Skip to content

Stabilize

Stabilize #15

Triggered via schedule September 17, 2023 05:06
Status Failure
Total duration 1h 3m 21s
Artifacts

stabilize.yaml

on: schedule
Build and Stabilization Tests on Fedora Latest (Container)
1h 3m
Build and Stabilization Tests on Fedora Latest (Container)
Fit to window
Zoom out
Zoom in

Annotations

10 errors and 10 warnings
schema[playbook]: chromium-playbook-stig.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_stig', 'hosts': 'all', 'vars': None, 'tasks': None} is not valid under any of the given schemas
schema[playbook]: debian10-playbook-anssi_np_nt28_average.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_average', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Set rsyslog logfile configuration facts', 'ansible.builtin.set_fact': {'rsyslog_etc_config': '/etc/rsyslog.conf'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get IncludeConfig directive', 'ansible.builtin.shell': "set -o pipefail\ngrep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true\n", 'register': 'rsyslog_old_inc', 'changed_when': False, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get include files directives', 'ansible.builtin.shell': 'set -o pipefail\nawk \'/)/{f=0} /include\\(/{f=1} f{nf=gensub("^(include\\\\(|\\\\s*)file=\\"(\\\\S+)\\".*","\\\\2",1); if($0!=nf){print nf}}\' {{ rsyslog_etc_config }} || true\n', 'register': 'rsyslog_new_inc', 'changed_when': False, 'when': 'ansible_virtualization_t
schema[playbook]: debian10-playbook-anssi_np_nt28_high.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_high', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes
schema[playbook]: debian10-playbook-anssi_np_nt28_minimal.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure syslog-ng is installed', 'package': {'name': 'syslog-ng', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_syslogng_installed']}, {'name': 'Enable service syslog-ng', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service syslog-ng', 'systemd': {'name': 'syslog-ng', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"syslog-ng" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_syslogng_enabled']}, {'name': 'Test for existence /etc/group', 'stat': {'path': '/etc/group'}, 'register': 'file_exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_groupowner_etc_group', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed']}, {'name': 'Ensure group owner 0 on /etc/group', 'file': {'path': '/etc/group', 'group': '0'}, 'when': 'file_exists.stat is defined and file_exists.stat.exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_
schema[playbook]: debian10-playbook-anssi_np_nt28_restrictive.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled
schema[playbook]: debian10-playbook-standard.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_standard', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Set rsyslog logfile configuration facts', 'ansible.builtin.set_fact': {'rsyslog_etc_config': '/etc/rsyslog.conf'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get IncludeConfig directive', 'ansible.builtin.shell': "set -o pipefail\ngrep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true\n", 'register': 'rsyslog_old_inc', 'changed_when': False, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity',
schema[playbook]: debian11-playbook-anssi_np_nt28_average.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_average', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Set rsyslog logfile configuration facts', 'ansible.builtin.set_fact': {'rsyslog_etc_config': '/etc/rsyslog.conf'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get IncludeConfig directive', 'ansible.builtin.shell': "set -o pipefail\ngrep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true\n", 'register': 'rsyslog_old_inc', 'changed_when': False, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.5.1', 'PCI-DSS-Req-10.5.2', 'PCI-DSSv4-10.3.1', 'PCI-DSSv4-10.3.2', 'configure_strategy', 'low_complexity', 'medium_disruption', 'medium_severity', 'no_reboot_needed', 'rsyslog_files_groupownership']}, {'name': 'Ensure Log Files Are Owned By Appropriate Group - Get include files directives', 'ansible.builtin.shell': 'set -o pipefail\nawk \'/)/{f=0} /include\\(/{f=1} f{nf=gensub("^(include\\\\(|\\\\s*)file=\\"(\\\\S+)\\".*","\\\\2",1); if($0!=nf){print nf}}\' {{ rsyslog_etc_config }} || true\n', 'register': 'rsyslog_new_inc', 'changed_when': False, 'when': 'ansible_virtualization_t
schema[playbook]: debian11-playbook-anssi_np_nt28_high.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_high', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes
schema[playbook]: debian11-playbook-anssi_np_nt28_minimal.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"rsyslog" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_rsyslog_enabled']}, {'name': 'Ensure syslog-ng is installed', 'package': {'name': 'syslog-ng', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_syslogng_installed']}, {'name': 'Enable service syslog-ng', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service syslog-ng', 'systemd': {'name': 'syslog-ng', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"syslog-ng" in ansible_facts.packages']}], 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AU-4(1)', 'NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_syslogng_enabled']}, {'name': 'Test for existence /etc/group', 'stat': {'path': '/etc/group'}, 'register': 'file_exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_groupowner_etc_group', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed']}, {'name': 'Ensure group owner 0 on /etc/group', 'file': {'path': '/etc/group', 'group': '0'}, 'when': 'file_exists.stat is defined and file_exists.stat.exists', 'tags': ['CJIS-5.5.2.2', 'NIST-800-53-AC-6(1)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-8.7.c', 'PCI-DSSv4-7.2.6', 'configure_strategy', 'file_
schema[playbook]: debian11-playbook-anssi_np_nt28_restrictive.yml#L1
{'name': 'Ansible Playbook for xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive', 'hosts': 'all', 'vars': None, 'tasks': [{'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Remove lines containing !authenticate from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+\\!authenticate.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_no_authenticate']}, {'name': 'Find /etc/sudoers.d/ files', 'find': {'paths': ['/etc/sudoers.d/']}, 'register': 'sudoers', 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Remove lines containing NOPASSWD from sudoers files', 'replace': {'regexp': '(^(?!#).*[\\s]+NOPASSWD[\\s]*\\:.*$)', 'replace': '# \\g<1>', 'path': '{{ item.path }}', 'validate': '/usr/sbin/visudo -cf %s'}, 'with_items': [{'path': '/etc/sudoers'}, '{{ sudoers.files }}'], 'tags': ['NIST-800-53-CM-6(a)', 'NIST-800-53-IA-11', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'restrict_strategy', 'sudo_remove_nopasswd']}, {'name': 'Ensure auditd is installed', 'package': {'name': 'auditd', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-AC-7(a)', 'NIST-800-53-AU-12(2)', 'NIST-800-53-AU-14', 'NIST-800-53-AU-2(a)', 'NIST-800-53-AU-7(1)', 'NIST-800-53-AU-7(2)', 'NIST-800-53-CM-6(a)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_audit_installed']}, {'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}, 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Enable service auditd', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service auditd', 'systemd': {'name': 'auditd', 'enabled': 'yes', 'state': 'started', 'masked': 'no'}, 'when': ['"auditd" in ansible_facts.packages']}], 'when': ['ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', '"auditd" in ansible_facts.packages'], 'tags': ['CJIS-5.4.1.1', 'NIST-800-171-3.3.1', 'NIST-800-171-3.3.2', 'NIST-800-171-3.3.6', 'NIST-800-53-AC-2(g)', 'NIST-800-53-AC-6(9)', 'NIST-800-53-AU-10', 'NIST-800-53-AU-12(c)', 'NIST-800-53-AU-14(1)', 'NIST-800-53-AU-2(d)', 'NIST-800-53-AU-3', 'NIST-800-53-CM-6(a)', 'NIST-800-53-SI-4(23)', 'PCI-DSS-Req-10.1', 'PCI-DSSv4-10.2.1', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'service_auditd_enabled']}, {'name': 'Ensure rsyslog is installed', 'package': {'name': 'rsyslog', 'state': 'present'}, 'when': 'ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]', 'tags': ['NIST-800-53-CM-6(a)', 'enable_strategy', 'low_complexity', 'low_disruption', 'medium_severity', 'no_reboot_needed', 'package_rsyslog_installed']}, {'name': 'Enable service rsyslog', 'block': [{'name': 'Gather the package facts', 'package_facts': {'manager': 'auto'}}, {'name': 'Enable service rsyslog', 'systemd': {'name': 'rsyslog', 'enabled
args[module]: sle12-playbook-cis.yml#L23353
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis.yml#L23370
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis.yml#L23387
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_server_l1.yml#L6047
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_server_l1.yml#L6064
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_server_l1.yml#L6081
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_workstation_l1.yml#L6047
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_workstation_l1.yml#L6064
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_workstation_l1.yml#L6081
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.
args[module]: sle12-playbook-cis_workstation_l2.yml#L23353
Unsupported parameters for ansible.builtin.iptables module: ipv6. Supported parameters include: action, chain, chain_management, comment, ctstate, destination, destination_port, destination_ports, dst_range, flush, fragment, gateway, gid_owner, goto, icmp_type, in_interface, ip_version, jump, limit, limit_burst, log_level, log_prefix, match, match_set, match_set_flags, out_interface, policy, protocol, reject_with, rule_num, set_counters, set_dscp_mark, set_dscp_mark_class, source, source_port, src_range, state, syn, table, tcp_flags, to_destination, to_ports, to_source, uid_owner, wait.