Skip to content

Commit d3f99fd

Browse files
authored
Merge pull request #330 from ansible-lockdown/devel
Stig v1r14 release to main
2 parents 8242da4 + 50b9b2c commit d3f99fd

File tree

7 files changed

+61
-79
lines changed

7 files changed

+61
-79
lines changed

.pre-commit-config.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,12 +35,12 @@ repos:
3535
- id: detect-secrets
3636

3737
- repo: https://github.com/gitleaks/gitleaks
38-
rev: v8.21.2
38+
rev: v8.23.3
3939
hooks:
4040
- id: gitleaks
4141

4242
- repo: https://github.com/ansible-community/ansible-lint
43-
rev: v24.9.2
43+
rev: v25.1.2
4444
hooks:
4545
- id: ansible-lint
4646
name: Ansible-lint

LICENSE

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
The MIT License
1+
MIT License
22

3-
Copyright (c) 2023 MindPoint Group http://www.mindpointgroup.com
3+
Copyright (c) 2025 Mindpoint Group - A Tyto Athene Company / Ansible Lockdown
44

55
Permission is hereby granted, free of charge, to any person obtaining a copy
66
of this software and associated documentation files (the "Software"), to deal
@@ -9,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
99
copies of the Software, and to permit persons to whom the Software is
1010
furnished to do so, subject to the following conditions:
1111

12-
The above copyright notice and this permission notice shall be included in
13-
all copies or substantial portions of the Software.
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
1414

1515
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
1616
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1717
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
1818
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
1919
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21-
THE SOFTWARE.
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

handlers/main.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@
102102
remote_src: true
103103
owner: root
104104
group: root
105-
mode: '0755'
105+
mode: 'u+x,go-w'
106106
when:
107107
- rhel8stig_grub2_user_cfg.stat.exists
108108
- rhel8stig_workaround_for_disa_benchmark
@@ -125,7 +125,7 @@
125125
dest: /etc/audit/rules.d/99_auditd.rules
126126
owner: root
127127
group: root
128-
mode: '0600'
128+
mode: 'u-x,go-rwx'
129129
notify: restart auditd
130130

131131
- name: restart auditd

tasks/fix-cat1.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@
6363
dest: /etc/default/grub
6464
owner: root
6565
group: root
66-
mode: '0644'
66+
mode: 'u-x,go-wx'
6767
vars:
6868
grub_cmdline_linux: "{{ rhel_08_010020_grub_cmdline_linux_audit.stdout }}"
6969
when: rhel_08_010020_default_grub_missing_audit is changed # noqa no-handler
@@ -200,7 +200,7 @@
200200
line: "GRUB2_PASSWORD={{ rhel8stig_bootloader_password_hash }}"
201201
owner: root
202202
group: root
203-
mode: '0640'
203+
mode: 'u-x,g-wx,o-rwx'
204204
notify: confirm grub2 user cfg
205205
when:
206206
- not system_is_ec2
@@ -450,7 +450,7 @@
450450
create: true
451451
owner: root
452452
group: root
453-
mode: '0644'
453+
mode: 'u-x,go-wx'
454454
with_items:
455455
- { regexp: '^\[org/gnome/settings-daemon/plugins/media-keys\]', line: '[org/gnome/settings-daemon/plugins/media-keys]', insertafter: 'EOF' }
456456
- { regexp: 'logout=', line: "logout=''", insertafter: '\[org/gnome/settings-daemon/plugins/media-keys\]' }

0 commit comments

Comments
 (0)