mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve infra-run portfolio credibility
lint / shell-yaml-ansible (push) Failing after 21s
Details

Browse Source
This commit is contained in:
Mateusz Suski
2026-05-08 21:18:22 +00:00
parent deb12a0b4f
commit ca5a876d03
87 changed files with 462 additions and 531 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra-run/ansible/roles/cis-rhel9-hardening/tasks/postcheck.yml
+3 -1
View File
@@ -28,7 +28,9 @@
- name: Build sysctl validation summary
ansible.builtin.set_fact:
cis_sysctl_validation_summary: "{{ cis_sysctl_validation_summary | default({}) | combine({item.item.key: item.stdout | default('unreadable')}) }}"
cis_sysctl_validation_summary: >-
{{ cis_sysctl_validation_summary | default({})
| combine({item.item.key: item.stdout | default('unreadable')}) }}
loop: "{{ cis_sysctl_validation.results | default([]) }}"
loop_control:
label: "{{ item.item.key }}"
infra-run/ansible/roles/cis-rhel9-hardening/tasks/ssh.yml
-7
View File
@@ -22,7 +22,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^PermitRootLogin\s+'
line: "PermitRootLogin {{ 'no' if cis_disable_root_login | bool else 'prohibit-password' }}"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
@@ -32,7 +31,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^PermitEmptyPasswords\s+'
line: "PermitEmptyPasswords no"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
@@ -42,7 +40,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^PasswordAuthentication\s+'
line: "PasswordAuthentication {{ 'no' if cis_disable_password_auth | bool else 'yes' }}"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
@@ -52,7 +49,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^MaxAuthTries\s+'
line: "MaxAuthTries {{ cis_ssh_max_auth_tries }}"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
@@ -62,7 +58,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^LoginGraceTime\s+'
line: "LoginGraceTime {{ cis_ssh_login_grace_time }}"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
@@ -72,7 +67,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^ClientAliveInterval\s+'
line: "ClientAliveInterval {{ cis_ssh_client_alive_interval }}"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
@@ -82,7 +76,6 @@
path: "{{ cis_ssh_dropin_path }}"
regexp: '^ClientAliveCountMax\s+'
line: "ClientAliveCountMax {{ cis_ssh_client_alive_count_max }}"
validate: sshd -t -f %s
notify:
- validate sshd
- reload sshd
infra-run/ansible/roles/cis-rhel9-hardening/tasks/sysctl.yml
+1 -1
View File
@@ -1,5 +1,5 @@
---
- name: Apply CIS-inspired sysctl settings
- name: Apply selected sysctl settings
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"