colin
/
UBUNTU24-CIS
mirror of https://github.com/ansible-lockdown/UBUNTU24-CIS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UBUNTU24-CIS/tasks/section_1/cis_1.2.1.x.yml

66 lines
2.0 KiB
YAML
Raw Permalink Blame History

---
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured"
when:
- ubtu24cis_rule_1_2_1_1
tags:
- level1-server
- level1-workstation
- audit
- rule_1.2.1.1
- NIST800-53R5_SI-2
- gpg
- keys
vars:
warn_control_id: '1.2.1.1'
block:
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Get apt gpg keys"
ansible.builtin.command: apt-key list
changed_when: false
failed_when: false
check_mode: false
register: discovered_apt_gpgkeys
- name: "1.2.1.1 | AUDIT | Ensure GPG keys are configured | Message out apt gpg keys"
ansible.builtin.debug:
msg:
- "Warning!! Below are the apt gpg keys configured"
- "Please review to make sure they are configured"
- "in accordance with site policy"
- "{{ discovered_apt_gpgkeys.stdout_lines }}"
- name: "1.2.1.1 | WARN | Ensure GPG keys are configured | warn_count"
ansible.builtin.import_tasks:
file: warning_facts.yml
- name: "1.2.1.2 | AUDIT | Ensure package manager repositories are configured"
when:
- ubtu24cis_rule_1_2_1_2
tags:
- level1-server
- level1-workstation
- audit
- rule_1.2.1.2
- NIST800-53R5_SI-2
- apt
vars:
warn_control_id: '1.2.1.2'
block:
- name: "1.2.1.2 | AUDIT | Ensure package manager repositories are configured | Get repositories"
ansible.builtin.command: apt-cache policy
changed_when: false
failed_when: false
check_mode: false
register: discovered_apt_policy
- name: "1.2.1.2 | AUDIT | Ensure package manager repositories are configured | Message out repository configs"
ansible.builtin.debug:
msg:
- "Warning!! Below are the apt package repositories"
- "Please review to make sure they conform to your sites policies"
- "{{ discovered_apt_policy.stdout_lines }}"
- name: "1.2.1.2 | WARN | Ensure package manager repositories are configured | warn_count"
ansible.builtin.import_tasks:
file: warning_facts.yml
Reference in New Issue View Git Blame Copy Permalink