Skip to content

Commit

Permalink
Merge pull request #82 from ansible-lockdown/devel
Browse files Browse the repository at this point in the history 
devel -> main
  • Loading branch information
@uk-bolly
uk-bolly authored Sep 21, 2023
2 parents 8e36cf3 + f01507f commit 20bb0ec
Show file tree
Hide file tree
Showing 50 changed files with 226 additions and 308 deletions.
2 changes: 0 additions & 2 deletions .ansible-lint
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,10 @@ skip_list:
- 'schema'
- 'no-changed-when'
- 'var-spacing'
- 'fqcn-builtins'
- 'experimental'
- 'name[play]'
- 'name[casing]'
- 'name[template]'
- 'fqcn[action]'
- 'key-order[task]'
- '204'
- '305'
Expand Down
17 changes: 4 additions & 13 deletions .config/.secrets.baseline
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,20 +109,11 @@
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
".config/.gitleaks-report.json"
".config/.gitleaks-report.json",
"tasks/parse_etc_password.yml"
]
}
],
"results": {
"tasks/parse_etc_password.yml": [
{
"type": "Secret Keyword",
"filename": "tasks/parse_etc_password.yml",
"hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
"is_verified": false,
"line_number": 18
}
]
},
"generated_at": "2023-09-15T15:29:37Z"
"results": {},
"generated_at": "2023-09-20T16:18:57Z"
}
2 changes: 1 addition & 1 deletion .gitattributes
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
*.yml linguist-detectable=true
*.ps1 linguist-detectable=true
*.j2 linguist-detectable=true
*.md linguist-documentation
*.md linguist-documentation
2 changes: 1 addition & 1 deletion .github/workflows/github_vars.tfvars
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// github_actions variables
// Resourced in github_networks.tf
// Declared in variables.tf
//
//

namespace = "Ansible_Lockdown_GH_PR_Actions"
environment = "Ansible_Lockdown_GH_PR_Pipeline"
Expand Down
2 changes: 1 addition & 1 deletion .yamllint
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ rules:
trailing-spaces: enable
truthy:
allowed-values: ['true', 'false']
check-keys: false
check-keys: true
8 changes: 8 additions & 0 deletions ChangeLog.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Changelog

## 1.4.0

workflow update
linting updates
import_tasks added file
rule 3.1.2 logic update
tidy up tags

## 1.3.1

- issue 84 from ubuntu20 fixed vartmp
Expand Down
10 changes: 0 additions & 10 deletions files/etc/apparmor.d/usr.bin.ssh
View file

This file was deleted.

3 changes: 3 additions & 0 deletions handlers/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
name: exim4
state: restarted

- name: Disable wireless adaptor
ansible.builtin.shell: nmcli radio wifi off

- name: sysctl flush ipv4 route table
ansible.posix.sysctl:
name: net.ipv4.route.flush
Expand Down
147 changes: 0 additions & 147 deletions library/goss.py
View file

This file was deleted.

30 changes: 20 additions & 10 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,19 +31,22 @@
- always

- name: Prelim Import Tasks
ansible.builtin.import_tasks: prelim.yml
ansible.builtin.import_tasks:
file: prelim.yml
tags:
- always

- name: Pre Remediate Audit Task Import
ansible.builtin.import_tasks: pre_remediation_audit.yml
ansible.builtin.import_tasks:
file: pre_remediation_audit.yml
when:
- run_audit
tags:
- run_audit

- name: Run Password Parsing
ansible.builtin.import_tasks: parse_etc_password.yml
ansible.builtin.import_tasks:
file: parse_etc_password.yml
when:
- ubtu18cis_section5_patch or
ubtu18cis_section6_patch
Expand All @@ -55,37 +58,43 @@
- always

- name: Include section 1 patches
ansible.builtin.import_tasks: section_1/main.yml
ansible.builtin.import_tasks:
file: section_1/main.yml
when: ubtu18cis_section1_patch
tags:
- section1

- name: Include section 2 patches
import_tasks: section_2/main.yml
ansible.builtin.import_tasks:
file: section_2/main.yml
when: ubtu18cis_section2_patch
tags:
- section2

- name: Include section 3 patches
ansible.builtin.import_tasks: section_3/main.yml
ansible.builtin.import_tasks:
file: section_3/main.yml
when: ubtu18cis_section3_patch
tags:
- section3

- name: Include section 4 patches
ansible.builtin.import_tasks: section_4/main.yml
ansible.builtin.import_tasks:
file: section_4/main.yml
when: ubtu18cis_section4_patch
tags:
- section4

- name: Include section 5 patches
ansible.builtin.import_tasks: section_5/main.yml
ansible.builtin.import_tasks:
file: section_5/main.yml
when: ubtu18cis_section5_patch
tags:
- section5

- name: Include section 6 patches
ansible.builtin.import_tasks: section_6/main.yml
ansible.builtin.import_tasks:
file: section_6/main.yml
when: ubtu18cis_section6_patch | bool
tags:
- section6
Expand Down Expand Up @@ -113,7 +122,8 @@
warn_control_id: 'Reboot Required'

- name: Post Remediation Task
ansible.builtin.import_tasks: post_remediation_audit.yml
ansible.builtin.import_tasks:
file: post_remediation_audit.yml
when:
- run_audit

Expand Down
3 changes: 2 additions & 1 deletion tasks/pre_remediation_audit.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---

- name: Pre Audit | Setup the audit
ansible.builtin.include_tasks: LE_audit_setup.yml
ansible.builtin.include_tasks:
file: LE_audit_setup.yml
when:
- setup_audit
tags:
Expand Down
Loading

0 comments on commit 20bb0ec

Please sign in to comment.