-
Notifications
You must be signed in to change notification settings - Fork 165
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #151 from ansible-lockdown/audit_script
Audit script Overall Review of Changes: Addition of audit script Many issues resolved and added to the release Issue Fixes: #138 #139 #140 #141 #142 #143 #144 #146 #147 Enhancements: Addition of audit updates Now consistent metadata Inline with other os agnostic variables for audit if run manually or via ansible removal of included goss module no longer required
- Loading branch information
Showing
15 changed files
with
89 additions
and
239 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# adding github settings to show correct language | ||
*.sh linguist-detectable=true | ||
*.yml linguist-detectable=true | ||
*.ps1 linguist-detectable=true | ||
*.j2 linguist-detectable=true | ||
*.md linguist-documentation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -487,8 +487,8 @@ rhel8cis_system_is_log_server: false | |
## Section5 vars | ||
|
||
rhel8cis_sshd: | ||
clientalivecountmax: 3 | ||
clientaliveinterval: 300 | ||
clientalivecountmax: 0 | ||
clientaliveinterval: 900 | ||
ciphers: "aes256-ctr,aes192-ctr,aes128-ctr" | ||
macs: "[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]" | ||
logingracetime: 60 | ||
|
@@ -592,19 +592,19 @@ goss_url: "https:/aelsabbahy/goss/releases/download/{{ goss_version. | |
copy_goss_from_path: /some/accessible/path | ||
|
||
### Goss Audit Benchmark file ### | ||
## managed by the control rhel8cis_audit_content | ||
## managed by the control audit_content | ||
# git | ||
rhel8cis_audit_file_git: "https:/ansible-lockdown/{{ benchmark }}-Audit.git" | ||
rhel8cis_audit_git_version: main | ||
audit_file_git: "https:/ansible-lockdown/{{ benchmark }}-Audit.git" | ||
audit_git_version: main | ||
|
||
# copy: | ||
rhel8cis_audit_local_copy: "some path to copy from" | ||
audit_local_copy: "some path to copy from" | ||
|
||
# get_url: | ||
rhel8cis_audit_files_url: "some url maybe s3?" | ||
audit_files_url: "some url maybe s3?" | ||
|
||
# Where the goss audit configuration will be stored | ||
rhel8cis_audit_files: "/var/tmp/{{ benchmark }}-Audit/" | ||
audit_files: "/var/tmp/{{ benchmark }}-Audit/" | ||
|
||
## Goss configuration information | ||
# Where the goss configs and outputs are stored | ||
|
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.