Releases: florianutz/Ubuntu1604-CIS
2.0.3: Don't loop over apt (#34)
* don't loop over apt use a list of names instead * use consistent tab depth * fix another apt loop * parse var as jinja2
Some linter fixes
-
fix handler conditionals
-
fix section1 linter errors
-
fix section2 linter errors
-
fix section3 linter errors
-
fix section4 linter errors
-
fix section5 linter errors
-
fix section6 linter errors
-
fix linter errors
-
fix sed linter errors
-
fix pipefail
-
use literal
+
in lineinfile regex -
use
not
rather than!
A lot of major enhancements. Mostly provided by Eric (ideologysec)
A lot of major enhancements. Mostly provided by Eric (ideologysec) https://github.com/ideologysec
-
cleanup files and folders
-
audit tasks enhancements
-
some smaller bugfix
-
bugfix variables
-
update licensefile
-
update defaults
-
update gitignore
-
added missing tags to 6.2.6
-
added handler load audit rules
-
Added scored or notscored to all rule plays.
-
Added rule tags
-
Added 5.5 and 5.6 to defaults/main.yml
-
added section tags to tasks/main.yml for easy section testing
-
cleaned up tasks/post.yml for easy reading + task header standardization; removed "when == Debian" since this is only for Ubuntu systems
-
standardized order of tags (levels, scored, patch, subsystem, rule, notimplemented).
-
added cron, sshd, ntp, syslog, and maybe several other tags to various plays to allow bypassing or enabling based on subsystem (mostly section 5)
-
moved multiple plays for the same rule into a single block (block names are only supported >= Ansible 2.3). This allows for a single "when" to run the entire block, and for nicer code folding. Unfortunately, it does push the minimum requirement from 2.1 *> 2.3; I will look at block syntax without names if backwards compat that far is desired.
-
switched "restart auditd" to be a service command instead of a command; this is more Ansibley and works on both RedHat and Debian families, with both SysV init and systemd init services. This also tracks with redhatcis
-
fixed rule 4.1.6 template to conform to the Ubuntu CIS benchmark instead of the RedHat one.
-
Fixed whitespace issue 1.1.2
-
Fixed section1 and section4 whitespace and block errors.
-
Section5 whitespace fixes.
-
yamlint now passes 100% of all yml files
-
Fixed rule 4.3
-
added rule 4_3 to defaults/main.yml
-
added file touch to rule 4.3
-
Forgot to write an actual commit message.
-
Added stat check for 5.4.4
-
update handlers for docker
-
updated regex for 1.1.1.4 and 1.1.1.5
-
update for 4.3: state: touch always returns an "modified" and idempotence test will fail. bad workaround changed_when: false
1.0.0
cleanup files and folders