Skip to content

Commit f4c7157

Browse files
authored
Merge pull request #49 from ansible-lockdown/devel
Added Issue and PR templates and an issue fix Signed-off-by: George Nalen <georgen@mindpointgroup.com>
2 parents 3e411d4 + 28becf2 commit f4c7157

9 files changed

Lines changed: 176 additions & 31 deletions

File tree

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
name: Report Issue
3+
about: Create a bug issue ticket to help us improve
4+
title: ''
5+
labels: bug
6+
assignees: ''
7+
8+
---
9+
10+
**Describe the Issue**
11+
A clear and concise description of what the bug is.
12+
13+
**Expected Behavior**
14+
A clear and concise description of what you expected to happen.
15+
16+
**Actual Behavior**
17+
A clear and concise description of what's happening.
18+
19+
**Control(s) Affected**
20+
What controls are being affected by the issue
21+
22+
**Environment (please complete the following information):**
23+
- Ansible Version: [e.g. 2.10]
24+
- Host Python Version: [e.g. Python 3.7.6]
25+
- Ansible Server Python Version: [e.g. Python 3.7.6]
26+
- Additional Details:
27+
28+
**Additional Notes**
29+
Anything additional goes here
30+
31+
**Possible Solution**
32+
Enter a suggested fix here
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
---
2+
name: Feature Request or Enhancement
3+
about: Suggest an idea for this project
4+
title: ''
5+
labels: enhancement
6+
assignees: ''
7+
8+
---
9+
10+
**Feature Request or Enhancement**
11+
- Feature []
12+
- Enhancement []
13+
14+
**Summary of Request**
15+
A clear and concise description of what you want to happen.
16+
17+
**Describe alternatives you've considered**
18+
A clear and concise description of any alternative solutions or features you've considered.
19+
20+
**Suggested Code**
21+
Please provide any code you have in mind to fulfill the request

.github/ISSUE_TEMPLATE/question.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
name: Question
3+
about: Ask away.......
4+
title: ''
5+
labels: question
6+
assignees: ''
7+
8+
---
9+
10+
**Question**
11+
Pose question here.
12+
13+
**Environment (please complete the following information):**
14+
- Ansible Version: [e.g. 2.10]
15+
- Host Python Version: [e.g. Python 3.7.6]
16+
- Ansible Server Python Version: [e.g. Python 3.7.6]
17+
- Additional Details:

.github/pull_request_template.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
**Overall Review of Changes**
2+
A general description of the changes made that are being requested for merge
3+
4+
**Any Related Open Issues**
5+
Please list any open issues this PR addresses
6+
7+
**How as this been tested?**
8+
Please give an overview of how these changes were tested. If they were not please use N/A
9+

defaults/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -601,11 +601,13 @@ rhel8stig_pam_pwhistory:
601601
# RHEL-08-020012
602602
# RHEL-08-020013
603603
# pam_faillock settings - accounts must be locked for max time period after 3 unsuccessful attempts within 15 minutes.
604+
# dir: is set to /var/log/faillock which is the non-default folder. Control 020017 states to not use the standard directory which is /var/run/faillock
604605
rhel8stig_pam_faillock:
605606
attempts: 3
606607
interval: 900
607608
unlock_time: 0
608609
fail_for_root: yes
610+
dir: /var/log/faillock
609611

610612
# RHEL-08-030670
611613
# rhel8stig_audisp_disk_full_action options are syslog, halt, and single to fit STIG standards

tasks/fix-cat2.yml

Lines changed: 31 additions & 31 deletions
Large diffs are not rendered by default.

tasks/fix-cat3.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@
131131
enabled: yes
132132
when:
133133
- rhel_08_010471
134+
- "'rng-tools' in ansible_facts.packages"
134135
tags:
135136
- RHEL-08-010471
136137
- CAT3

tasks/prelim.yml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -408,3 +408,49 @@
408408
msg:
409409
- "bootloader path set to {{ rhel8stig_bootloader_path }}"
410410
- "legacy boot equals {{ rhel8stig_legacy_boot }}"
411+
412+
- name: "PRELIM | RHEL-08-020017 | If using selinux set up system prereqs"
413+
block:
414+
- name: "PRELIM | RHEL-08-020017 | Install policycoreutils-python-utils"
415+
package:
416+
name: policycoreutils-python-utils
417+
state: present
418+
when: "'policycoreutils-python-utils' not in ansible_facts.packages"
419+
420+
- name: "PRELIM | RHEL-08-020017 | create faillock dir if rhel_08_020017"
421+
file:
422+
path: "{{ rhel8stig_pam_faillock.dir }}"
423+
state: directory
424+
mode: 0755
425+
owner: root
426+
group: root
427+
register: faillock_dir
428+
429+
- name: "PRELIM | RHEL-08-020017 | Add permenant secontext"
430+
sefcontext:
431+
target: "{{ rhel8stig_pam_faillock.dir }}"
432+
ftype: d
433+
setype: faillog_t
434+
state: present
435+
register: add_faillock_secontext
436+
when: faillock_dir.changed
437+
438+
- name: "PRELIM | RHEL-08-020017 | Set faillock directory selinux context immediately"
439+
shell: "restorecon -irv {{ rhel8stig_pam_faillock.dir }}"
440+
441+
- name: "PRELIM | RHEL-08-020017 | Capture secontext"
442+
shell: "ls -Zd {{ rhel8stig_pam_faillock.dir }}| grep -c faillog_t"
443+
register: faillock_secontext
444+
changed_when: false
445+
failed_when: false
446+
447+
- name: "PRELIM | RHEL-08-020017 | Modify context of not correct"
448+
shell: "semanage fcontext -m -t faillog_t -s system_u {{ rhel8stig_pam_faillock.dir }}"
449+
register: modify_secontext
450+
when: faillock_secontext.stdout != '1'
451+
452+
- name: "PRELIM | RHEL-08-020017 | Set {{ rhel8stig_pam_faillock.dir }} selinux context"
453+
shell: "restorecon -irv {{ rhel8stig_pam_faillock.dir }}"
454+
when: modify_secontext.changed
455+
when:
456+
- rhel_08_020017

templates/ansible_vars_goss.yml.j2

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -434,3 +434,20 @@ rhel8stig_remotelog_server: {{ rhel8stig_remotelog_server.server }}
434434
rhel8stig_remotelog_port: {{ rhel8stig_remotelog_server.port }}
435435

436436
# RHEL_08_040260-62
437+
rhel8stig_system_is_router: {{ rhel8stig_system_is_router }}
438+
439+
# RHEL-08-020010
440+
# RHEL-08-020011
441+
# RHEL-08-020012
442+
# RHEL-08-020013
443+
# RHEL-08-020014
444+
# RHEL-08-020015
445+
# RHEL-08-020016
446+
# RHEL-08-020017
447+
# RHEL-08-020018
448+
# RHEL-08-020019
449+
# RHEL-08-020020
450+
# RHEL-08-020021
451+
# RHEL-08-020022
452+
# RHEL-08-020023
453+
rhel8stig_pam_faillock_dir: {{ rhel8stig_pam_faillock.dir }}

0 commit comments

Comments
 (0)