11, 2023
3463ae0
4.1.8 group updated
uk-bolly Sep 11, 2023
b7581cd
update handler & blacklist added
uk-bolly Sep 11, 2023
a2b7b00
blacklist added
uk-bolly Sep 11, 2023
f046ed0
added pre-commit setup
uk-bolly Sep 11, 2023
0d9ee73
added pre-commit
uk-bolly Sep 11, 2023
b198a6b
updated
uk-bolly Sep 11, 2023
3580160
updated secrets
uk-bolly Sep 11, 2023
06e3cc9
updated passwd_hash_algo line
uk-bolly Sep 11, 2023
d22a744
aligned var naming
uk-bolly Sep 11, 2023
492a486
Added precommit
uk-bolly Sep 13, 2023
20ed92b
updated .github content workflow
uk-bolly Sep 13, 2023
ccba850
updated secrets scan
uk-bolly Sep 13, 2023
11db92a
yamllint updates
uk-bolly Sep 13, 2023
f0f3a28
workflow updates
uk-bolly Sep 13, 2023
be4da56
updated truth value
uk-bolly Sep 13, 2023
f0e2e67
updated commits
uk-bolly Sep 13, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
---

parseable: true
quiet: true
skip_list:
- 'schema'
- 'no-changed-when'
- 'var-spacing'
- 'fqcn-builtins'
- 'experimental'
- 'name[play]'
- 'name[casing]'
- 'name[template]'
- 'fqcn[action]'
- 'key-order[task]'
- '204'
- '305'
- '303'
Expand Down
122 changes: 122 additions & 0 deletions .config/.gitleaks-report.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
[
{
"Description": "Generic API Key",
"StartLine": 133,
"EndLine": 133,
"StartColumn": 18,
"EndColumn": 68,
"Match": "secret\": \"0f5b530255e5a064cc73699e4fa44ba8b2ad399f\"",
"Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f",
"File": ".config/.secrets.baseline",
"SymlinkFile": "",
"Commit": "358016009cd8ec06f468d091aba4e92e984a8c4b",
"Entropy": 3.7561984,
"Author": "Mark Bolwell",
"Email": "[email protected]",
"Date": "2023-09-11T10:19:54Z",
"Message": "updated secrets\n\nSigned-off-by: Mark Bolwell \[email protected]\u003e",
"Tags": [],
"RuleID": "generic-api-key",
"Fingerprint": "358016009cd8ec06f468d091aba4e92e984a8c4b:.config/.secrets.baseline:generic-api-key:133"
},
{
"Description": "Generic API Key",
"StartLine": 9,
"EndLine": 9,
"StartColumn": 5,
"EndColumn": 39,
"Match": "Secret\": \"grub.pbkdf2.sha512.10000\"",
"Secret": "grub.pbkdf2.sha512.10000",
"File": ".config/.gitleaks-report.json",
"SymlinkFile": "",
"Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
"Entropy": 3.8035088,
"Author": "Mark Bolwell",
"Email": "[email protected]",
"Date": "2023-09-11T09:06:43Z",
"Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \[email protected]\u003e",
"Tags": [],
"RuleID": "generic-api-key",
"Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.gitleaks-report.json:generic-api-key:9"
},
{
"Description": "Generic API Key",
"StartLine": 125,
"EndLine": 125,
"StartColumn": 18,
"EndColumn": 68,
"Match": "secret\": \"4fae1797297d5c73819a504516f2de7740e4b52d\"",
"Secret": "4fae1797297d5c73819a504516f2de7740e4b52d",
"File": ".config/.secrets.baseline",
"SymlinkFile": "",
"Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
"Entropy": 3.7898228,
"Author": "Mark Bolwell",
"Email": "[email protected]",
"Date": "2023-09-11T09:06:43Z",
"Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \[email protected]\u003e",
"Tags": [],
"RuleID": "generic-api-key",
"Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:125"
},
{
"Description": "Generic API Key",
"StartLine": 135,
"EndLine": 135,
"StartColumn": 18,
"EndColumn": 68,
"Match": "secret\": \"f395ee0a2d842bfcf81da0aad13591e2a9311fe1\"",
"Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1",
"File": ".config/.secrets.baseline",
"SymlinkFile": "",
"Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
"Entropy": 3.618454,
"Author": "Mark Bolwell",
"Email": "[email protected]",
"Date": "2023-09-11T09:06:43Z",
"Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \[email protected]\u003e",
"Tags": [],
"RuleID": "generic-api-key",
"Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:135"
},
{
"Description": "Generic API Key",
"StartLine": 145,
"EndLine": 145,
"StartColumn": 18,
"EndColumn": 68,
"Match": "secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"",
"Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
"File": ".config/.secrets.baseline",
"SymlinkFile": "",
"Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
"Entropy": 3.8439426,
"Author": "Mark Bolwell",
"Email": "[email protected]",
"Date": "2023-09-11T09:06:43Z",
"Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \[email protected]\u003e",
"Tags": [],
"RuleID": "generic-api-key",
"Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:145"
},
{
"Description": "Generic API Key",
"StartLine": 479,
"EndLine": 479,
"StartColumn": 23,
"EndColumn": 63,
"Match": "password_hash: \"grub.pbkdf2.sha512.10000\"",
"Secret": "grub.pbkdf2.sha512.10000",
"File": "defaults/main.yml",
"SymlinkFile": "",
"Commit": "ea067d7f8f12f2a81d7b2b99449799b1fae1ae51",
"Entropy": 3.8035088,
"Author": "Mark Bolwell",
"Email": "[email protected]",
"Date": "2023-07-10T15:12:00Z",
"Message": "updated default vars\n\nSigned-off-by: Mark Bolwell \[email protected]\u003e",
"Tags": [],
"RuleID": "generic-api-key",
"Fingerprint": "ea067d7f8f12f2a81d7b2b99449799b1fae1ae51:defaults/main.yml:generic-api-key:479"
}
]
153 changes: 153 additions & 0 deletions .config/.secrets.baseline
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
{
"version": "1.4.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "DiscordBotTokenDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
},
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
".config/.gitleaks-report.json"
]
}
],
"results": {
"defaults/main.yml": [
{
"type": "Secret Keyword",
"filename": "defaults/main.yml",
"hashed_secret": "4fae1797297d5c73819a504516f2de7740e4b52d",
"is_verified": false,
"line_number": 480
},
{
"type": "Secret Keyword",
"filename": "defaults/main.yml",
"hashed_secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f",
"is_verified": false,
"line_number": 623
}
],
"tasks/main.yml": [
{
"type": "Secret Keyword",
"filename": "tasks/main.yml",
"hashed_secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1",
"is_verified": false,
"line_number": 54
}
],
"tasks/parse_etc_password.yml": [
{
"type": "Secret Keyword",
"filename": "tasks/parse_etc_password.yml",
"hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
"is_verified": false,
"line_number": 16
}
]
},
"generated_at": "2023-09-13T11:09:17Z"
}
32 changes: 0 additions & 32 deletions .github/ISSUE_TEMPLATE/bug_report.md

This file was deleted.

21 changes: 0 additions & 21 deletions .github/ISSUE_TEMPLATE/feature-request-or-enhancement.md

This file was deleted.

17 changes: 0 additions & 17 deletions .github/ISSUE_TEMPLATE/question.md

This file was deleted.

11 changes: 0 additions & 11 deletions .github/pull_request_template.md

This file was deleted.

9 changes: 0 additions & 9 deletions .github/workflows/OS.tfvars

This file was deleted.

Loading
Loading