├── .ansible-lint ├── .gitattributes ├── .github └── workflows │ ├── add_repo_issue_to_gh_project.yml │ ├── benchmark_tracking_controller.yml │ ├── devel_pipeline_validation.yml │ ├── export_badges_private.yml │ ├── export_badges_public.yml │ └── main_pipeline_validation.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .yamllint ├── CONTRIBUTING.rst ├── Changelog.md ├── LICENSE ├── Makefile ├── README.md ├── collections └── requirements.yml ├── defaults └── main.yml ├── files ├── etc │ └── systemd │ │ └── system │ │ └── tmp.mount └── fs_with_cves.sh ├── handlers └── main.yml ├── meta └── main.yml ├── molecule ├── default │ ├── converge.yml │ ├── molecule.yml │ └── verify.yml ├── localhost │ ├── converge.yml │ ├── molecule.yml │ └── verify.yml └── wsl │ ├── converge.yml │ ├── molecule.yml │ └── verify.yml ├── site.yml ├── tasks ├── LE_audit_setup.yml ├── audit_only.yml ├── auditd.yml ├── check_prereqs.yml ├── fetch_audit_output.yml ├── main.yml ├── parse_etc_password.yml ├── post.yml ├── post_remediation_audit.yml ├── pre_remediation_audit.yml ├── prelim.yml ├── section_1 │ ├── cis_1.1.1.x.yml │ ├── cis_1.1.2.1.x.yml │ ├── cis_1.1.2.2.x.yml │ ├── cis_1.1.2.3.x.yml │ ├── cis_1.1.2.4.x.yml │ ├── cis_1.1.2.5.x.yml │ ├── cis_1.1.2.6.x.yml │ ├── cis_1.1.2.7.x.yml │ ├── cis_1.2.1.x.yml │ ├── cis_1.2.2.x.yml │ ├── cis_1.3.1.x.yml │ ├── cis_1.4.x.yml │ ├── cis_1.5.x.yml │ ├── cis_1.6.x.yml │ ├── cis_1.7.x.yml │ ├── cis_1.8.x.yml │ └── main.yml ├── section_2 │ ├── cis_2.1.x.yml │ ├── cis_2.2.x.yml │ ├── cis_2.3.x.yml │ ├── cis_2.4.x.yml │ └── main.yml ├── section_3 │ ├── cis_3.1.x.yml │ ├── cis_3.2.x.yml │ ├── cis_3.3.x.yml │ └── main.yml ├── section_4 │ ├── cis_4.1.x.yml │ ├── cis_4.2.x.yml │ ├── cis_4.3.x.yml │ └── main.yml ├── section_5 │ ├── cis_5.1.x.yml │ ├── cis_5.2.x.yml │ ├── cis_5.3.1.x.yml │ ├── cis_5.3.2.x.yml │ ├── cis_5.3.3.1.x.yml │ ├── cis_5.3.3.2.x.yml │ ├── cis_5.3.3.3.x.yml │ ├── cis_5.3.3.4.x.yml │ ├── cis_5.4.1.x.yml │ ├── cis_5.4.2.x.yml │ ├── cis_5.4.3.x.yml │ └── main.yml ├── section_6 │ ├── cis_6.1.x.yml │ ├── cis_6.2.1.x.yml │ ├── cis_6.2.2.1.x.yml │ ├── cis_6.2.2.x.yml │ ├── cis_6.2.3.x.yml │ ├── cis_6.2.4.1.yml │ ├── cis_6.3.1.x.yml │ ├── cis_6.3.2.x.yml │ ├── cis_6.3.3.x.yml │ ├── cis_6.3.4.x.yml │ └── main.yml ├── section_7 │ ├── cis_7.1.x.yml │ ├── cis_7.2.x.yml │ └── main.yml └── warning_facts.yml ├── templates ├── ansible_vars_goss.yml.j2 ├── audit │ ├── 98_auditd_exception.rules.j2 │ └── 99_auditd.rules.j2 └── etc │ ├── aide.conf.d │ └── crypt_audit_procs.conf.j2 │ ├── ansible │ └── compliance_facts.j2 │ ├── chrony.conf.j2 │ ├── cron.d │ └── aide.cron.j2 │ ├── crypto-policies │ └── policies │ │ └── modules │ │ ├── NO-SHA1.pmod.j2 │ │ ├── NO-SSHCBC.pmod.j2 │ │ ├── NO-SSHETM.pmod.j2 │ │ ├── NO-SSHWEAKCIPHERS.pmod.j2 │ │ ├── NO-SSHWEAKMACS.pmod.j2 │ │ └── NO-WEAKMAC.pmod.j2 │ ├── dconf │ └── db │ │ ├── 00-automount_lock.j2 │ │ ├── 00-autorun_lock.j2 │ │ ├── 00-media-automount.j2 │ │ ├── 00-media-autorun.j2 │ │ ├── 00-screensaver.j2 │ │ ├── 00-screensaver_lock.j2 │ │ └── gdm.d │ │ └── 01-banner-message.j2 │ ├── issue.j2 │ ├── issue.net.j2 │ ├── logrotate.d │ └── rsyslog_log.j2 │ ├── modprobe.d │ └── modprobe.conf.j2 │ ├── motd.j2 │ ├── security │ └── pwquality.conf.d │ │ ├── 50-pwcomplexity.conf.j2 │ │ ├── 50-pwdictcheck.conf.j2 │ │ ├── 50-pwdifok.conf.j2 │ │ ├── 50-pwlength.conf.j2 │ │ ├── 50-pwmaxsequence.conf.j2 │ │ ├── 50-pwquality_enforce.conf.j2 │ │ ├── 50-pwrepeat.conf.j2 │ │ └── 50-pwroot.conf.j2 │ ├── sysctl.d │ ├── 60-disable_ipv6.conf.j2 │ ├── 60-kernel_sysctl.conf.j2 │ ├── 60-netipv4_sysctl.conf.j2 │ └── 60-netipv6_sysctl.conf.j2 │ └── systemd │ ├── journald.conf.d │ ├── forwardtosyslog.conf.j2 │ ├── rotation.conf.j2 │ └── storage.conf.j2 │ └── system │ └── tmp.mount.j2 └── vars ├── AlmaLinux.yml ├── CentOS.yml ├── OracleLinux.yml ├── RedHat.yml ├── Rocky.yml ├── audit.yml ├── is_container.yml └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.ansible-lint -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/workflows/add_repo_issue_to_gh_project.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.github/workflows/add_repo_issue_to_gh_project.yml -------------------------------------------------------------------------------- /.github/workflows/benchmark_tracking_controller.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.github/workflows/benchmark_tracking_controller.yml -------------------------------------------------------------------------------- /.github/workflows/devel_pipeline_validation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.github/workflows/devel_pipeline_validation.yml -------------------------------------------------------------------------------- /.github/workflows/export_badges_private.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.github/workflows/export_badges_private.yml -------------------------------------------------------------------------------- /.github/workflows/export_badges_public.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.github/workflows/export_badges_public.yml -------------------------------------------------------------------------------- /.github/workflows/main_pipeline_validation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.github/workflows/main_pipeline_validation.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/.yamllint -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/CONTRIBUTING.rst -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/Changelog.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/README.md -------------------------------------------------------------------------------- /collections/requirements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/collections/requirements.yml -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/defaults/main.yml -------------------------------------------------------------------------------- /files/etc/systemd/system/tmp.mount: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/files/etc/systemd/system/tmp.mount -------------------------------------------------------------------------------- /files/fs_with_cves.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/files/fs_with_cves.sh -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/handlers/main.yml -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/meta/main.yml -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/default/converge.yml -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/default/molecule.yml -------------------------------------------------------------------------------- /molecule/default/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/default/verify.yml -------------------------------------------------------------------------------- /molecule/localhost/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/localhost/converge.yml -------------------------------------------------------------------------------- /molecule/localhost/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/localhost/molecule.yml -------------------------------------------------------------------------------- /molecule/localhost/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/localhost/verify.yml -------------------------------------------------------------------------------- /molecule/wsl/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/wsl/converge.yml -------------------------------------------------------------------------------- /molecule/wsl/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/wsl/molecule.yml -------------------------------------------------------------------------------- /molecule/wsl/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/molecule/wsl/verify.yml -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/site.yml -------------------------------------------------------------------------------- /tasks/LE_audit_setup.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/LE_audit_setup.yml -------------------------------------------------------------------------------- /tasks/audit_only.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/audit_only.yml -------------------------------------------------------------------------------- /tasks/auditd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/auditd.yml -------------------------------------------------------------------------------- /tasks/check_prereqs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/check_prereqs.yml -------------------------------------------------------------------------------- /tasks/fetch_audit_output.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/fetch_audit_output.yml -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/main.yml -------------------------------------------------------------------------------- /tasks/parse_etc_password.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/parse_etc_password.yml -------------------------------------------------------------------------------- /tasks/post.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/post.yml -------------------------------------------------------------------------------- /tasks/post_remediation_audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/post_remediation_audit.yml -------------------------------------------------------------------------------- /tasks/pre_remediation_audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/pre_remediation_audit.yml -------------------------------------------------------------------------------- /tasks/prelim.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/prelim.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.3.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.4.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.5.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.5.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.6.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.6.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.1.2.7.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.1.2.7.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.4.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.5.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.5.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.6.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.6.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.7.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.7.x.yml -------------------------------------------------------------------------------- /tasks/section_1/cis_1.8.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/cis_1.8.x.yml -------------------------------------------------------------------------------- /tasks/section_1/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_1/main.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_2/cis_2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_2/cis_2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_2/cis_2.3.x.yml -------------------------------------------------------------------------------- /tasks/section_2/cis_2.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_2/cis_2.4.x.yml -------------------------------------------------------------------------------- /tasks/section_2/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_2/main.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_3/cis_3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_3/cis_3.2.x.yml -------------------------------------------------------------------------------- /tasks/section_3/cis_3.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_3/cis_3.3.x.yml -------------------------------------------------------------------------------- /tasks/section_3/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_3/main.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_4/cis_4.1.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_4/cis_4.2.x.yml -------------------------------------------------------------------------------- /tasks/section_4/cis_4.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_4/cis_4.3.x.yml -------------------------------------------------------------------------------- /tasks/section_4/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_4/main.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.1.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.2.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.3.2.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.3.3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.3.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.3.3.2.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.3.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.3.3.3.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.3.3.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.3.3.4.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.4.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.4.1.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.4.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.4.2.x.yml -------------------------------------------------------------------------------- /tasks/section_5/cis_5.4.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/cis_5.4.3.x.yml -------------------------------------------------------------------------------- /tasks/section_5/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_5/main.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.1.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.2.2.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.2.2.1.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.2.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.2.2.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.2.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.2.3.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.2.4.1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.2.4.1.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.3.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.3.1.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.3.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.3.2.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.3.3.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.3.3.x.yml -------------------------------------------------------------------------------- /tasks/section_6/cis_6.3.4.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/cis_6.3.4.x.yml -------------------------------------------------------------------------------- /tasks/section_6/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_6/main.yml -------------------------------------------------------------------------------- /tasks/section_7/cis_7.1.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_7/cis_7.1.x.yml -------------------------------------------------------------------------------- /tasks/section_7/cis_7.2.x.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_7/cis_7.2.x.yml -------------------------------------------------------------------------------- /tasks/section_7/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/section_7/main.yml -------------------------------------------------------------------------------- /tasks/warning_facts.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/tasks/warning_facts.yml -------------------------------------------------------------------------------- /templates/ansible_vars_goss.yml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/ansible_vars_goss.yml.j2 -------------------------------------------------------------------------------- /templates/audit/98_auditd_exception.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/audit/98_auditd_exception.rules.j2 -------------------------------------------------------------------------------- /templates/audit/99_auditd.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/audit/99_auditd.rules.j2 -------------------------------------------------------------------------------- /templates/etc/aide.conf.d/crypt_audit_procs.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/aide.conf.d/crypt_audit_procs.conf.j2 -------------------------------------------------------------------------------- /templates/etc/ansible/compliance_facts.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/ansible/compliance_facts.j2 -------------------------------------------------------------------------------- /templates/etc/chrony.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/chrony.conf.j2 -------------------------------------------------------------------------------- /templates/etc/cron.d/aide.cron.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/cron.d/aide.cron.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SHA1.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SHA1.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SSHCBC.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SSHCBC.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SSHETM.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SSHETM.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-SSHWEAKMACS.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKMACS.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/crypto-policies/policies/modules/NO-WEAKMAC.pmod.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/crypto-policies/policies/modules/NO-WEAKMAC.pmod.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-automount_lock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/00-automount_lock.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-autorun_lock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/00-autorun_lock.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-media-automount.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/00-media-automount.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-media-autorun.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/00-media-autorun.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-screensaver.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/00-screensaver.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/00-screensaver_lock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/00-screensaver_lock.j2 -------------------------------------------------------------------------------- /templates/etc/dconf/db/gdm.d/01-banner-message.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/dconf/db/gdm.d/01-banner-message.j2 -------------------------------------------------------------------------------- /templates/etc/issue.j2: -------------------------------------------------------------------------------- 1 | {{ rhel9cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/issue.net.j2: -------------------------------------------------------------------------------- 1 | {{ rhel9cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/logrotate.d/rsyslog_log.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/logrotate.d/rsyslog_log.j2 -------------------------------------------------------------------------------- /templates/etc/modprobe.d/modprobe.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/modprobe.d/modprobe.conf.j2 -------------------------------------------------------------------------------- /templates/etc/motd.j2: -------------------------------------------------------------------------------- 1 | {{ rhel9cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwcomplexity.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwcomplexity.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwdictcheck.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwdictcheck.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwdifok.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwdifok.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwlength.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwlength.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwmaxsequence.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwmaxsequence.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwquality_enforce.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwquality_enforce.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwrepeat.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwrepeat.conf.j2 -------------------------------------------------------------------------------- /templates/etc/security/pwquality.conf.d/50-pwroot.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/security/pwquality.conf.d/50-pwroot.conf.j2 -------------------------------------------------------------------------------- /templates/etc/sysctl.d/60-disable_ipv6.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/sysctl.d/60-disable_ipv6.conf.j2 -------------------------------------------------------------------------------- /templates/etc/sysctl.d/60-kernel_sysctl.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/sysctl.d/60-kernel_sysctl.conf.j2 -------------------------------------------------------------------------------- /templates/etc/sysctl.d/60-netipv4_sysctl.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/sysctl.d/60-netipv4_sysctl.conf.j2 -------------------------------------------------------------------------------- /templates/etc/sysctl.d/60-netipv6_sysctl.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/sysctl.d/60-netipv6_sysctl.conf.j2 -------------------------------------------------------------------------------- /templates/etc/systemd/journald.conf.d/forwardtosyslog.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/systemd/journald.conf.d/forwardtosyslog.conf.j2 -------------------------------------------------------------------------------- /templates/etc/systemd/journald.conf.d/rotation.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/systemd/journald.conf.d/rotation.conf.j2 -------------------------------------------------------------------------------- /templates/etc/systemd/journald.conf.d/storage.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/systemd/journald.conf.d/storage.conf.j2 -------------------------------------------------------------------------------- /templates/etc/systemd/system/tmp.mount.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/templates/etc/systemd/system/tmp.mount.j2 -------------------------------------------------------------------------------- /vars/AlmaLinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/AlmaLinux.yml -------------------------------------------------------------------------------- /vars/CentOS.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/CentOS.yml -------------------------------------------------------------------------------- /vars/OracleLinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/OracleLinux.yml -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/RedHat.yml -------------------------------------------------------------------------------- /vars/Rocky.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/Rocky.yml -------------------------------------------------------------------------------- /vars/audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/audit.yml -------------------------------------------------------------------------------- /vars/is_container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/is_container.yml -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ansible-lockdown/RHEL9-CIS/HEAD/vars/main.yml --------------------------------------------------------------------------------