Merge pull request #257 from ansible-lockdown/devel

Benchmark 3.1.1 Updates 
Signed-off-by: George Nalen <[email protected]>

Author: georgenalen

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Report Issue
+about: Create a bug issue ticket to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the Issue**
+A clear and concise description of what the bug is.
+
+**Expected Behavior**
+A clear and concise description of what you expected to happen.
+
+**Actual Behavior**
+A clear and concise description of what's happening.
+
+**Control(s) Affected**
+What controls are being affected by the issue
+
+**Environment (please complete the following information):**
+ - Ansible Version: [e.g. 2.10] 
+ - Host Python Version: [e.g. Python 3.7.6]
+ - Ansible Server Python Version: [e.g. Python 3.7.6]
+ - Additional Details:
+
+**Additional Notes**
+Anything additional goes here
+
+**Possible Solution**
+Enter a suggested fix here

.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md

@@ -0,0 +1,21 @@
+---
+name: Feature Request or Enhancement
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Feature Request or Enhancement**
+ - Feature []
+ - Enhancement []
+
+**Summary of Request**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Suggested Code**
+Please provide any code you have in mind to fulfill the request

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,17 @@
+---
+name: Question
+about: Ask away.......
+title: ''
+labels: question
+assignees: ''
+
+---
+
+**Question**
+Pose question here. 
+
+**Environment (please complete the following information):**
+ - Ansible Version: [e.g. 2.10] 
+ - Host Python Version: [e.g. Python 3.7.6]
+ - Ansible Server Python Version: [e.g. Python 3.7.6]
+ - Additional Details:

.github/pull_request_template.md

@@ -0,0 +1,12 @@
+**Overall Review of Changes:**
+A general description of the changes made that are being requested for merge
+
+**Issue Fixes:**
+Please list (using linking) any open issues this PR addresses
+
+**Enhancements:**
+Please list any enhancements/features that are not open issue tickets
+
+**How has this been tested?:**
+Please give an overview of how these changes were tested. If they were not please use N/A
+

.gitignore

@@ -43,4 +43,4 @@ benchparse/
 test_inv
 
 # ignore refactr pipeline test conf
-.github/workflows
+.github/

.yamllint

@@ -9,7 +9,7 @@ extends: default
 rules:
   indentation:
     # Requiring 2 space indentation
-    spaces: 2
+    spaces: 4
     # Requiring consistent indentation within a file, either indented or not
     indent-sequences: consistent
   truthy: disable

CONTRIBUTING.rst

@@ -64,4 +64,3 @@ following text in your contribution commit message:
 This message can be entered manually, or if you have configured git
 with the correct `user.name` and `user.email`, you can use the `-s`
 option to `git commit` to automatically include the signoff message.
-

ChangeLog.md

@@ -11,6 +11,38 @@
   - assert has been created if rule still enabled and password not changed
 - Use of the packages facts module
 
+## Major 1.1
+
+- Upgrade to CIS 3.1.1
+
+### Highlights
+
+- rhel7cis_allow_reboot is now an option to reboot at the end of remediation - default false
+- linting - including command replaced with shell
+- section 1
+  - 1.1 rewritten to providing better auditing and output
+  - 1.3 sudo no longer required move to section 5
+  - 1.4.1 bootloader password reworked
+  - other groups changes increased tests
+  - more controls for GDM
+- section 2
+  - reorder of server services
+  - rsyncd masked
+  - 2.5 - 2.4
+- section 3
+  - some controls now L2
+  - tidy of some rules
+  - 3.1 disable ipv6 now via grub 9No longer sysctl
+- section 4
+  - tidy up
+- section 5
+  - sudo moved from 1.3 to 5.2
+  - Other controls changed numbers
+  - ssh kex, mac and ciphers updates
+- section 6
+  - many control orders changed
+  - 6.2.11 create missing home dirs rewritten
+
 ## Whats new in 1.0.3
 
 - Thanks to Thulium-Drake
@@ -42,4 +74,4 @@
 ## Whats new 1.0.1
 
 - Fixed typos
-- Added audit output file permissions
+- Added audit output file permissions

README.md

@@ -8,7 +8,7 @@ RHEL 7 CIS
 Configure RHEL/Centos 7 machine to be [CIS](https://www.cisecurity.org/cis-benchmarks/) compliant
 Untested on OEL
 
-Based on [CIS RedHat Enterprise Linux 7 Benchmark v3.0.1 - 09-21-2020 ](https://www.cisecurity.org/cis-benchmarks/)
+Based on [CIS RedHat Enterprise Linux 7 Benchmark v3.1.1 - 05-21-2021 ](https://www.cisecurity.org/cis-benchmarks/)
 
 Caution(s)
 -------
@@ -17,7 +17,7 @@ This role **will make changes to the system** which may have unintended conseque
 
 This role was developed against a clean install of the Operating System. If you are implimenting to an existing system please review this role for any site specific changes that are needed.
 
-To use release version please point to main branch.
+To use release version please point to main branch and relevant release for the cis benchmark you wish to work with.
 
 Coming from a previous release
 ------------------------------
@@ -96,24 +96,25 @@ Below is an example of the tag section from a control within this role. Using th
 Example Audit Summary
 ---------------------
 
-This is based on a vagrant image with selections enabled. e.g. No Gui or firewall.
-Note: More tests are run during audit as we check config and running state.
+The audit when run from ansible also uses all the specific variables, so will test relevant variables based on host configuration settings.
+This is based on a vagrant image, based upon a preconfigured image for filesystem layout etc. e.g. No Gui or firewall.
+Note: More tests are run during audit as we are checking config and running state.
 
 ```sh
-TASK [/vagrant/RHEL7-CIS : Show Audit Summary] ******************************************************************************************************************************************************************************
+TASK [RHEL7-CIS : Show Audit Summary] ******************************************************************************************************************************************************************************
 ******
-ok: [localhost] => {
+ok: [cent7_efi] => {
     "msg": [
-        "The pre remediation results are: Count: 377, Failed: 127, Duration: 12.417s.",
-        "The post remediation results are: Count: 377, Failed: 20, Duration: 14.133s.",
+        "The pre remediation results are: Count: 380, Failed: 121, Duration: 10.399s.",
+        "The post remediation results are: Count: 380, Failed: 10, Duration: 12.324s.",
         "Full breakdown can be found in /var/tmp",
         ""
     ]
 }
 
 PLAY RECAP ******************************************************************************************************************************************************************************************************************
 ******
-localhost                  : ok=270  changed=140  unreachable=0    failed=0    skipped=129  rescued=0    ignored=0 
+cent7_efi                  : ok=274  changed=143  unreachable=0    failed=0    skipped=140  rescued=0    ignored=0  
 
 ```
 
@@ -136,6 +137,16 @@ We encourage you (the community) to contribute to this role. Please read the rul
 - Pull Requests into devel will confirm your commits have a GPG signature, Signed-off, and a functional test before being approved
 - Once your changes are merged and a more detailed review is complete, an authorized member will merge your changes into the main branch for a new release
 
+Support
+-------
+
+This is a community project at its core and will be managed as such.
+
+If you would are interested in dedicated support to assist or provide bespoke setups
+
+- [Ansible Counselor](https://www.mindpointgroup.com/products/ansible-counselor-on-demand-ansible-services-and-consulting/)
+- [Try us out](https://engage.mindpointgroup.com/try-ansible-counselor)
+
 Credits
 -------