Merge pull request #334 from ansible-lockdown/devel

Main Release

.pre-commit-config.yaml

@@ -7,7 +7,7 @@ ci:
 
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v3.2.0
+  rev: v4.5.0
   hooks:
   # Safety
   - id: detect-aws-credentials
@@ -37,14 +37,14 @@ repos:
     exclude: package.lock.json
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.17.0
+  rev: v8.18.1
   hooks:
   - id: gitleaks
     args: ['--baseline-path', '.config/.gitleaks-report.json']
     exclude: .config/.secrets.baseline
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v6.17.2
+  rev: v6.22.0
   hooks:
   - id: ansible-lint
     name: Ansible-lint
@@ -63,6 +63,6 @@ repos:
     - ansible-core>=2.10.1
 
 - repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.32.0  # or higher tag
+  rev: v1.33.0  # or higher tag
   hooks:
   - id: yamllint

tasks/section_1/cis_1.2.x.yml

@@ -35,7 +35,7 @@
       - patch
       - rule_1.2.2
 
-- name: "1.2.3| PATCH | Ensure gpgcheck is globally activated"
+- name: "1.2.3 | PATCH | Ensure gpgcheck is globally activated"
   block:
       - name: "1.2.3 | AUDIT | Ensure gpgcheck is globally activated | Find repos"
         ansible.builtin.find:

tasks/section_3/cis_3.4.2.x.yml

@@ -225,13 +225,13 @@
         failed_when: false
         register: rhel8cis_3_4_2_8_inconnectionrule
 
-      - name: "3.4.2.8| AUDIT | Ensure nftables outbound and established connections are configured | Gather outbound connection rules"
+      - name: "3.4.2.8 | AUDIT | Ensure nftables outbound and established connections are configured | Gather outbound connection rules"
         ansible.builtin.shell: nft list ruleset | awk '/hook output/,/}/' | grep -E 'ip protocol (tcp|udp|icmp) ct state'
         changed_when: false
         failed_when: false
         register: rhel8cis_3_4_2_8_outconnectionrule
 
-      - name: "3.4.2.8| PATCH | Ensure nftables outbound and established connections are configured | Add input tcp established accept policy"
+      - name: "3.4.2.8 | PATCH | Ensure nftables outbound and established connections are configured | Add input tcp established accept policy"
         ansible.builtin.shell: nft add rule inet "{{ rhel8cis_nft_tables_tablename }}" input ip protocol tcp ct state established accept
         when: '"ip protocol tcp ct state established accept" not in rhel8cis_3_4_2_8_inconnectionrule.stdout'
 

tasks/section_5/cis_5.6.1.x.yml

@@ -78,7 +78,7 @@
       - password
       - rule_5.6.1.4
 
-- name: "5.6.1.5 |  PATCH | Ensure all users last password change date is in the past"
+- name: "5.6.1.5 | PATCH | Ensure all users last password change date is in the past"
   block:
       - name: "5.6.1.5 | AUDIT | Ensure all users last password change date is in the past | Get current date in Unix Time"
         ansible.builtin.shell: echo $(($(date --utc --date "$1" +%s)/86400))

tasks/section_6/cis_6.2.x.yml

@@ -46,7 +46,7 @@
       - groups
       - rule_6.2.2
 
-- name: "6.2.3 | AUDIT Ensure no duplicate UIDs exist"
+- name: "6.2.3 | AUDIT | Ensure no duplicate UIDs exist"
   block:
       - name: "6.2.3 | AUDIT | Ensure no duplicate UIDs exist | Check for duplicate UIDs"
         ansible.builtin.shell: "pwck -r | awk -F: '{if ($3 in uid) print $1 ; else uid[$3]}' /etc/passwd"
@@ -134,7 +134,7 @@
       - users
       - rule_6.2.5
 
-- name: "6.2.6 | AUDIT |Ensure no duplicate group names exist"
+- name: "6.2.6 | AUDIT | Ensure no duplicate group names exist"
   block:
       - name: "6.2.6 | AUDIT | Ensure no duplicate group names exist | Check for duplicate group names"
         ansible.builtin.shell: 'getent passwd | cut -d: -f1 | sort -n | uniq -d'