From 009dde46af045ba7adf3a0171c7f33830a31ca25 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Mon, 18 Sep 2023 11:54:19 +0100 Subject: [PATCH 1/2] lint updates Signed-off-by: Mark Bolwell --- tasks/auditd.yml | 2 +- tasks/main.yml | 22 ++++++++++----------- tasks/post.yml | 2 +- tasks/pre_remediation_audit.yml | 2 +- tasks/prelim.yml | 2 +- tasks/section_1/cis_1.1.2.x.yml | 2 +- tasks/section_1/cis_1.1.3.x.yml | 2 +- tasks/section_1/cis_1.1.4.x.yml | 2 +- tasks/section_1/cis_1.1.5.x.yml | 2 +- tasks/section_1/cis_1.1.6.x.yml | 2 +- tasks/section_1/cis_1.1.7.x.yml | 2 +- tasks/section_1/cis_1.1.8.x.yml | 2 +- tasks/section_1/cis_1.2.x.yml | 2 +- tasks/section_1/cis_1.6.1.x.yml | 2 +- tasks/section_1/main.yml | 34 ++++++++++++++++----------------- tasks/section_2/cis_2.4.yml | 2 +- tasks/section_2/main.yml | 8 ++++---- tasks/section_3/cis_3.4.2.x.yml | 2 +- tasks/section_3/main.yml | 10 +++++----- tasks/section_4/cis_4.6.1.x.yml | 2 +- tasks/section_4/main.yml | 14 +++++++------- tasks/section_5/cis_5.1.2.x.yml | 2 +- tasks/section_5/cis_5.3.yml | 2 +- tasks/section_5/main.yml | 18 ++++++++--------- tasks/section_6/cis_6.1.x.yml | 6 +++--- tasks/section_6/cis_6.2.x.yml | 12 ++++++------ tasks/section_6/main.yml | 4 ++-- 27 files changed, 82 insertions(+), 82 deletions(-) diff --git a/tasks/auditd.yml b/tasks/auditd.yml index 729553f..5e58427 100644 --- a/tasks/auditd.yml +++ b/tasks/auditd.yml @@ -21,7 +21,7 @@ - name: POST | AUDITD | Add Warning count for changes to template file | Warn Count # noqa no-handler ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: 'Auditd template updated, see diff output for details' when: diff --git a/tasks/main.yml b/tasks/main.yml index bf119b2..678c65a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -87,7 +87,7 @@ - name: Include preliminary steps ansible.builtin.import_tasks: - file: prelim.yml + file: prelim.yml tags: - prelim_tasks - always @@ -96,7 +96,7 @@ when: - run_audit ansible.builtin.include_tasks: - file: pre_remediation_audit.yml + file: pre_remediation_audit.yml tags: - run_audit @@ -104,7 +104,7 @@ when: - amzn2023cis_section1 ansible.builtin.import_tasks: - file: section_1/main.yml + file: section_1/main.yml tags: - amzn2023cis_section1 @@ -112,7 +112,7 @@ when: - amzn2023cis_section2 ansible.builtin.import_tasks: - file: section_2/main.yml + file: section_2/main.yml tags: - amzn2023cis_section2 @@ -120,7 +120,7 @@ when: - amzn2023cis_section3 ansible.builtin.import_tasks: - file: section_3/main.yml + file: section_3/main.yml tags: - amzn2023cis_section3 @@ -128,7 +128,7 @@ when: - amzn2023cis_section4 ansible.builtin.import_tasks: - file: section_4/main.yml + file: section_4/main.yml tags: - amzn2023cis_section4 @@ -136,7 +136,7 @@ when: - amzn2023cis_section5 ansible.builtin.import_tasks: - file: section_5/main.yml + file: section_5/main.yml tags: - amzn2023cis_section5 @@ -144,7 +144,7 @@ when: - amzn2023cis_section6 ansible.builtin.import_tasks: - file: section_6/main.yml + file: section_6/main.yml tags: - amzn2023cis_section6 @@ -152,13 +152,13 @@ when: - update_audit_template ansible.builtin.import_tasks: - file: auditd.yml + file: auditd.yml tags: - always - name: run post remediation tasks ansible.builtin.import_tasks: - file: post.yml + file: post.yml tags: - post_tasks - always @@ -167,7 +167,7 @@ when: - run_audit ansible.builtin.import_tasks: - file: post_remediation_audit.yml + file: post_remediation_audit.yml - name: Show Audit Summary when: diff --git a/tasks/post.yml b/tasks/post.yml index 7568c19..b681f02 100644 --- a/tasks/post.yml +++ b/tasks/post.yml @@ -47,7 +47,7 @@ - name: "POST | Warning a reboot required but skip option set | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml when: - change_requires_reboot - skip_reboot diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml index 79302b0..4b60075 100644 --- a/tasks/pre_remediation_audit.yml +++ b/tasks/pre_remediation_audit.yml @@ -2,7 +2,7 @@ - name: Pre Audit Binary Setup | Setup the LE audit ansible.builtin.include_tasks: - file: LE_audit_setup.yml + file: LE_audit_setup.yml when: - setup_audit tags: diff --git a/tasks/prelim.yml b/tasks/prelim.yml index c55a8be..90bb606 100644 --- a/tasks/prelim.yml +++ b/tasks/prelim.yml @@ -13,7 +13,7 @@ - name: "PRELIM | capture /etc/password variables" ansible.builtin.include_tasks: - file: parse_etc_password.yml + file: parse_etc_password.yml tags: - rule_5.5.2 - rule_5.6.2 diff --git a/tasks/section_1/cis_1.1.2.x.yml b/tasks/section_1/cis_1.1.2.x.yml index 211e66b..514651d 100644 --- a/tasks/section_1/cis_1.1.2.x.yml +++ b/tasks/section_1/cis_1.1.2.x.yml @@ -8,7 +8,7 @@ - name: "1.1.2.1 | PATCH | Ensure /tmp is a separate partition | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.2.1' required_mount: '/tmp' diff --git a/tasks/section_1/cis_1.1.3.x.yml b/tasks/section_1/cis_1.1.3.x.yml index 0e1f472..fda1806 100644 --- a/tasks/section_1/cis_1.1.3.x.yml +++ b/tasks/section_1/cis_1.1.3.x.yml @@ -8,7 +8,7 @@ - name: "1.1.3.1 | AUDIT | Ensure separate partition exists for /var | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.3.1' required_mount: '/var' diff --git a/tasks/section_1/cis_1.1.4.x.yml b/tasks/section_1/cis_1.1.4.x.yml index b411ab8..317635c 100644 --- a/tasks/section_1/cis_1.1.4.x.yml +++ b/tasks/section_1/cis_1.1.4.x.yml @@ -9,7 +9,7 @@ - name: "1.1.4.1 | AUDIT | Ensure separate partition exists for /var/tmp | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.4.1' required_mount: '/var/tmp' diff --git a/tasks/section_1/cis_1.1.5.x.yml b/tasks/section_1/cis_1.1.5.x.yml index 658032d..26e0926 100644 --- a/tasks/section_1/cis_1.1.5.x.yml +++ b/tasks/section_1/cis_1.1.5.x.yml @@ -8,7 +8,7 @@ - name: "1.1.5.1 | AUDIT | Ensure separate partition exists for /var/log | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.5.1' diff --git a/tasks/section_1/cis_1.1.6.x.yml b/tasks/section_1/cis_1.1.6.x.yml index 38c9585..72c6055 100644 --- a/tasks/section_1/cis_1.1.6.x.yml +++ b/tasks/section_1/cis_1.1.6.x.yml @@ -8,7 +8,7 @@ - name: "1.1.6.1 | AUDIT | Ensure separate partition exists for /var/log/audit | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.6.1' diff --git a/tasks/section_1/cis_1.1.7.x.yml b/tasks/section_1/cis_1.1.7.x.yml index 99bab8e..53a7424 100644 --- a/tasks/section_1/cis_1.1.7.x.yml +++ b/tasks/section_1/cis_1.1.7.x.yml @@ -8,7 +8,7 @@ - name: "1.1.7.1 | AUDIT | Ensure separate partition exists for /home | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.7.1' diff --git a/tasks/section_1/cis_1.1.8.x.yml b/tasks/section_1/cis_1.1.8.x.yml index ddfa5de..d9577ec 100644 --- a/tasks/section_1/cis_1.1.8.x.yml +++ b/tasks/section_1/cis_1.1.8.x.yml @@ -9,7 +9,7 @@ - name: "1.1.8.1 | AUDIT | Ensure separate partition exists for /home | Present" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.1.8.1' diff --git a/tasks/section_1/cis_1.2.x.yml b/tasks/section_1/cis_1.2.x.yml index c6d887c..2b853de 100644 --- a/tasks/section_1/cis_1.2.x.yml +++ b/tasks/section_1/cis_1.2.x.yml @@ -72,7 +72,7 @@ - name: "1.2.3 | AUDIT | Ensure package manager repositories are configured | Warn Count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '1.2.3' when: diff --git a/tasks/section_1/cis_1.6.1.x.yml b/tasks/section_1/cis_1.6.1.x.yml index ea34149..33ef1c7 100644 --- a/tasks/section_1/cis_1.6.1.x.yml +++ b/tasks/section_1/cis_1.6.1.x.yml @@ -98,7 +98,7 @@ - name: "1.6.1.6 | AUDIT | Ensure no unconfined services exist | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml when: amzn2023cis_1_6_1_6_unconf_services.stdout | length > 0 vars: warn_control_id: '1.6.1.6' diff --git a/tasks/section_1/main.yml b/tasks/section_1/main.yml index 93faea2..f6acd63 100644 --- a/tasks/section_1/main.yml +++ b/tasks/section_1/main.yml @@ -2,70 +2,70 @@ - name: "SECTION | 1.1.1.x | Disable unused filesystems" ansible.builtin.import_tasks: - file: cis_1.1.1.x.yml + file: cis_1.1.1.x.yml - name: "SECTION | 1.1.2.x | Configure /tmp" ansible.builtin.import_tasks: - file: cis_1.1.2.x.yml + file: cis_1.1.2.x.yml - name: "SECTION | 1.1.3.x | Configure /var" ansible.builtin.import_tasks: - file: cis_1.1.3.x.yml + file: cis_1.1.3.x.yml - name: "SECTION | 1.1.4.x | Configure /var/tmp" ansible.builtin.import_tasks: - file: cis_1.1.4.x.yml + file: cis_1.1.4.x.yml - name: "SECTION | 1.1.5.x | Configure /var/log" ansible.builtin.import_tasks: - file: cis_1.1.5.x.yml + file: cis_1.1.5.x.yml - name: "SECTION | 1.1.6.x | Configure /var/log/audit" ansible.builtin.import_tasks: - file: cis_1.1.6.x.yml + file: cis_1.1.6.x.yml - name: "SECTION | 1.1.7.x | Configure /home" ansible.builtin.import_tasks: - file: cis_1.1.7.x.yml + file: cis_1.1.7.x.yml - name: "SECTION | 1.1.8.x | Configure /dev/shm" ansible.builtin.import_tasks: - file: cis_1.1.8.x.yml + file: cis_1.1.8.x.yml - name: "SECTION | 1.1.9 | Disable various mounting" ansible.builtin.import_tasks: - file: cis_1.1.9.yml + file: cis_1.1.9.yml - name: "SECTION | 1.2 | Configure Software Updates" ansible.builtin.import_tasks: - file: cis_1.2.x.yml + file: cis_1.2.x.yml - name: "SECTION | 1.3 | Filesystem Integrity Checking" ansible.builtin.import_tasks: - file: cis_1.3.x.yml + file: cis_1.3.x.yml when: amzn2023cis_config_aide - name: "SECTION | 1.4 | Secure Boot Settings" ansible.builtin.import_tasks: - file: cis_1.4.x.yml + file: cis_1.4.x.yml - name: "SECTION | 1.5 | Additional Process Hardening" ansible.builtin.import_tasks: - file: cis_1.5.x.yml + file: cis_1.5.x.yml - name: "SECTION | 1.6 | Mandatory Access Control" ansible.builtin.include_tasks: - file: cis_1.6.1.x.yml + file: cis_1.6.1.x.yml when: not amzn2023cis_selinux_disable - name: "SECTION | 1.7 | Command Line Warning Banners" ansible.builtin.import_tasks: - file: cis_1.7.x.yml + file: cis_1.7.x.yml - name: "SECTION | 1.8 | Updates and Patches" ansible.builtin.import_tasks: - file: cis_1.8.yml + file: cis_1.8.yml - name: "SECTION | 1.9 | Crypto policies" ansible.builtin.include_tasks: - file: cis_1.9.yml + file: cis_1.9.yml diff --git a/tasks/section_2/cis_2.4.yml b/tasks/section_2/cis_2.4.yml index 87c092e..393d4aa 100644 --- a/tasks/section_2/cis_2.4.yml +++ b/tasks/section_2/cis_2.4.yml @@ -26,7 +26,7 @@ - name: "2.4 | AUDIT | Ensure nonessential services listening on the system are removed or masked | Warn Count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '2.4' when: diff --git a/tasks/section_2/main.yml b/tasks/section_2/main.yml index b90d7bb..3e8996a 100644 --- a/tasks/section_2/main.yml +++ b/tasks/section_2/main.yml @@ -2,16 +2,16 @@ - name: "SECTION | 2.1 | Time Synchronization" ansible.builtin.import_tasks: - file: cis_2.1.x.yml + file: cis_2.1.x.yml - name: "SECTION | 2.2 | Special Purpose Services" ansible.builtin.import_tasks: - file: cis_2.2.x.yml + file: cis_2.2.x.yml - name: "SECTION | 2.3 | Service Clients" ansible.builtin.import_tasks: - file: cis_2.3.x.yml + file: cis_2.3.x.yml - name: "SECTION | 2.4 | Nonessential services removed" ansible.builtin.import_tasks: - file: cis_2.4.yml + file: cis_2.4.yml diff --git a/tasks/section_3/cis_3.4.2.x.yml b/tasks/section_3/cis_3.4.2.x.yml index a635567..54a1ef0 100644 --- a/tasks/section_3/cis_3.4.2.x.yml +++ b/tasks/section_3/cis_3.4.2.x.yml @@ -48,7 +48,7 @@ - name: "3.4.2.2 | AUDIT | Ensure an nftables table exists | Alert on no tables | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml when: - amzn2023cis_3_4_2_2_nft_tables.stdout | length == 0 - not amzn2023cis_nft_tables_autonewtable diff --git a/tasks/section_3/main.yml b/tasks/section_3/main.yml index 91986db..34553d7 100644 --- a/tasks/section_3/main.yml +++ b/tasks/section_3/main.yml @@ -2,20 +2,20 @@ - name: "SECTION | 3.1.x | Disable unused network protocols and devices" ansible.builtin.import_tasks: - file: cis_3.1.x.yml + file: cis_3.1.x.yml - name: "SECTION | 3.2.x | Network Parameters (Host Only)" ansible.builtin.import_tasks: - file: cis_3.2.x.yml + file: cis_3.2.x.yml - name: "SECTION | 3.3.x | Network Parameters (host and Router)" ansible.builtin.import_tasks: - file: cis_3.3.x.yml + file: cis_3.3.x.yml - name: "SECTION | 3.4.1.x | Firewall configuration" ansible.builtin.import_tasks: - file: cis_3.4.1.x.yml + file: cis_3.4.1.x.yml - name: "SECTION | 3.4.2.x | Configure firewall" ansible.builtin.import_tasks: - file: cis_3.4.2.x.yml + file: cis_3.4.2.x.yml diff --git a/tasks/section_4/cis_4.6.1.x.yml b/tasks/section_4/cis_4.6.1.x.yml index a7bf5eb..82094ba 100644 --- a/tasks/section_4/cis_4.6.1.x.yml +++ b/tasks/section_4/cis_4.6.1.x.yml @@ -114,7 +114,7 @@ - name: "4.6.1.5 | AUDIT | Ensure all users last password change date is in the past | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml when: - amzn2023cis_4_6_1_5_user_list.stdout | length > 0 - not amzn2023cis_futurepwchgdate_autofix diff --git a/tasks/section_4/main.yml b/tasks/section_4/main.yml index 4cc88ca..f780ee8 100644 --- a/tasks/section_4/main.yml +++ b/tasks/section_4/main.yml @@ -4,30 +4,30 @@ - name: "SECTION | 4.1 | Configure time-based job schedulers" ansible.builtin.import_tasks: - file: cis_4.1.x.yml + file: cis_4.1.x.yml - name: "SECTION | 4.2 | Configure SSH Server" ansible.builtin.import_tasks: - file: cis_4.2.x.yml + file: cis_4.2.x.yml when: - "'openssh-server' in ansible_facts.packages" - name: "SECTION | 4.3 | Configure privilege escalation" ansible.builtin.import_tasks: - file: cis_4.3.x.yml + file: cis_4.3.x.yml - name: "SECTION | 4.4 | Configure authselect" ansible.builtin.import_tasks: - file: cis_4.4.x.yml + file: cis_4.4.x.yml - name: "SECTION | 4.5 | Configure PAM " ansible.builtin.import_tasks: - file: cis_4.5.x.yml + file: cis_4.5.x.yml - name: "SECTION | 4.6.1.x | Shadow Password Suite Parameters" ansible.builtin.import_tasks: - file: cis_4.6.1.x.yml + file: cis_4.6.1.x.yml - name: "SECTION | 4.6.x | Misc. User Account Settings" ansible.builtin.import_tasks: - file: cis_4.6.x.yml + file: cis_4.6.x.yml diff --git a/tasks/section_5/cis_5.1.2.x.yml b/tasks/section_5/cis_5.1.2.x.yml index cf78562..70d04e7 100644 --- a/tasks/section_5/cis_5.1.2.x.yml +++ b/tasks/section_5/cis_5.1.2.x.yml @@ -99,7 +99,7 @@ - name: "5.1.2.2 | AUDIT | Ensure journald service is enabled | Warn Count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml when: "'static' not in amzn2023cis_5_1_2_2_status.stdout" vars: warn_control_id: '5.1.2.2' diff --git a/tasks/section_5/cis_5.3.yml b/tasks/section_5/cis_5.3.yml index 3b45ad3..e4b4fd9 100644 --- a/tasks/section_5/cis_5.3.yml +++ b/tasks/section_5/cis_5.3.yml @@ -40,7 +40,7 @@ - name: "5.3 | AUDIT | Ensure logrotate is configured | Warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '5.3' when: log_rotates.matched > 0 diff --git a/tasks/section_5/main.yml b/tasks/section_5/main.yml index df31c6a..447229f 100644 --- a/tasks/section_5/main.yml +++ b/tasks/section_5/main.yml @@ -4,40 +4,40 @@ - name: "SECTION | 5.1.1 | Configure Logging - rsyslog" ansible.builtin.import_tasks: - file: cis_5.1.1.x.yml + file: cis_5.1.1.x.yml when: amzn2023cis_syslog_service == 'rsyslog' - name: "SECTION | 5.1.2 | Configure Logging - journald" ansible.builtin.import_tasks: - file: cis_5.1.2.x.yml + file: cis_5.1.2.x.yml when: amzn2023cis_syslog_service == 'journald' - name: "SECTION | 5.1.3 | Configure logfile perms" ansible.builtin.import_tasks: - file: cis_5.1.3.yml + file: cis_5.1.3.yml - name: "SECTION | 5.2.1 | Configure System Accounting (auditd)" ansible.builtin.import_tasks: - file: cis_5.2.1.x.yml + file: cis_5.2.1.x.yml when: - not system_is_container - name: "SECTION | 5.2.2 | Configure Data Retention" ansible.builtin.import_tasks: - file: cis_5.2.2.x.yml + file: cis_5.2.2.x.yml - name: "SECTION | 5.2.3 | Configure Auditd rules" ansible.builtin.import_tasks: - file: cis_5.2.3.x.yml + file: cis_5.2.3.x.yml - name: "SECTION | 5.2.4 | Configure Audit files" ansible.builtin.import_tasks: - file: cis_5.2.4.x.yml + file: cis_5.2.4.x.yml - name: "SECTION | 5.3 | Configure LogRotate" ansible.builtin.import_tasks: - file: cis_5.3.yml + file: cis_5.3.yml - name: "SECTION | 5.3 | Configure logrotate" ansible.builtin.import_tasks: - file: cis_5.3.yml + file: cis_5.3.yml diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml index 1c54130..826117a 100644 --- a/tasks/section_6/cis_6.1.x.yml +++ b/tasks/section_6/cis_6.1.x.yml @@ -154,7 +154,7 @@ - name: "6.1.9 | AUDIT | Audit system file permissions | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.1.9' when: amzn2023cis_6_1_9_packages_rpm.stdout|length > 0 @@ -260,7 +260,7 @@ - name: "6.1.11 | AUDIT | Ensure no unowned or ungrouped files or directories exist | warning" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.1.11' when: amzn2023cis_6_1_11_unowned_files_found or amzn2023cis_6_1_11_ungrouped_files_found @@ -343,7 +343,7 @@ - name: "6.1.12 | AUDIT | Ensure SUID and SGID files are reviewed | Alert SUID/SGID exist | warning" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.1.12' when: amzn2023cis_6_1_12_suid_found or amzn2023cis_6_1_12_sgid_found diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml index 318cdd8..c100d41 100644 --- a/tasks/section_6/cis_6.2.x.yml +++ b/tasks/section_6/cis_6.2.x.yml @@ -16,7 +16,7 @@ - name: "6.2.1 | AUDIT | Ensure accounts in /etc/passwd use shadowed passwords | warning fact" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.2.1' when: shadow_passwd.stdout | length >= 1 @@ -60,7 +60,7 @@ - name: "6.2.3 | AUDIT | Ensure all groups in /etc/passwd exist in /etc/group | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.2.3' when: amzn2023cis_6_2_3_passwd_gid_check.stdout | length >= 1 @@ -93,7 +93,7 @@ - name: "6.2.4 | AUDIT| Ensure no duplicate UIDs exist | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml when: amzn2023cis_6_2_4_user_uid_check.stdout | length >= 1 vars: warn_control_id: '6.2.4' @@ -126,7 +126,7 @@ - name: "6.2.5 | AUDIT | Ensure no duplicate GIDs exist | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.2.5' when: amzn2023cis_6_2_5_user_user_check.stdout_lines | length >= 1 @@ -160,7 +160,7 @@ - name: "6.2.6 | AUDIT | Ensure no duplicate user names exist | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.2.6' when: amzn2023cis_6_2_6_user_username_check.stdout | length >= 1 @@ -194,7 +194,7 @@ - name: "6.2.7 | AUDIT | Ensure no duplicate group names exist | warning count" ansible.builtin.import_tasks: - file: warning_facts.yml + file: warning_facts.yml vars: warn_control_id: '6.2.7' when: amzn2023cis_6_2_7_group_group_check.stdout is not defined diff --git a/tasks/section_6/main.yml b/tasks/section_6/main.yml index bf2a779..b194fdc 100644 --- a/tasks/section_6/main.yml +++ b/tasks/section_6/main.yml @@ -2,8 +2,8 @@ - name: "SECTION | 6.1 | System File Permissions" ansible.builtin.import_tasks: - file: cis_6.1.x.yml + file: cis_6.1.x.yml - name: "SECTION | 6.2 | User and Group Settings" ansible.builtin.import_tasks: - file: cis_6.2.x.yml + file: cis_6.2.x.yml From b4b0a4c0f85c4e690dcfc19d2ff5c5a580ec30b0 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Mon, 18 Sep 2023 11:54:47 +0100 Subject: [PATCH 2/2] updated discord link Signed-off-by: Mark Bolwell --- .github/workflows/devel_pipeline_validation.yml | 2 +- README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml index 8d9d15c..31a4a6b 100644 --- a/.github/workflows/devel_pipeline_validation.yml +++ b/.github/workflows/devel_pipeline_validation.yml @@ -27,7 +27,7 @@ repo-token: ${{ secrets.GITHUB_TOKEN }} pr-message: |- Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown! - Please join in the conversation happening on the [Discord Server](https://discord.io/ansible-lockdown) as well. + Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well. # This workflow contains a single job which tests the playbook playbook-test: diff --git a/README.md b/README.md index c93ad38..83b3854 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ NOTE AUDIT NOT YET AVAILABLE [![Main Pipeline Status](https://github.com/ansible-lockdown/AMAZON2023-CIS/actions/workflows/main_pipeline_validation.yml/badge.svg?)](https://github.com/ansible-lockdown/AMAZON2023-CIS/actions/workflows/main_pipeline_validation.yml) [![Devel Pipeline Status](https://github.com/ansible-lockdown/AMAZON2023-CIS/actions/workflows/devel_pipeline_validation.yml/badge.svg?)](https://github.com/ansible-lockdown/AMAZON2023-CIS/actions/workflows/devel_pipeline_validation.yml) -![Devel Commits](https://img.shields.io/github/commit-activity/m/ansible-lockdown/AMAZON2023-CIS/devel?color=dark%20green&label=Devel%20Branch%20Commits) +![Devel Commits](https://img.shields.io/github/commit-activity/m/ansible-lockdown/AMAZON2023-CIS/devel?color=dark%20green&label=Devel%20Branch%20commits) ![Issues Open](https://img.shields.io/github/issues-raw/ansible-lockdown/AMAZON2023-CIS?label=Open%20Issues) ![Issues Closed](https://img.shields.io/github/issues-closed-raw/ansible-lockdown/AMAZON2023-CIS?label=Closed%20Issues&&color=success) @@ -44,7 +44,7 @@ NOTE AUDIT NOT YET AVAILABLE ### Community -Join us on our [Discord Server](https://discord.io/ansible-lockdown) to ask questions, discuss features, or just chat with other Ansible-Lockdown users. +Join us on our [Discord Server](https://www.lockdownenterprise.com/discord) to ask questions, discuss features, or just chat with other Ansible-Lockdown users. ### Contributing