Skip to content

Releases: florianutz/Ubuntu1604-CIS

2.0.3: Don't loop over apt (#34)

11 May 21:42
Compare
Choose a tag to compare
* don't loop over apt use a list of names instead

* use consistent tab depth

* fix another apt loop

* parse var as jinja2

Some linter fixes

11 May 08:27
Compare
Choose a tag to compare
  • fix handler conditionals

  • fix section1 linter errors

  • fix section2 linter errors

  • fix section3 linter errors

  • fix section4 linter errors

  • fix section5 linter errors

  • fix section6 linter errors

  • fix linter errors

  • fix sed linter errors

  • fix pipefail

  • use literal + in lineinfile regex

  • use not rather than !

A lot of major enhancements. Mostly provided by Eric (ideologysec)

11 May 07:42
ed8ea1d
Compare
Choose a tag to compare

A lot of major enhancements. Mostly provided by Eric (ideologysec) https://github.com/ideologysec

  • cleanup files and folders

  • audit tasks enhancements

  • some smaller bugfix

  • bugfix variables

  • update licensefile

  • update defaults

  • update gitignore

  • added missing tags to 6.2.6

  • added handler load audit rules

  • Added scored or notscored to all rule plays.

  • Added rule tags

  • Added 5.5 and 5.6 to defaults/main.yml

  • added section tags to tasks/main.yml for easy section testing

  • cleaned up tasks/post.yml for easy reading + task header standardization; removed "when == Debian" since this is only for Ubuntu systems

  • standardized order of tags (levels, scored, patch, subsystem, rule, notimplemented).

  • added cron, sshd, ntp, syslog, and maybe several other tags to various plays to allow bypassing or enabling based on subsystem (mostly section 5)

  • moved multiple plays for the same rule into a single block (block names are only supported >= Ansible 2.3). This allows for a single "when" to run the entire block, and for nicer code folding. Unfortunately, it does push the minimum requirement from 2.1 *> 2.3; I will look at block syntax without names if backwards compat that far is desired.

  • switched "restart auditd" to be a service command instead of a command; this is more Ansibley and works on both RedHat and Debian families, with both SysV init and systemd init services. This also tracks with redhatcis

  • fixed rule 4.1.6 template to conform to the Ubuntu CIS benchmark instead of the RedHat one.

  • Fixed whitespace issue 1.1.2

  • Fixed section1 and section4 whitespace and block errors.

  • Section5 whitespace fixes.

  • yamlint now passes 100% of all yml files

  • Fixed rule 4.3

  • added rule 4_3 to defaults/main.yml

  • added file touch to rule 4.3

  • Forgot to write an actual commit message.

  • Added stat check for 5.4.4

  • update handlers for docker

  • updated regex for 1.1.1.4 and 1.1.1.5

  • update for 4.3: state: touch always returns an "modified" and idempotence test will fail. bad workaround changed_when: false

1.0.0

11 May 07:42
Compare
Choose a tag to compare
cleanup files and folders