Mark Bolwell
|
20cb8001e5
|
addressed #28 thanks to @guba-elleschr
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-04-01 08:22:56 +01:00 |
|
Mark Bolwell
|
84f4a69c2d
|
renamed moduel from ansible.builtin.systemd_service
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-04-01 08:20:25 +01:00 |
|
Mark Bolwell
|
a931c60b5c
|
lint updates
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-04-01 08:14:51 +01:00 |
|
Mark Bolwell
|
f7b504afba
|
Added options for fetch_audit and ansible facts
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-04-01 08:10:33 +01:00 |
|
Mark Bolwell
|
36945eb561
|
added package when minimal install
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-04-01 07:59:49 +01:00 |
|
Mark Bolwell
|
c1684508f6
|
updated
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-03-31 09:07:09 +01:00 |
|
Mark Bolwell
|
62c67740e4
|
typo fixes
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-03-31 08:41:38 +01:00 |
|
Mark Bolwell
|
2611117b33
|
Updated
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-03-31 08:40:25 +01:00 |
|
Mark Bolwell
|
ecfee57c60
|
updated workflow files
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-03-31 08:38:59 +01:00 |
|
uk-bolly
|
b32cd33fcb
|
Merge pull request #27 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-03-25 11:23:30 +00:00 |
|
pre-commit-ci[bot]
|
7d5187fc43
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/gitleaks/gitleaks: v8.24.0 → v8.24.2](https://github.com/gitleaks/gitleaks/compare/v8.24.0...v8.24.2)
- [github.com/adrienverge/yamllint.git: v1.36.2 → v1.37.0](https://github.com/adrienverge/yamllint.git/compare/v1.36.2...v1.37.0)
|
2025-03-24 17:26:14 +00:00 |
|
uk-bolly
|
94be1d18d1
|
Merge pull request #25 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-03-18 09:17:30 +00:00 |
|
pre-commit-ci[bot]
|
ef9d8ef176
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/adrienverge/yamllint.git: v1.35.1 → v1.36.2](https://github.com/adrienverge/yamllint.git/compare/v1.35.1...v1.36.2)
|
2025-03-17 17:28:27 +00:00 |
|
uk-bolly
|
20c84823de
|
Merge pull request #23 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-02-25 08:23:21 +00:00 |
|
pre-commit-ci[bot]
|
29febe9be2
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/gitleaks/gitleaks: v8.23.3 → v8.24.0](https://github.com/gitleaks/gitleaks/compare/v8.23.3...v8.24.0)
- [github.com/ansible-community/ansible-lint: v25.1.2 → v25.1.3](https://github.com/ansible-community/ansible-lint/compare/v25.1.2...v25.1.3)
|
2025-02-24 17:24:30 +00:00 |
|
uk-bolly
|
f7b759396e
|
Merge pull request #18 from ansible-lockdown/Feb25_updates
Feb25 updates
|
2025-02-21 15:32:43 +00:00 |
|
Mark Bolwell
|
39507838e6
|
added workaround for ssh-server patching breaks /run/ssh
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-21 11:15:52 +00:00 |
|
Mark Bolwell
|
0835a05b08
|
reset 5.1.1 settings
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-21 11:13:47 +00:00 |
|
Mark Bolwell
|
345928b74f
|
updated 5.1.1 logic for ec2 image
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-21 09:45:33 +00:00 |
|
Mark Bolwell
|
39efaecdd2
|
Added updated for 5.1.1 to ignore ec2 based ssh config perms change
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-20 17:09:21 +00:00 |
|
Mark Bolwell
|
fca0434bb3
|
Lint
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-20 16:46:42 +00:00 |
|
Mark Bolwell
|
764b0eaa63
|
removed tag typo in 5.1.7 #20
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-20 09:56:37 +00:00 |
|
Mark Bolwell
|
5553ddb0a8
|
updated rules for 4.4.x.x thanks to issue #19
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-20 09:52:24 +00:00 |
|
Mark Bolwell
|
a290776eee
|
issue #10 thanks to cf-sewe
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-14 12:06:57 +00:00 |
|
Mark Bolwell
|
889377b507
|
updated for precommit
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-14 12:00:29 +00:00 |
|
Mark Bolwell
|
dae6f8ab9f
|
issue #12 addressed moduel update thanks to @VitaliySynytskyi
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-14 11:59:54 +00:00 |
|
Mark Bolwell
|
fdcee67e0a
|
addressed #15 thanks tou @WhiteRoseLK
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-14 11:58:46 +00:00 |
|
Mark Bolwell
|
2bb9240aae
|
addressed #9 thanks to @kerjox
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-02-14 11:28:10 +00:00 |
|
uk-bolly
|
9aa55e5616
|
Merge pull request #14 from ShawnHardwick/shawn.hardwick/idempotency
Multiple fixes around idempotency and check_mode
|
2025-02-11 12:09:11 +01:00 |
|
uk-bolly
|
3c39ff1ed0
|
Merge pull request #17 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-02-11 12:05:08 +01:00 |
|
pre-commit-ci[bot]
|
a929843683
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/ansible-community/ansible-lint: v25.1.1 → v25.1.2](https://github.com/ansible-community/ansible-lint/compare/v25.1.1...v25.1.2)
|
2025-02-10 17:53:59 +00:00 |
|
Shawn Hardwick
|
9a2a7ad96f
|
If prelim_auditd_logfile does not evaluate, check mode will fail on rule 6.2.4.3 with 'file () is absent, cannot continue' error
Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
|
2025-02-05 12:54:03 -05:00 |
|
Shawn Hardwick
|
a9df5eb912
|
Set a default variable value for control_1_3_1_4_was_run; if only level1-server tasks are executed, this variable is never set and tasks fail
Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
|
2025-02-05 12:54:03 -05:00 |
|
Shawn Hardwick
|
4af134cd74
|
Update rule 5.4.1.5 to use shell task which supports pipes instead of command task; previously this would silently fail
Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
|
2025-02-05 12:54:03 -05:00 |
|
Shawn Hardwick
|
1cf3c4d58b
|
Update regexp for rule 2.1.21 to be more strict when updating line in file; allows task to be idempotent with itself
Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
|
2025-02-05 12:54:03 -05:00 |
|
Shawn Hardwick
|
8a38650658
|
Add ignore_apt_update_changed_when default variable to allow users to specify changed_when behavior of apt update task; allows for idempotency checks (like Molecule)
Signed-off-by: Shawn Hardwick <time4swim@gmail.com>
|
2025-02-05 12:53:49 -05:00 |
|
uk-bolly
|
a41047672d
|
Merge pull request #13 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-02-04 06:43:26 +00:00 |
|
pre-commit-ci[bot]
|
a167970bcf
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/gitleaks/gitleaks: v8.23.2 → v8.23.3](https://github.com/gitleaks/gitleaks/compare/v8.23.2...v8.23.3)
- [github.com/ansible-community/ansible-lint: v25.1.0 → v25.1.1](https://github.com/ansible-community/ansible-lint/compare/v25.1.0...v25.1.1)
|
2025-02-03 18:04:53 +00:00 |
|
uk-bolly
|
7ed58ca8a6
|
Merge pull request #8 from ansible-lockdown/auditd_arm64
Added auditd arm compatibility
|
2025-02-02 11:35:40 +00:00 |
|
Mark Bolwell
|
043fb4451b
|
Added auditd arm compatibility thanks to @arousseau-coveo for the excellent work
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-01-28 10:53:33 +00:00 |
|
uk-bolly
|
b3ed09583c
|
Merge pull request #7 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-01-28 10:33:55 +00:00 |
|
pre-commit-ci[bot]
|
05e9d75328
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/gitleaks/gitleaks: v8.23.1 → v8.23.2](https://github.com/gitleaks/gitleaks/compare/v8.23.1...v8.23.2)
|
2025-01-27 17:53:22 +00:00 |
|
uk-bolly
|
30719a77b5
|
Merge pull request #6 from ansible-lockdown/apt_update
moved apt update order to assist with audit
|
2025-01-21 16:22:21 +00:00 |
|
uk-bolly
|
c8e368e541
|
Merge pull request #5 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-01-21 16:21:55 +00:00 |
|
Mark Bolwell
|
bba53315f2
|
moved apt update order to assist with audit
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-01-21 08:07:27 +00:00 |
|
pre-commit-ci[bot]
|
46e23a7c4b
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/gitleaks/gitleaks: v8.23.0 → v8.23.1](https://github.com/gitleaks/gitleaks/compare/v8.23.0...v8.23.1)
- [github.com/ansible-community/ansible-lint: v24.12.2 → v25.1.0](https://github.com/ansible-community/ansible-lint/compare/v24.12.2...v25.1.0)
|
2025-01-20 17:45:16 +00:00 |
|
uk-bolly
|
7a1b8b5250
|
Merge pull request #4 from ansible-lockdown/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
|
2025-01-14 08:14:20 +00:00 |
|
uk-bolly
|
1b98e1ed7b
|
Merge pull request #3 from ansible-lockdown/jan25_updates
Jan25 updates
|
2025-01-13 20:04:27 +00:00 |
|
pre-commit-ci[bot]
|
a857b1e552
|
[pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/gitleaks/gitleaks: v8.21.2 → v8.23.0](https://github.com/gitleaks/gitleaks/compare/v8.21.2...v8.23.0)
- [github.com/ansible-community/ansible-lint: v24.10.0 → v24.12.2](https://github.com/ansible-community/ansible-lint/compare/v24.10.0...v24.12.2)
|
2025-01-13 17:50:19 +00:00 |
|
Mark Bolwell
|
5de8d4c558
|
Added optional logrotate install and variable, improved 6.1.3.8 logic
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
|
2025-01-10 15:33:10 +00:00 |