Merge fe8c656c3c into b32cd33fcb

2025-03-28 11:32:01 +01:00
4 changed files with 16 additions and 6 deletions
--- a/.github/workflows/devel_pipeline_validation.yml
+++ b/.github/workflows/devel_pipeline_validation.yml
@ -7,7 +7,6 @@
        types: [opened, reopened, synchronize]
        branches:
            - devel
-            - benchmark*
        paths:
            - '**.yml'
            - '**.sh'
@ -71,6 +70,7 @@
                 echo IAC_BRANCH=main >> $GITHUB_ENV
              fi

+
          # Pull in terraform code for linux servers
          - name: Clone GitHub IaC plan
            uses: actions/checkout@v4
--- a/.github/workflows/main_pipeline_validation.yml
+++ b/.github/workflows/main_pipeline_validation.yml
@ -7,7 +7,6 @@
        types: [opened, reopened, synchronize]
        branches:
            - main
-            - latest
        paths:
            - '**.yml'
            - '**.sh'
@ -24,6 +23,17 @@
  # A workflow run is made up of one or more jobs
  # that can run sequentially or in parallel
  jobs:
+    # This will create messages for first time contributers and direct them to the Discord server
+      welcome:
+        runs-on: self-hosted
+
+        steps:
+            - uses: actions/first-interaction@main
+              with:
+                repo-token: ${{ secrets.GITHUB_TOKEN }}
+                pr-message: |-
+                    Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
+                    Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.

      # This workflow contains a single job that tests the playbook
      playbook-test:
--- a/.gitignore
+++ b/.gitignore
@ -44,5 +44,5 @@ benchparse/
 # GitHub Action/Workflow files
 .github/

-# ansible-lint cache
+# Precommit
 .ansible/
--- a/templates/audit/99_auditd.rules.j2
+++ b/templates/audit/99_auditd.rules.j2
@ -43,8 +43,8 @@
 {{ arch_syscalls.append( syscall) }}
 {% endif %}
 {% endfor %}
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -k system-locale
-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -k system-locale
+-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }}  -k system-locale
+-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }}  -k system-locale
 -w /etc/issue -p wa -k system-locale
 -w /etc/issue.net -p wa -k system-locale
 -w /etc/hosts -p wa -k system-locale
@ -99,7 +99,7 @@
 {% endif %}
 {% endfor %}
 -a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -F auid>=1000 -F auid!=unset -k perm_mod
-{% set syscalls = ["setxattr","lsetxattr","fsetxattr","removexattr","lremovexattr","fremovexattr"] %}
+{% set syscalls = ["etxattr","lsetxattr","fsetxattr","removexattr","lremovexattr","fremovexattr"] %}
 {% set arch_syscalls = [] %}
 {% for syscall in syscalls  %}
 {% if syscall in supported_syscalls %}