From 811d873f27c64179b7cd607921dce4ab6cd5aeab Mon Sep 17 00:00:00 2001
From: Daniel Shepherd <shepdelacreme@users.noreply.github.com>
Date: Tue, 6 Jun 2017 21:20:42 -0400
Subject: [PATCH] Updates to CAT 1 fixes (#15)

Updated RHEL-07-10431 to STIG ID for version 1.1 STIG ID RHEL-07-10450

Removed Duplicate entries

Formatting changes to keep the STIG IDs in order.
---
 tasks/fix-cat1.yml | 59 +++++++++++++---------------------------------
 1 file changed, 16 insertions(+), 43 deletions(-)

diff --git a/tasks/fix-cat1.yml b/tasks/fix-cat1.yml
index 4d8c0e8..25ea380 100644
--- a/tasks/fix-cat1.yml
+++ b/tasks/fix-cat1.yml
@@ -71,33 +71,6 @@
       - patch
       - RHEL-07-010450
 
-- name: "HIGH | RHEL-07-010431 | PATCH | The operating system must not allow guest logon to the system."
-  lineinfile:
-      dest: /etc/gdm/custom.conf
-      regexp: (?i)timedloginenable
-      line: TimedLoginEnable=false
-      insertafter: '\[daemon\]'
-  when: rhel7stig_gui
-  tags:
-      - cat1
-      - high
-      - patch
-      - RHEL-07-010431
-      - gui
-
-- name: "HIGH | RHEL-07-010440 | PATCH | The operating system must not allow empty passwords for SSH logon to the system."
-  lineinfile:
-      dest: /etc/ssh/sshd_config
-      regexp: (?i)permitemptypassword
-      line: PermitEmptyPasswords no
-      validate: sshd -t -f %s
-  notify: restart ssh
-  tags:
-      - cat1
-      - high
-      - patch
-      - RHEL-07-010440
-      - ssh
 
 - name: |
 
@@ -226,7 +199,7 @@
       - cat1
       - high
       - patch
-      - RHEL-07-021280
+      - RHEL-07-021350
 
 - name: "HIGH | RHEL-07-021350 | PATCH | The operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards."
   lineinfile:
@@ -238,7 +211,7 @@
       - cat1
       - high
       - patch
-      - RHEL-07-021280
+      - RHEL-07-021350
 
 - name: "HIGH | RHEL-07-021710 | PATCH | The telnet-server package must not be installed."
   yum:
@@ -289,6 +262,20 @@
       - RHEL-07-032000
       - antivirus
 
+- name: "HIGH | RHEL-07-040390 | PATCH | The SSH daemon must be configured to only use the SSHv2 protocol."
+  lineinfile:
+      dest: /etc/ssh/sshd_config
+      regexp: (?i)^#?protocol
+      line: Protocol 2
+      validate: sshd -t -f %s
+  notify: restart ssh
+  tags:
+      - cat1
+      - high
+      - patch
+      - RHEL-07-040390
+      - ssh
+
 - name: "HIGH | RHEL-07-040540 | PATCH | There must be no .shosts files on the system."
   file:
       path: "{{ item.path }}"
@@ -369,17 +356,3 @@
       - RHEL-07-040800
       - snmp
 
-- name: "HIGH | RHEL-07-040390 | PATCH | The SSH daemon must be configured to only use the SSHv2 protocol."
-  lineinfile:
-      dest: /etc/ssh/sshd_config
-      regexp: (?i)^#?protocol
-      line: Protocol 2
-      validate: sshd -t -f %s
-  notify: restart ssh
-  tags:
-      - cat1
-      - high
-      - patch
-      - RHEL-07-040390
-      - ssh
-