diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ffc67b7e..bb3a49af 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ ci: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 + rev: v4.5.0 hooks: # Safety - id: detect-aws-credentials @@ -37,14 +37,14 @@ repos: exclude: package.lock.json - repo: https://github.com/gitleaks/gitleaks - rev: v8.17.0 + rev: v8.18.1 hooks: - id: gitleaks args: ['--baseline-path', '.config/.gitleaks-report.json'] exclude: .config/.secrets.baseline - repo: https://github.com/ansible-community/ansible-lint - rev: v6.17.2 + rev: v6.22.0 hooks: - id: ansible-lint name: Ansible-lint @@ -63,6 +63,6 @@ repos: - ansible-core>=2.10.1 - repo: https://github.com/adrienverge/yamllint.git - rev: v1.32.0 # or higher tag + rev: v1.33.0 # or higher tag hooks: - id: yamllint diff --git a/tasks/section_1/cis_1.2.x.yml b/tasks/section_1/cis_1.2.x.yml index 66c28cfa..d43e4b03 100644 --- a/tasks/section_1/cis_1.2.x.yml +++ b/tasks/section_1/cis_1.2.x.yml @@ -35,7 +35,7 @@ - patch - rule_1.2.2 -- name: "1.2.3| PATCH | Ensure gpgcheck is globally activated" +- name: "1.2.3 | PATCH | Ensure gpgcheck is globally activated" block: - name: "1.2.3 | AUDIT | Ensure gpgcheck is globally activated | Find repos" ansible.builtin.find: diff --git a/tasks/section_3/cis_3.4.2.x.yml b/tasks/section_3/cis_3.4.2.x.yml index dff2c9ad..be9f79f4 100644 --- a/tasks/section_3/cis_3.4.2.x.yml +++ b/tasks/section_3/cis_3.4.2.x.yml @@ -225,13 +225,13 @@ failed_when: false register: rhel8cis_3_4_2_8_inconnectionrule - - name: "3.4.2.8| AUDIT | Ensure nftables outbound and established connections are configured | Gather outbound connection rules" + - name: "3.4.2.8 | AUDIT | Ensure nftables outbound and established connections are configured | Gather outbound connection rules" ansible.builtin.shell: nft list ruleset | awk '/hook output/,/}/' | grep -E 'ip protocol (tcp|udp|icmp) ct state' changed_when: false failed_when: false register: rhel8cis_3_4_2_8_outconnectionrule - - name: "3.4.2.8| PATCH | Ensure nftables outbound and established connections are configured | Add input tcp established accept policy" + - name: "3.4.2.8 | PATCH | Ensure nftables outbound and established connections are configured | Add input tcp established accept policy" ansible.builtin.shell: nft add rule inet "{{ rhel8cis_nft_tables_tablename }}" input ip protocol tcp ct state established accept when: '"ip protocol tcp ct state established accept" not in rhel8cis_3_4_2_8_inconnectionrule.stdout' diff --git a/tasks/section_5/cis_5.6.1.x.yml b/tasks/section_5/cis_5.6.1.x.yml index 82f51b75..441b36e6 100644 --- a/tasks/section_5/cis_5.6.1.x.yml +++ b/tasks/section_5/cis_5.6.1.x.yml @@ -78,7 +78,7 @@ - password - rule_5.6.1.4 -- name: "5.6.1.5 | PATCH | Ensure all users last password change date is in the past" +- name: "5.6.1.5 | PATCH | Ensure all users last password change date is in the past" block: - name: "5.6.1.5 | AUDIT | Ensure all users last password change date is in the past | Get current date in Unix Time" ansible.builtin.shell: echo $(($(date --utc --date "$1" +%s)/86400)) diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml index 959457eb..d4f2b8ac 100644 --- a/tasks/section_6/cis_6.2.x.yml +++ b/tasks/section_6/cis_6.2.x.yml @@ -46,7 +46,7 @@ - groups - rule_6.2.2 -- name: "6.2.3 | AUDIT Ensure no duplicate UIDs exist" +- name: "6.2.3 | AUDIT | Ensure no duplicate UIDs exist" block: - name: "6.2.3 | AUDIT | Ensure no duplicate UIDs exist | Check for duplicate UIDs" ansible.builtin.shell: "pwck -r | awk -F: '{if ($3 in uid) print $1 ; else uid[$3]}' /etc/passwd" @@ -134,7 +134,7 @@ - users - rule_6.2.5 -- name: "6.2.6 | AUDIT |Ensure no duplicate group names exist" +- name: "6.2.6 | AUDIT | Ensure no duplicate group names exist" block: - name: "6.2.6 | AUDIT | Ensure no duplicate group names exist | Check for duplicate group names" ansible.builtin.shell: 'getent passwd | cut -d: -f1 | sort -n | uniq -d'