Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addressing issue 38 #41

Closed
wants to merge 31 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
9add2e8
Update ChangeLog and Typo Fix
frederickw082922 Feb 20, 2024
a99532e
Update 18.3.5 and 18.3.6 var Fix
frederickw082922 Feb 21, 2024
761cc16
Typo fix on 5.1|5.2 tag
frederickw082922 Feb 21, 2024
08bf9b6
Added missing GUID on 18.10.43.6.1.2
frederickw082922 Feb 21, 2024
9be1a1b
#27 Update correct reg value 18.6.4.3
frederickw082922 Feb 21, 2024
fed12f5
#28 update reg value fix for 18.10.43.10.2
frederickw082922 Feb 21, 2024
b4e91fd
Update ChangeLog
frederickw082922 Feb 21, 2024
604d05c
Update correct reg value for 18.7.10|11
frederickw082922 Feb 21, 2024
6984fda
Update ChangeLog based on PR26 by ai13f
frederickw082922 Feb 21, 2024
3de68cc
18.7.x Tag fixes
frederickw082922 Mar 12, 2024
b20e15c
Update cloud_lockout logic
frederickw082922 Mar 14, 2024
827a411
Update section 19 with loop and change_requires_reboot
frederickw082922 Mar 14, 2024
2e231ce
Update handeler name to change_requires_reboot
frederickw082922 Mar 15, 2024
59bdd87
Fix 18.9.7.2 title and var
frederickw082922 Mar 15, 2024
5753ed9
Fix 18.10.89.2.2 reg value
frederickw082922 Mar 15, 2024
45ef655
Update meta
frederickw082922 Mar 18, 2024
3ab4ad9
defaults main var update
frederickw082922 Mar 18, 2024
f6db5a1
update section5 with handeler name chance
frederickw082922 Mar 18, 2024
5346645
update win_skip_for_test withe latest controls
frederickw082922 Mar 18, 2024
07db42a
update changelog
frederickw082922 Mar 19, 2024
df54e82
Update ChangeLog with @Mr.Steve81
frederickw082922 Mar 19, 2024
84cd0bb
Typo Fixes
frederickw082922 Mar 19, 2024
edf3099
Only applies to Azure
mfortin Mar 21, 2024
03c757c
Update control 1.1.6
mfortin Mar 25, 2024
511f0b9
Fixing controls stated in issue 38
mfortin Mar 26, 2024
5f5fe3e
revert
mfortin Mar 26, 2024
b757f92
Addressing issue #36
mfortin Mar 26, 2024
a19e2be
test
mfortin Mar 26, 2024
731b9c2
test
mfortin Mar 26, 2024
ffa0705
Fix from #32
frederickw082922 Apr 1, 2024
243e901
Update ChangeLog with fix for #32
frederickw082922 Apr 1, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
update win_skip_for_test withe latest controls
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
Signed-off-by: Mathieu Fortin <mathieu.fortin@autodesk.com>
frederickw082922 authored and mfortin committed Apr 16, 2024
commit 5346645002099b3a3c7d38e7acb955db745f6aaa
20 changes: 12 additions & 8 deletions defaults/main.yml
Original file line number Diff line number Diff line change
@@ -51,14 +51,16 @@ long_running: false
# win_skip_for_test is used in the playbook to skip over WINRM-based controls that
# may cause WINRM Basic Connection Type to be disabled.
# Setting win_skip_for_test to 'false' will enable Secure Connection types only.
# win22cis_rule_2_3_1_4
# win22cis_rule_9_3_5
# win22cis_rule_18_10_89_1_1
# win22cis_rule_18_10_89_1_2
# win22cis_rule_18_10_89_2_1
# win22cis_rule_18_10_89_2_2
# win22cis_rule_18_10_89_2_3
# win22cis_rule_18_10_90_1
# win22cis_rule_2_2_25 - Breaks Local Admin Connection
# win22cis_rule_2_2_26 - Breaks Local Admin Connection
# win22cis_rule_2_3_1_4 - Rename default administrator account
# win22cis_rule_9_3_5 - Enables Firewall Public Rules *Breaks Reboot*
# win22cis_rule_18_10_89_1_1 - Disables WinRM Allow Client Basic Auth
# win22cis_rule_18_10_89_1_2 - Disables Client Ensure Allow unencrypted traffic is set to Disabled Control.
# win22cis_rule_18_10_89_2_1 - Disables WinRM Allow Service Basic Auth
# win22cis_rule_18_10_89_2_2 - Disables Remote Server Management through WinRM
# win22cis_rule_18_10_89_2_3 - Disables Service Ensure Allow unencrypted traffic is set to Disabled Control.
# win22cis_rule_18_10_90_1 - Disables Remote Shell Access
win_skip_for_test: true

# Changes will be made that will require a system reboot.
@@ -114,6 +116,8 @@ win22cis_rule_2_2_21: true
win22cis_rule_2_2_22: true
win22cis_rule_2_2_23: true
win22cis_rule_2_2_24: true
# Setting win22cis_rule_2_2_25 and win22cis_rule_2_2_26 Control To True Will Break Ansible Connection
# Setting win_skip_for_test: true -- will skip the controls here even if they are set to true.
win22cis_rule_2_2_25: true
win22cis_rule_2_2_26: true
win22cis_rule_2_2_27: true
3 changes: 3 additions & 0 deletions tasks/section02.yml
Original file line number Diff line number Diff line change
@@ -300,6 +300,7 @@
when:
- win22cis_rule_2_2_20
- win2022cis_is_domain_controller
- not win_skip_for_test
tags:
- level1-domaincontroller
- rule_2.2.20
@@ -378,6 +379,7 @@
when:
- win22cis_rule_2_2_25
- win2022cis_is_domain_controller
- not win_skip_for_test
tags:
- level1-domaincontroller
- rule_2.2.25
@@ -394,6 +396,7 @@
when:
- win22cis_rule_2_2_26
- win2022cis_is_domain_member
- not win_skip_for_test
tags:
- level1-memberserver
- rule_2.2.26