ansible-lockdown
diff --git a/‎.github/workflows/export_badges_private.yml‎
Lines changed: 0 additions & 7 deletions b/‎.github/workflows/export_badges_private.yml‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Changelog.md‎
Lines changed: 40 additions & 1 deletion b/‎Changelog.md‎
Lines changed: 40 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 19 additions & 10 deletions b/‎README.md‎
Lines changed: 19 additions & 10 deletions
@@ -2,18 +2,11 @@
 
 name: Export Private Repo Badges
 
-# Use different minute offsets with the same hourly pattern:
-# Repo Group Suggested Cron Expression Explanation
-# Group A 0 */6 * * * Starts at top of hour
-# Group B 10 */6 * * * Starts at 10 after
-# And So On
 
 on:
   push:
     branches:
       - latest
-  schedule:
-    - cron: '0 */6 * * *'
   workflow_dispatch:
 
 jobs:
 
@@ -11,6 +11,11 @@ packer_cache
 delete*
 ignore*
 test_inv
+qa_report.md
+prompt.md
+plan.md
+history.md
+*.pdf
 # temp remove doc while this is built up
 doc/
 # VSCode
 
@@ -1,5 +1,41 @@
 # Changes to RHEL10CIS
 
+## 1.0.1 - Based upon CIS official 1.0.1
+
+- Thanks to Eugene@Frequentis for feedback
+- Updated bootloader_password to bootloader_hash variable and context added
+- disruption is high set back to default false
+- fs.suid_dumpable template moved to correct control 1.5.4 from 1.5.3
+- 6.2.2.1.2 updated logic as systemd/journald-upload.conf doesn't exist on clean install
+- 5.4.1.1 description updated and disruption high added to control
+- 2.3.2 - updated rhel10cis_time_synchronization_servers variables and updated template
+- README updated to explain workstation controls and variable overrides
+- 6.3.4.8 added logic as augenrules not always present on some OS
+- fixed typos in levels aligned with benchmark
+- 1.3.1.8 tidied up
+- thanks to thulium-drake boot password hash Added passlib dependency in readme requirements
+- tidy up tags on tasks/main.yml
+
+- Fixes from Public RHEL9CIS PR 425
+- 3.1.1
+  - Added better sysctl logic to disable IPv6
+  - Added option to disable IPv6 via sysctl (original method) or via the kernel
+- 1.1.1.11 - comments in script updated
+- 1.4.2 - efi boot options no longer required so removed
+- 1.5.9 & 10 - template updated
+- 2.1.4 kea services updated
+- 5.1.2 - logic update
+- 6.3.3.8 - updated auditd rule for NetworkManager and title updated
+- 6.3.3.33 & 34 - updated rule logic
+
+## 1.0.0 - Based upon CIS official 1.0.0
+
+- updated to audit config
+- max-concurrent option added
+- auditd warning added as task
+- latest workflows
+- Added CCI references
+- relabel added to selinux - new variable added
 
 ## 0.1.6 - FInal beta release updates
 
@@ -25,6 +61,7 @@ Thanks to @bykvaadm
 - pre-commit update
 
 ## 0.1.4
+
 pre-commit updates
 6.2.3.3 updated path for journald.conf
 
@@ -36,20 +73,22 @@ thanks to @chrispipo
 #thanks to @polski-g
 - gdm logic for graphical desktop
 
-
 ## 0.1.3
+
 Aligned with public RHEL9 fixes
 - 5.4.2.5 - Enhancement for none existing directories thanks to @DianaMariaDDM
 - 6.3.4.5 - fixed audit file permissions inline thanks to @DianaMariaDDM
 - 6.3.3.5 - added missing locations for audit
 - Added fix for yescrypt and root password check thanks to miso321
 
 ## 0.1.2
+
 Update to audit_only to allow fetching results
 resolved false warning for fetch auditq
 Improved documentation and variable compilation for crypto policies
 
 ## 0.1.1 RHEL10 - updates
+
 Thanks to @polski-g several issues and improvements added
 Improved testing for 50-redhat.conf for ssh
 5.1.x regexp improvements
 
@@ -2,9 +2,7 @@
 
 ## Configure a RHEL 10 machine to be [CIS](https://www.cisecurity.org/cis-benchmarks/) compliant
 
-### NOTE THIS IS NOT OFFICIAL AS NOT YET RELEASED BY CIS - BASED ON RHEL9
-
-#### Based on [CIS RedHat Enterprise Linux 9 Benchmark v2.0.0](https://www.cisecurity.org/cis-benchmarks/)
+### Based on [CIS RedHat Enterprise Linux 10 Benchmark v1.0.1](https://www.cisecurity.org/cis-benchmarks/)
 
 ---
 
@@ -15,7 +13,7 @@
 ![Forks](https://img.shields.io/github/forks/ansible-lockdown/RHEL10-CIS?style=social)
 ![Followers](https://img.shields.io/github/followers/ansible-lockdown?style=social)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/AnsibleLockdown.svg?style=social&label=Follow%20%40AnsibleLockdown)](https://twitter.com/AnsibleLockdown)
-![Discord Badge](https://img.shields.io/discord/1025818806838101102210?logo=discord)
+![Discord Badge](https://img.shields.io/discord/925818806838919229?logo=discord)
 
 ![License](https://img.shields.io/github/license/ansible-lockdown/RHEL10-CIS?label=License)
 
@@ -58,9 +56,9 @@
 
 ## Looking for support? 🤝
 
-[Lockdown Enterprise](https://www.lockdownenterprise.com#GH_AL_RH10-CIS)
+[Lockdown Enterprise](https://www.lockdownenterprise.com#GH_AL_RHEL10-CIS)
 
-[Ansible support](https://www.mindpointgroup.com/cybersecurity-products/ansible-counselor#GH_AL_RH10-CIS)
+[Ansible support](https://www.mindpointgroup.com/cybersecurity-products/ansible-counselor#GH_AL_RHEL10-CIS)
 
 ### Community 💬
 
@@ -89,13 +87,15 @@ This role **will make changes to the system** which may have unintended conseque
 CIS release always contains changes, it is highly recommended to review the new references and available variables. This have changed significantly since ansible-lockdown initial release.
 This is now compatible with python3 if it is found to be the default interpreter. This does come with pre-requisites which it configures the system accordingly.
 
-Further details can be seen in the [Changelog](./ChangeLog.md)
+**General:**
+
+- Basic knowledge of Ansible, below are some links to the Ansible documentation to help get started if you are unfamiliar with Ansible
 
 ---
 
 ## Matching a security Level for CIS
 
-It is possible to to only run level 1 or level 2 controls for CIS.
+It is possible to only run level 1 or level 2 controls for CIS.
 This is managed using tags:
 
 - level1-server
@@ -121,7 +121,7 @@ The control found in defaults main also need to reflect this as this control the
 
 **Technical Dependencies:**
 
-RHEL Family OS 10
+RHEL family 10 - Other versions are not supported.
 
 - Access to download or add the goss binary and content to the system if using auditing
 (other options are available on how to get the content to the system.)
@@ -177,7 +177,16 @@ default                    : ok=270  changed=23   unreachable=0    failed=0    s
 
 ## Role Variables
 
-This role is designed that the end user should not have to edit the tasks themselves. All customizing should be done via the defaults/main.yml file or with extra vars within the project, job, workflow, etc.
+This role is designed that the end user should not have to edit the tasks themselves. All customizing should be done via the overriding options found in defaults/main.yml file by utilsing variable precedence in appropriate locations that is appropriate for yor environment e.g. group_vars, inventory vars, extra_vars
+
+## Workstation
+The following controls are not shown as applicable for workstation.
+While that can be implemented please set to false if required.
+•	1.3.1.8
+•	2.1.10
+•	2.1.19
+•	2.1.20
+•	3.1.2
 
 ## Tags 🏷️