colin
/
UBUNTU24-CIS
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: colin:f945ccfb42bdd0cac55533c9c96d2145c46a6c2a
Branches Tags
colin:devel
colin:pre-commit-ci-update-config
colin:main
colin:1.0.2
colin:1.0.1
colin:1.0.0
..
compare: colin:3f960ead47e7fd5b11b2d861d7b5dce393830735
Branches Tags
colin:pre-commit-ci-update-config
colin:devel
colin:main
colin:1.0.2
colin:1.0.1
colin:1.0.0

1 Commits
f945ccfb42 ... 3f960ead47

Author SHA1 Message Date
rronneburger 3f960ead47
Merge fe8c656c3c into b32cd33fcb 2025-03-28 11:32:01 +01:00
4 changed files with 16 additions and 6 deletions
Show Stats Expand all files Collapse all files

2
.github/workflows/devel_pipeline_validation.yml vendored
View File

@ -7,7 +7,6 @@
types: [opened, reopened, synchronize] types: [opened, reopened, synchronize]
branches: branches:
- devel - devel
- benchmark*
paths: paths:
- '**.yml' - '**.yml'
- '**.sh' - '**.sh'
@ -71,6 +70,7 @@
echo IAC_BRANCH=main >> $GITHUB_ENV echo IAC_BRANCH=main >> $GITHUB_ENV
fi fi
# Pull in terraform code for linux servers # Pull in terraform code for linux servers
- name: Clone GitHub IaC plan - name: Clone GitHub IaC plan
uses: actions/checkout@v4 uses: actions/checkout@v4

12
.github/workflows/main_pipeline_validation.yml vendored
View File

@ -7,7 +7,6 @@
types: [opened, reopened, synchronize] types: [opened, reopened, synchronize]
branches: branches:
- main - main
- latest
paths: paths:
- '**.yml' - '**.yml'
- '**.sh' - '**.sh'
@ -24,6 +23,17 @@
# A workflow run is made up of one or more jobs # A workflow run is made up of one or more jobs
# that can run sequentially or in parallel # that can run sequentially or in parallel
jobs: jobs:
# This will create messages for first time contributers and direct them to the Discord server
welcome:
runs-on: self-hosted
steps:
- uses: actions/first-interaction@main
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
pr-message: |-
Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.
# This workflow contains a single job that tests the playbook # This workflow contains a single job that tests the playbook
playbook-test: playbook-test:

2
.gitignore vendored
View File

@ -44,5 +44,5 @@ benchparse/
# GitHub Action/Workflow files # GitHub Action/Workflow files
.github/ .github/
# ansible-lint cache # Precommit
.ansible/ .ansible/

2
templates/audit/99_auditd.rules.j2
View File

@ -99,7 +99,7 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -F auid>=1000 -F auid!=unset -k perm_mod -a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -F auid>=1000 -F auid!=unset -k perm_mod
{% set syscalls = ["setxattr","lsetxattr","fsetxattr","removexattr","lremovexattr","fremovexattr"] %} {% set syscalls = ["etxattr","lsetxattr","fsetxattr","removexattr","lremovexattr","fremovexattr"] %}
{% set arch_syscalls = [] %} {% set arch_syscalls = [] %}
{% for syscall in syscalls %} {% for syscall in syscalls %}
{% if syscall in supported_syscalls %} {% if syscall in supported_syscalls %}