Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Made some changes to CAT II #4

Merged
merged 14 commits into from
Aug 6, 2016
Merged

Made some changes to CAT II #4

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
5600b67
Merge pull request #1 from jdspringr07/devel
johannes-cabal Jul 27, 2016
cb80330
Started working on CAT II
johannes-cabal Jul 28, 2016
72cfb9b
Tweaked formatting on my changes.
johannes-cabal Jul 28, 2016
3544356
Made corrective changes to previous commit.
johannes-cabal Jul 29, 2016
5c66e01
Spacing...
johannes-cabal Jul 29, 2016
45ac122
Made some updates to audit,main,patch, and defaults
johannes-cabal Jul 30, 2016
fd40aee
Updated a label.
johannes-cabal Jul 30, 2016
aed18a0
Corrected finding label
johannes-cabal Jul 30, 2016
240e484
Made fixes with suggestions, added some vars, and a placeholder for c…
johannes-cabal Aug 1, 2016
421d3d7
Made some slight changes.
johannes-cabal Aug 1, 2016
205ca42
Minor text fix (tags)
johannes-cabal Aug 1, 2016
cd83f09
Made adjustments based on suggestions.
johannes-cabal Aug 3, 2016
47278c7
Updated the README
johannes-cabal Aug 4, 2016
0a41091
Merge remote-tracking branch 'upstream/devel'
johannes-cabal Aug 4, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,6 @@ rhel7stig_snmp_community: Endgam3Ladyb0g
# system is a router. This variable is used in tasks that should not be run
# if the OS is run as a router. (must override to yes)
rhel7stig_system_is_router: no

#RHEL-07-040560 An X Windows display manager must not be installed unless approved.
rhel7stig_x11: no
21 changes: 20 additions & 1 deletion tasks/audit-cat2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
- name: "MEDIUM | RHEL-07-040640 | AUDIT | The SSH public host key files must have mode 0644 or less permissive."
command: find / -name '*.pub'
find:
paths: /
recurse: yes
file_type: file
patterns: '*.pub'
hidden: true
failed_when: no
changed_when: no
ignore_errors: yes
Expand All @@ -10,6 +15,7 @@
- audit
- RHEL-07-040640
- always
- ssh

- name: "MEDIUM | RHEL-07-040650 | AUDIT | The SSH private host key files must have mode 0600 or less permissive."
find:
Expand All @@ -28,3 +34,16 @@
- audit
- RHEL-07-040650
- always
- ssh

- name: "MEDIUM | RHEL-07-040230 | AUDIT | The operating system, if using PKI-based authentication, must implement a local cache of revocation data to certificate validation in case of the inability to access revocation information via the network."
stat:
path: /var/lib/pki-kra/conf/server.xml
register: rhel_07_040230_audit
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add failed_when, changed_when, and ignore_errors to all audit tasks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

tags:
- cat2
- medium
- audit
- RHEL-07-040230
- always
- pki
Loading