Compare commits
	
		
			1 Commits
		
	
	
		
			83c8d117df
			...
			4b0c43e47b
		
	
	| Author | SHA1 | Date | 
|---|---|---|
|  rronneburger | 4b0c43e47b | 
|  | @ -24,7 +24,6 @@ | |||
|  | ||||
|  | ||||
|  | ||||
| [](https://github.com/pre-commit/pre-commit) | ||||
| 
 | ||||
|  | ||||
| 
 | ||||
|  |  | |||
|  | @ -21,7 +21,6 @@ | |||
|   listen: "Remount /tmp" | ||||
| 
 | ||||
| - name: "Remounting /tmp systemd" | ||||
|   when: ubtu24cis_tmp_svc | ||||
|   vars: | ||||
|     mount_point: '/tmp' | ||||
|   ansible.builtin.systemd: | ||||
|  |  | |||
|  | @ -38,9 +38,7 @@ | |||
|         sudo_password_rule: ubtu24cis_rule_5_2_4  # pragma: allowlist secret | ||||
| 
 | ||||
| - name: Ensure root password is set | ||||
|   when: | ||||
|     - ubtu24cis_section5 | ||||
|     - ubtu24cis_rule_5_4_2_4 | ||||
|   when: ubtu24cis_rule_5_4_2_4 | ||||
|   tags: always | ||||
|   block: | ||||
|     - name: Ensure root password is set | ||||
|  |  | |||
|  | @ -22,12 +22,12 @@ | |||
|       register: discovered_var_mount | ||||
| 
 | ||||
|     - name: "1.1.2.4.1 | AUDIT | Ensure /var is a separate partition | Absent" | ||||
|       when: discovered_var_mount is undefined | ||||
|       when: discovered_dev_shm_mount is undefined | ||||
|       ansible.builtin.debug: | ||||
|         msg: "Warning!! {{ required_mount }} is not mounted on a separate partition" | ||||
| 
 | ||||
|     - name: "1.1.2.4.1 | AUDIT | Ensure /var is a separate partition | Present" | ||||
|       when: discovered_var_mount is undefined | ||||
|       when: discovered_dev_shm_mount is undefined | ||||
|       ansible.builtin.import_tasks: | ||||
|         file: warning_facts.yml | ||||
| 
 | ||||
|  |  | |||
|  | @ -10,7 +10,7 @@ | |||
|     - NIST800-53R5_SI-2 | ||||
|     - patch | ||||
|   block: | ||||
|     - name: "1.2.2.1 | PATCH | Ensure updates, patches, and additional security software are installed | Update" | ||||
|     - name: "1.2.2.1 | PATCH | Ensure updates, patches, and additional security software are installedi | Update" | ||||
|       ansible.builtin.package: | ||||
|         name: "*" | ||||
|         state: latest | ||||
|  |  | |||
|  | @ -672,7 +672,7 @@ | |||
|     - rule_2.1.21 | ||||
|     - NIST800-53R5_CM-7 | ||||
|   vars: | ||||
|     warn_control_id: '2.1.21' | ||||
|     warn_control_id: '2.2.21' | ||||
|   block: | ||||
|     - name: "2.1.21 | PATCH | Ensure mail transfer agents are configured for local-only mode | Make changes if exim4 installed" | ||||
|       when: "'exim4' in ansible_facts.packages" | ||||
|  |  | |||
|  | @ -15,9 +15,9 @@ | |||
|       ansible.builtin.template: | ||||
|         src: "{{ item }}.j2" | ||||
|         dest: "/{{ item }}" | ||||
|         mode: 'g=r,o-rwx' | ||||
|         mode: 'go-r' | ||||
|         owner: root | ||||
|         group: "{% if ubtu24cis_rule_2_3_3_2 %}_chrony{% else %}root{% endif %}" | ||||
|         group: root | ||||
|       loop: | ||||
|         - etc/chrony/sources.d/pool.sources | ||||
|         - etc/chrony/sources.d/server.sources | ||||
|  |  | |||
|  | @ -154,5 +154,5 @@ | |||
|       ansible.builtin.file: | ||||
|         path: /etc/cron.allow | ||||
|         owner: root | ||||
|         group: '{{ (discovered_cron_allow_status.stat.gr_name == "crontab") | ternary(omit,"root") }}' | ||||
|         group: root | ||||
|         mode: 'u-x,g-wx,o-rwx' | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue