ansible-lockdown / rhel8-cis-audit Goto Github PK
View Code? Open in Web Editor NEWAudit configurations for RHEL8 CIS - utilising goss
License: MIT License
Audit configurations for RHEL8 CIS - utilising goss
License: MIT License
Describe the Issue
the playbook stops when trying to upload / unpack the RHEL8-CIS-Audit.tar.gz
ASK [/home/hal/ansible/hardening/RHEL8-CIS : Pre Audit Setup | Copy ansible default vars values to test audit] ******************************
fatal: [SRV3-OL8]: FAILED! => {"changed": false, "checksum": "9d6da5501987f6eec6dbe7082540601736830a17", "msg": "Destination directory /opt/RHEL8-CIS-Audit/vars does not exist"}
Expected Behavior
upload it to the path I modified the variable with a file, so as I can see it's hardcoded.
Actual Behavior
it stops, and does not do the audit.
Control(s) Affected
What controls are being affected by the issue
Relevant files associated.
Environment (please complete the following information):
Additional Notes
I think we already talked about that in Discord when we were tuning the UBUNTU-22-CIS (it had the same problems)
Possible Solution
As far as I see the problem is in the remediate file, and the solution should be the same that used in Ubuntu-22-cis-Audit
align with rhel7-cis section 5.6 to enable the ability for a sugroup
Hi dev team,
I have noticed some of the missing rules in json report and did a backtrack to try to analyse the reason behind the missing rules.
Some of the missing rules were cause by errors generated from goss validation.
Attached some of my findings and hope to hear more from you.
cis_2.3.1_6.yml.txt
Actinum_RHEL8_CIS_AUDIT_git_diff.txt
Actinum_RHEL8_CIS_AUDIT_git_status.txt
There are plans to rework the audit to work with goss version >0.4.x
When using version >0.4.x, the field does not contain the correct queries:
"matcher-result": {
"Expected": [
"/^MaxAuthTries [1-4]/",
"!/^MaxAuthTries [5-9]/"
],
"ExtraElements": null,
"Message": "to have patterns",
"MissingElements": [
"/^MaxAuthTries [1-4]/"
created an issue in the developer's repository
goss-org/goss#845
Greetings colleagues! I want to ask - is it possible to do a cis audit on many remote computers, so as not to logon into each
Describe the Issue
in cis_1.1.7.1_5.yml audit, one test checks for quota package, this is a part of the test for usrquota and grpquota. This test is not inside an if clause, meaning it will run even if we have selected to not check usrquota or grpquota
Expected Behavior
To be skipped if
rhel8cis_rule_1_1_7_4: false
rhel8cis_rule_1_1_7_5: false
Actual Behavior
Will always run, and create false negatives
Control(s) Affected
What controls are being affected by the issue
relevent files associated.
CIS 1.1.7.4
CIS 1.1.7.5
RHEL8-CIS-Audit/section_1/cis_1.1/cis_1.1.7.1_5.yml
Environment (please complete the following information):
Additional Notes
Anything additional goes here
Possible Solution
package:
{{ if .Vars.rhel8cis_rule_1_1_7_4 or .Vars.rhel8cis_rule_1_1_7_5 }}
quota:
title: |
1.1.7.4 | Ensure usrquota option set on /home partition | quota pkg installed
1.1.7.5 | Ensure grpquota option set on /home partition | quota pkg installed
installed: true
meta:
server: 2
workstation: 2
CIS_ID:
- 1.1.7.4
- 1.1.7.5
CISv8: 3.3
CISv8_IG1: true
CISv8_IG2: true
{{ end }}
Describe the Issue
This role does not appear to have a meta/main.yml file.
Expected Behavior
Starting galaxy role install process
Actual Behavior
[WARNING]: - RHEL8-CIS-Audit was NOT installed successfully
Control(s) Affected
Using it in a project.
Environment (please complete the following information):
not relevant here.
Additional Notes
Anything additional goes here
Possible Solution
Add file meta/main.yml
.
I found duplicate checks in the sections. I do not understand why? Version goss 0.4.3 immediately speaks about this.
Example, please check
section_3/cis_3.3/cis_3.3.7.yml
check duplicated net.ip4.conf.all.rp_filter
And this problem exists in all sections
Feature Request or Enhancement:
Summary of Request
Want to be able to control which network interfaces goss tests for.
Only allowing enp0s3 or enp0s8 creates false negatives
Describe alternatives you've considered
Disable the whole test
Suggested Code
in ansible_vars_goss.yml.j2:
rhel8cis_firewall_interface: {{ rhel8cis_firewall_interfaces }}
in defaults/main.yml
rhel8cis_firewall_interfaces: {{ ansible_default_ipv4.interface }}
Describe the Issue
When running run_audit.sh
, you get the following error:
tr: missing operand after ‘[:lower:]’
Two strings must be given when translating.
Try 'tr --help' for more information.
Expected Behavior
This error shouldn't be thrown. This is clearly a syntax error in the script.
Actual Behavior
You get a syntax error
Control(s) Affected
Environment (please complete the following information):
Additional Notes
Testing the code on my WSL sandbox before launching it in the actual environment
Possible Solution
On line 86 the following possible amendments can be made:
os_vendor="$(hostnamectl | grep Oper | cut -d: -f2 | awk '{print $1}' | tr '[:upper:]' '[:lower:]')"
os_vendor="$(hostnamectl | grep Oper | cut -d: -f2 | awk '{print tolower($1)}')"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.