├── .ansible-lint ├── .gitattributes ├── .github └── workflows │ ├── add_repo_issue_to_gh_project.yml │ ├── benchmark_tracking_controller.yml │ ├── devel_pipeline_validation.yml │ ├── export_badges_private.yml │ ├── export_badges_public.yml │ └── main_pipeline_validation.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .yamllint ├── CONTRIBUTING.rst ├── Changelog.md ├── LICENSE ├── README.md ├── collections └── requirements.yml ├── defaults └── main.yml ├── files └── etc │ └── systemd │ └── system │ └── tmp.mount ├── handlers └── main.yml ├── meta └── main.yml ├── molecule ├── default │ ├── converge.yml │ ├── molecule.yml │ └── verify.yml ├── localhost │ ├── converge.yml │ ├── molecule.yml │ └── verify.yml └── wsl │ ├── converge.yml │ ├── molecule.yml │ └── verify.yml ├── site.yml ├── tasks ├── LE_audit_setup.yml ├── audit_only.yml ├── auditd.yml ├── fetch_audit_output.yml ├── main.yml ├── parse_etc_password.yml ├── post.yml ├── post_remediation_audit.yml ├── pre_remediation_audit.yml ├── prelim.yml ├── section_1 │ ├── cis_1.1.1.x.yml │ ├── cis_1.1.2.1.x.yml │ ├── cis_1.1.2.2.x.yml │ ├── cis_1.1.2.3.x.yml │ ├── cis_1.1.2.4.x.yml │ ├── cis_1.1.2.5.x.yml │ ├── cis_1.1.2.6.x.yml │ ├── cis_1.1.2.7.x.yml │ ├── cis_1.2.x.yml │ ├── cis_1.3.x.yml │ ├── cis_1.4.x.yml │ ├── cis_1.5.1.x.yml │ ├── cis_1.6.x.yml │ ├── cis_1.7.x.yml │ ├── cis_1.8.x.yml │ ├── cis_1.9.yml │ └── main.yml ├── section_2 │ ├── cis_2.1.x.yml │ ├── cis_2.2.x.yml │ ├── cis_2.3.x.yml │ └── main.yml ├── section_3 │ ├── cis_3.1.x.yml │ ├── cis_3.2.x.yml │ ├── cis_3.3.x.yml │ ├── cis_3.4.1.x.yml │ ├── cis_3.4.2.x.yml │ └── main.yml ├── section_4 │ ├── cis_4.1.1.x.yml │ ├── cis_4.1.2.x.yml │ ├── cis_4.2.x.yml │ ├── cis_4.3.x.yml │ ├── cis_4.4.1.x.yml │ ├── cis_4.4.2.x.yml │ ├── cis_4.4.3.1.x.yml │ ├── cis_4.4.3.2.x.yml │ ├── cis_4.4.3.3.x.yml │ ├── cis_4.4.3.4.x.yml │ ├── cis_4.5.1.x.yml │ ├── cis_4.5.2.x.yml │ ├── cis_4.5.3.x.yml │ └── main.yml ├── section_5 │ ├── cis_5.1.1.x.yml │ ├── cis_5.1.2.x.yml │ ├── cis_5.1.3.yml │ ├── cis_5.1.4.yml │ ├── cis_5.2.1.x.yml │ ├── cis_5.2.2.x.yml │ ├── cis_5.2.3.x.yml │ ├── cis_5.2.4.x.yml │ ├── cis_5.3.x.yml │ └── main.yml ├── section_6 │ ├── cis_6.1.x.yml │ ├── cis_6.2.x.yml │ └── main.yml ├── verify.yml └── warning_facts.yml ├── templates ├── ansible_vars_goss.yml.j2 ├── audit │ ├── 98_auditd_exceptions.rules.j2 │ └── 99_auditd.rules.j2 ├── chrony.conf.j2 ├── etc │ ├── ansible │ │ └── compliance_facts.j2 │ ├── crypto-policies │ │ └── policies │ │ │ └── modules │ │ │ ├── NO-SHA1.pmod.j2 │ │ │ ├── NO-SSHCBC.pmod.j2 │ │ │ └── NO-WEAKMAC.pmod.j2 │ ├── dconf │ │ └── db │ │ │ ├── 00-media-automount.j2 │ │ │ ├── 00-media-autorun.j2 │ │ │ ├── 00-screensaver.j2 │ │ │ └── locks │ │ │ ├── 00-automount_lock.j2 │ │ │ ├── 00-autorun_lock.j2 │ │ │ └── 00-screensaver_lock.j2 │ ├── issue.j2 │ ├── issue.net.j2 │ ├── motd.j2 │ └── systemd │ │ └── system │ │ └── tmp.mount.j2 └── ntp.conf.j2 └── vars ├── AlmaLinux.yml ├── CentOS.yml ├── OracleLinux.yml ├── RedHat.yml ├── Rocky.yml ├── audit.yml ├── is_container.yml └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.ansible-lint -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/workflows/add_repo_issue_to_gh_project.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.github/workflows/add_repo_issue_to_gh_project.yml -------------------------------------------------------------------------------- /.github/workflows/benchmark_tracking_controller.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.github/workflows/benchmark_tracking_controller.yml -------------------------------------------------------------------------------- /.github/workflows/devel_pipeline_validation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.github/workflows/devel_pipeline_validation.yml -------------------------------------------------------------------------------- /.github/workflows/export_badges_private.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.github/workflows/export_badges_private.yml -------------------------------------------------------------------------------- /.github/workflows/export_badges_public.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.github/workflows/export_badges_public.yml -------------------------------------------------------------------------------- /.github/workflows/main_pipeline_validation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.github/workflows/main_pipeline_validation.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/.yamllint -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/CONTRIBUTING.rst -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/Changelog.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/README.md -------------------------------------------------------------------------------- /collections/requirements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/collections/requirements.yml -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/defaults/main.yml -------------------------------------------------------------------------------- /files/etc/systemd/system/tmp.mount: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/files/etc/systemd/system/tmp.mount -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/handlers/main.yml -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/meta/main.yml -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/default/converge.yml -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/default/molecule.yml -------------------------------------------------------------------------------- /molecule/default/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/default/verify.yml -------------------------------------------------------------------------------- /molecule/localhost/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/localhost/converge.yml -------------------------------------------------------------------------------- /molecule/localhost/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/localhost/molecule.yml -------------------------------------------------------------------------------- /molecule/localhost/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/localhost/verify.yml -------------------------------------------------------------------------------- /molecule/wsl/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/wsl/converge.yml -------------------------------------------------------------------------------- /molecule/wsl/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/wsl/molecule.yml -------------------------------------------------------------------------------- /molecule/wsl/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/molecule/wsl/verify.yml -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/site.yml -------------------------------------------------------------------------------- /tasks/LE_audit_setup.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/LE_audit_setup.yml -------------------------------------------------------------------------------- /tasks/audit_only.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/audit_only.yml -------------------------------------------------------------------------------- /tasks/auditd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/auditd.yml -------------------------------------------------------------------------------- /tasks/fetch_audit_output.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/fetch_audit_output.yml -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/main.yml -------------------------------------------------------------------------------- /tasks/parse_etc_password.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/parse_etc_password.yml -------------------------------------------------------------------------------- /tasks/post.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/post.yml -------------------------------------------------------------------------------- /tasks/post_remediation_audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/post_remediation_audit.yml -------------------------------------------------------------------------------- /tasks/pre_remediation_audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/pre_remediation_audit.yml -------------------------------------------------------------------------------- /tasks/prelim.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/prelim.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.3.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.4.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.5.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.5.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.6.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.6.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.7.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.1.2.7.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.2.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.3.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.4.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.5.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.5.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.6.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.6.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.7.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.7.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.8.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.8.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.9.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/cis_1.9.yml -------------------------------------------------------------------------------- /tasks/section_1/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_1/main.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_2/cis_2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_2/cis_2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_2/cis_2.3.x.yml -------------------------------------------------------------------------------- /tasks/section_2/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_2/main.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_3/cis_3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_3/cis_3.2.x.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_3/cis_3.3.x.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.4.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_3/cis_3.4.1.x.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.4.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_3/cis_3.4.2.x.yml -------------------------------------------------------------------------------- /tasks/section_3/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_3/main.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.1.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.1.1.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.1.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.1.2.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.2.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.3.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.4.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.4.1.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.4.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.4.2.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.4.3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.4.3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.4.3.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.4.3.2.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.4.3.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.4.3.3.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.4.3.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.4.3.4.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.5.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.5.1.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.5.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.5.2.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.5.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/cis_4.5.3.x.yml -------------------------------------------------------------------------------- /tasks/section_4/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_4/main.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.1.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.1.1.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.1.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.1.2.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.1.3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.1.3.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.1.4.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.1.4.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.2.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.2.3.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.2.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.2.4.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/cis_5.3.x.yml -------------------------------------------------------------------------------- /tasks/section_5/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_5/main.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_6/cis_6.1.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_6/cis_6.2.x.yml -------------------------------------------------------------------------------- /tasks/section_6/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/section_6/main.yml -------------------------------------------------------------------------------- /tasks/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/verify.yml -------------------------------------------------------------------------------- /tasks/warning_facts.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/tasks/warning_facts.yml -------------------------------------------------------------------------------- /templates/ansible_vars_goss.yml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/ansible_vars_goss.yml.j2 -------------------------------------------------------------------------------- /templates/audit/98_auditd_exceptions.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/audit/98_auditd_exceptions.rules.j2 -------------------------------------------------------------------------------- /templates/audit/99_auditd.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/audit/99_auditd.rules.j2 -------------------------------------------------------------------------------- /templates/chrony.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/chrony.conf.j2 -------------------------------------------------------------------------------- /templates/etc/ansible/compliance_facts.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/ansible/compliance_facts.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SHA1.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SHA1.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SSHCBC.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SSHCBC.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-WEAKMAC.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-WEAKMAC.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-media-automount.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/dconf/db/00-media-automount.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-media-autorun.j2: -------------------------------------------------------------------------------- 1 | [org/gnome/desktop/media-handling] 2 | autorun-never=true 3 | -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-screensaver.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/dconf/db/00-screensaver.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/locks/00-automount_lock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/dconf/db/locks/00-automount_lock.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/locks/00-autorun_lock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/dconf/db/locks/00-autorun_lock.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/locks/00-screensaver_lock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/dconf/db/locks/00-screensaver_lock.j2 -------------------------------------------------------------------------------- /templates/etc/issue.j2: -------------------------------------------------------------------------------- 1 | {{ rhel8cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/issue.net.j2: -------------------------------------------------------------------------------- 1 | {{ rhel8cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/motd.j2: -------------------------------------------------------------------------------- 1 | {{ rhel8cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/systemd/system/tmp.mount.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/etc/systemd/system/tmp.mount.j2 -------------------------------------------------------------------------------- /templates/ntp.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/templates/ntp.conf.j2 -------------------------------------------------------------------------------- /vars/AlmaLinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/AlmaLinux.yml -------------------------------------------------------------------------------- /vars/CentOS.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/CentOS.yml -------------------------------------------------------------------------------- /vars/OracleLinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/OracleLinux.yml -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/RedHat.yml -------------------------------------------------------------------------------- /vars/Rocky.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/Rocky.yml -------------------------------------------------------------------------------- /vars/audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/audit.yml -------------------------------------------------------------------------------- /vars/is_container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/is_container.yml -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL8-CIS/HEAD/vars/main.yml --------------------------------------------------------------------------------