Stabilize #11
stabilize.yaml
on: schedule
Build and Stabilization Tests on Fedora Latest (Container)
1h 19m
Annotations
10 errors and 11 warnings
schema[playbook]:
chromium-playbook-stig.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_stig', 'hosts': 'all', 'vars': None, 'tasks': None} is not valid under any of the given schemas
|
schema[playbook]:
debian10-playbook-anssi_np_nt28_average.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_average', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Set rsyslog logfile configuration facts', 'ansible.builtin.set_fact': {'rsyslog_etc_config': '/etc/rsyslog.conf'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get IncludeConfig directive', 'ansible.builtin.shell': "set -o pipefail\ngrep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true\n", 'register': 'rsyslog_old_inc', 'changed_when': False, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get include files directives', 'ansible.builtin.shell': 'set -o pipefail\nawk \'/)/{f=0} /include\\(/{f=1} f{nf=gensub("^(include\\\\(|\\\\s*)file=\\"(\\\\S+)\\".*","\\\\2",1); if($0!=nf){print nf}}\' {{ rsyslog_etc_config }} || true\n', 'register': 'rsyslog_new_inc', 'changed_when': False, 'when': 'ansible_virtualization_t
|
schema[playbook]:
debian10-playbook-anssi_np_nt28_high.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_high', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes
|
schema[playbook]:
debian10-playbook-anssi_np_nt28_minimal.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure syslog-ng is installed', 'package': {'name': 'syslog-ng', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_syslogng_installed']}, {'name': 'Enable service syslog-ng', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service syslog-ng', 'systemd': {'name': 'syslog-ng', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"syslog-ng" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_syslogng_enabled']}, {'name': 'Test for existence /etc/group', 'stat': {'path': '/etc/group'}, 'register': 'file_exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_groupowner_etc_group', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed']}, {'name': 'Ensure group owner 0 on /etc/group', 'file': {'path': '/etc/group', 'group': '0'}, 'when': 'file_exists.stat is defined and file_exists.stat.exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_
|
schema[playbook]:
debian10-playbook-anssi_np_nt28_restrictive.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled
|
schema[playbook]:
debian10-playbook-standard.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_standard', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Set rsyslog logfile configuration facts', 'ansible.builtin.set_fact': {'rsyslog_etc_config': '/etc/rsyslog.conf'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get IncludeConfig directive', 'ansible.builtin.shell': "set -o pipefail\ngrep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true\n", 'register': 'rsyslog_old_inc', 'changed_when': False, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity',
|
schema[playbook]:
debian11-playbook-anssi_np_nt28_average.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_average', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Set rsyslog logfile configuration facts', 'ansible.builtin.set_fact': {'rsyslog_etc_config': '/etc/rsyslog.conf'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get IncludeConfig directive', 'ansible.builtin.shell': "set -o pipefail\ngrep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true\n", 'register': 'rsyslog_old_inc', 'changed_when': False, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get include files directives', 'ansible.builtin.shell': 'set -o pipefail\nawk \'/)/{f=0} /include\\(/{f=1} f{nf=gensub("^(include\\\\(|\\\\s*)file=\\"(\\\\S+)\\".*","\\\\2",1); if($0!=nf){print nf}}\' {{ rsyslog_etc_config }} || true\n', 'register': 'rsyslog_new_inc', 'changed_when': False, 'when': 'ansible_virtualization_t
|
schema[playbook]:
debian11-playbook-anssi_np_nt28_high.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_high', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes
|
schema[playbook]:
debian11-playbook-anssi_np_nt28_minimal.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure syslog-ng is installed', 'package': {'name': 'syslog-ng', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_syslogng_installed']}, {'name': 'Enable service syslog-ng', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service syslog-ng', 'systemd': {'name': 'syslog-ng', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"syslog-ng" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_syslogng_enabled']}, {'name': 'Test for existence /etc/group', 'stat': {'path': '/etc/group'}, 'register': 'file_exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_groupowner_etc_group', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed']}, {'name': 'Ensure group owner 0 on /etc/group', 'file': {'path': '/etc/group', 'group': '0'}, 'when': 'file_exists.stat is defined and file_exists.stat.exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_
|
schema[playbook]:
debian11-playbook-anssi_np_nt28_restrictive.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled
|
Build and Stabilization Tests on Fedora Latest (Container)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|
args[module]:
sle12-playbook-cis.yml#L23121
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis.yml#L23138
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis.yml#L23155
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_server_l1.yml#L5907
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_server_l1.yml#L5924
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_server_l1.yml#L5941
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_workstation_l1.yml#L5907
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_workstation_l1.yml#L5924
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_workstation_l1.yml#L5941
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|
args[module]:
sle12-playbook-cis_workstation_l2.yml#L23121
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
|