Made some changes to CAT II #4
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added entry to include CAT II in main.yml and added some audits/patches.
| @@ -0,0 +1,25 @@ | |||
| - name: "MEDIUM | RHEL-07-040640 | AUDIT | The SSH public host key files must have mode 0644 or less permissive." | |||
| command: find / -name '*ssh_host*key' | |||
There was a problem hiding this comment.
Please use the find module rather than command.
There was a problem hiding this comment.
Fixed. Will commit when finished with other changes.
|
Yep, will be adding it all in. Mainly wanted to get a commit in to make sure I was following the right styling for stuff. |
- Added & Updated Cat II Audit - Added CAT II Patches - Added a default item - Removed rhel7stig_cat1_patch from main.yml (fails on condition), will correct later
Fixed a label typo.
| dest: "{{ item }}" | ||
| mode: 0644 | ||
| state: file | ||
| dest: "{{ item }}" |
| value: 1 | ||
| sysctl_set: yes | ||
| reload: yes | ||
| ignore_errors: yes |
Created the audit for 040180, 040181, and 04182. Need to get with you to figure out how we want to handle LDAP key files.
change ntp to ntpd i ntags
| - name: "MEDIUM | RHEL-07-040230 | AUDIT | The operating system, if using PKI-based authentication, must implement a local cache of revocation data to certificate validation in case of the inability to access revocation information via the network." | ||
| stat: | ||
| path: /var/lib/pki-kra/conf/server.xml | ||
| register: rhel_07_040230_audit |
There was a problem hiding this comment.
Please add failed_when, changed_when, and ignore_errors to all audit tasks.
Fixed with backticks.
# Conflicts: # README.md # defaults/main.yml # handlers/main.yml
|
Also, I merged our changes together so you shouldn't have to. |
samdoran
pushed a commit
that referenced
this pull request
Apr 5, 2017
* Started working on CAT II Added entry to include CAT II in main.yml and added some audits/patches. * Tweaked formatting on my changes. * Fix type-o in README * Update author information * Made corrective changes to previous commit. * Spacing... * Made some updates to audit,main,patch, and defaults - Added & Updated Cat II Audit - Added CAT II Patches - Added a default item - Removed rhel7stig_cat1_patch from main.yml (fails on condition), will correct later * Updated a label. Fixed a label typo. * Corrected finding label * Made fixes with suggestions, added some vars, and a placeholder for cat3 audits. * Made some slight changes. Created the audit for 040180, 040181, and 04182. Need to get with you to figure out how we want to handle LDAP key files. * Minor text fix (tags) change ntp to ntpd i ntags * Made adjustments based on suggestions. * Updated the README Fixed with backticks. * Made some changes to CAT II (#4) * Started working on CAT II Added entry to include CAT II in main.yml and added some audits/patches. * Tweaked formatting on my changes. * Made corrective changes to previous commit. * Spacing... * Made some updates to audit,main,patch, and defaults - Added & Updated Cat II Audit - Added CAT II Patches - Added a default item - Removed rhel7stig_cat1_patch from main.yml (fails on condition), will correct later * Updated a label. Fixed a label typo. * Corrected finding label * Made fixes with suggestions, added some vars, and a placeholder for cat3 audits. * Made some slight changes. Created the audit for 040180, 040181, and 04182. Need to get with you to figure out how we want to handle LDAP key files. * Minor text fix (tags) change ntp to ntpd i ntags * Made adjustments based on suggestions. * Updated the README Fixed with backticks. * Add variable for determing if system is acting as a router. * Correct variable name used for determing if a windowing graphical environment is in use * Add RHEL-07-040620 * Correct indentation * Updated README to reflect the current revision, updates CAT1 STIG ID's, added an un-covered item * Added temporary STIG checklist for reference. Can be used to compare current repo status in STIG Viewer * Updated some typos, finished up CATI changes and Variable naming * Updating STIG ID's, handler name, and checklist * Re-organizing CAT II findings. Also completed the additional CAT I finding introduced in the release * Cat 2's are re-org'd, fixed some low-hanging fruit while change the structure
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hey, didn't have much time left, but started working from the bottom up. Added the CAT II audit file, included in main.yml, and started hitting some items.