add cjis to compliance demo

l3acon · l3acon · commit f122f4213510 · 2024-02-20T12:26:31.000-07:00
diff --git a/linux/cjis-prerequisites.yml b/linux/cjis-prerequisites.yml
@@ -0,0 +1,22 @@
+---
+# The CJIS role seems to assume these packages are installed and the
+# services are started, otherwise an error is encountered.
+
+- name: Install packages
+  ansible.builtin.package:
+    name:
+      - "NetworkManager"
+      - "firewalld"
+    state: present
+
+- name: Start services
+  ansible.builtin.service:
+    name: "NetworkManager"
+    enabled: true
+    state: started
+
+- name: Start services
+  ansible.builtin.service:
+    name: "firewalld"
+    enabled: true
+    state: started
diff --git a/linux/compliance-enforce.yml b/linux/compliance-enforce.yml
@@ -10,6 +10,11 @@
       ansible.builtin.assert:
         that: "ansible_os_family == 'RedHat'"
 
+    - name: Include prerequisites for cjis profile
+      ansible.builtin.include_tasks:
+        file: cjis-prerequisites.yml
+      when: compliance_profile == 'cjis'
+
     - name: Run Compliance Profile
       ansible.builtin.include_role:
         name: "redhatofficial.rhel{{ ansible_distribution_major_version }}_{{ compliance_profile }}"
diff --git a/linux/compliance_profiles.md b/linux/compliance_profiles.md
@@ -5,6 +5,7 @@ The following compliance profiles are supported by the [**Linux / Enforce Compli
 | **Profile** | **Role Repository** |
 |-------------|---------------------|
 | CIS | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cis |
+| CJIS | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cjis |
 | CUI | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cui |
 | HIPAA | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-hipaa |
 | OSPP | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-ospp |
diff --git a/roles/requirements.yml b/roles/requirements.yml
@@ -3,6 +3,8 @@ roles:
   # RHEL 7 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel7_cis
     version: 0.1.69
+  - name: redhatofficial.rhel7_cjis
+    version: 0.1.69
   - name: redhatofficial.rhel7_cui
     version: 0.1.67
   - name: redhatofficial.rhel7_hipaa
@@ -16,6 +18,8 @@ roles:
   # RHEL 8 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel8_cis
     version: 0.1.69
+  - name: redhatofficial.rhel8_cjis
+    version: 0.1.69
   - name: redhatofficial.rhel8_cui
     version: 0.1.69
   - name: redhatofficial.rhel8_hipaa
