├── .ansible-lint ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ └── main.yml ├── .gitignore ├── .travis.yml ├── LICENSE ├── Makefile ├── README.md ├── _.yamllint ├── defaults └── main.yml ├── files └── etc │ └── systemd │ └── system │ └── tmp.mount ├── handlers └── main.yml ├── meta └── main.yml ├── molecule └── default │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ └── verify.yml ├── requirements.txt ├── tasks ├── main.yml ├── post.yml ├── prelim.yml ├── section1.yml ├── section2.yml ├── section3.yml ├── section4.yml ├── section5.yml └── section6.yml ├── templates ├── at.allow.j2 ├── audit │ ├── ubuntu2004cis_rule_4_1_10.rules.j2 │ ├── ubuntu2004cis_rule_4_1_11.rules.j2 │ ├── ubuntu2004cis_rule_4_1_12.rules.j2 │ ├── ubuntu2004cis_rule_4_1_13.rules.j2 │ ├── ubuntu2004cis_rule_4_1_14.rules.j2 │ ├── ubuntu2004cis_rule_4_1_15.rules.j2 │ ├── ubuntu2004cis_rule_4_1_16.rules.j2 │ ├── ubuntu2004cis_rule_4_1_17.rules.j2 │ ├── ubuntu2004cis_rule_4_1_3.rules.j2 │ ├── ubuntu2004cis_rule_4_1_4.rules.j2 │ ├── ubuntu2004cis_rule_4_1_5.rules.j2 │ ├── ubuntu2004cis_rule_4_1_6.rules.j2 │ ├── ubuntu2004cis_rule_4_1_7.rules.j2 │ ├── ubuntu2004cis_rule_4_1_8.rules.j2 │ └── ubuntu2004cis_rule_4_1_9.rules.j2 ├── chrony.conf.j2 ├── cron.allow.j2 ├── etc │ ├── issue.j2 │ ├── issue.net.j2 │ └── motd.j2 └── ntp.conf.j2 ├── tests └── inventory └── vars └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/.ansible-lint -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/.github/workflows/main.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/.gitignore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/.travis.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/README.md -------------------------------------------------------------------------------- /_.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/_.yamllint -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/defaults/main.yml -------------------------------------------------------------------------------- /files/etc/systemd/system/tmp.mount: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/files/etc/systemd/system/tmp.mount -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/handlers/main.yml -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/meta/main.yml -------------------------------------------------------------------------------- /molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/molecule/default/INSTALL.rst -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/molecule/default/converge.yml -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/molecule/default/molecule.yml -------------------------------------------------------------------------------- /molecule/default/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/molecule/default/prepare.yml -------------------------------------------------------------------------------- /molecule/default/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/molecule/default/verify.yml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | molecule[docker]==3.0.8 2 | ansible-lint==5.2.1 3 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/main.yml -------------------------------------------------------------------------------- /tasks/post.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/post.yml -------------------------------------------------------------------------------- /tasks/prelim.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/prelim.yml -------------------------------------------------------------------------------- /tasks/section1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/section1.yml -------------------------------------------------------------------------------- /tasks/section2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/section2.yml -------------------------------------------------------------------------------- /tasks/section3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/section3.yml -------------------------------------------------------------------------------- /tasks/section4.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/section4.yml -------------------------------------------------------------------------------- /tasks/section5.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/section5.yml -------------------------------------------------------------------------------- /tasks/section6.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/tasks/section6.yml -------------------------------------------------------------------------------- /templates/at.allow.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/at.allow.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_10.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_10.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_11.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_11.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_12.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_12.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_13.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_13.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_14.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_14.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_15.rules.j2: -------------------------------------------------------------------------------- 1 | -w /var/log/sudo.log -p wa -k actions 2 | -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_16.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_16.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_17.rules.j2: -------------------------------------------------------------------------------- 1 | -e 2 2 | -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_3.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_3.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_4.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_4.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_5.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_5.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_6.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_6.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_7.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_7.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_8.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_8.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu2004cis_rule_4_1_9.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/audit/ubuntu2004cis_rule_4_1_9.rules.j2 -------------------------------------------------------------------------------- /templates/chrony.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/chrony.conf.j2 -------------------------------------------------------------------------------- /templates/cron.allow.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/cron.allow.j2 -------------------------------------------------------------------------------- /templates/etc/issue.j2: -------------------------------------------------------------------------------- 1 | {{ ubuntu2004cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/issue.net.j2: -------------------------------------------------------------------------------- 1 | {{ ubuntu2004cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/motd.j2: -------------------------------------------------------------------------------- 1 | {{ ubuntu2004cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/ntp.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/ubuntu2004_cis/HEAD/templates/ntp.conf.j2 -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ubuntu2004_cis 3 | --------------------------------------------------------------------------------