ansible-role-cis-amazon-linux
ansible-role-cis-amazon-linux copied to clipboard
Ansible role to apply CIS Amazon Linux Benchmark v2.0.0
Hello, been doing some testing on AWS linux 2 LTS and come across an issues that is stopping the image from booting. looks like the root account is getting disabled...
When I apply this role with ```yml cis_level_1_exclusions: - 5.4.4 # 5.4.4 Ensure default user umask is 027 or more restrictive - 3.4.2 # cis_hosts_allow_all_ips - 3.4.3 # 3.4.3 -...
On the latest AMI the `ansible_distribution_version` is `2`. Needed to update the `cis_target_os_versions` to support `2` for the pre-flight check to pass for the playbook to run. Task 4.1.12 Populate...
Leveraging packer to build Amazon Linux 2 ami and get the following error: amazon-ebs: TASK [anthcourtney.cis-amazon-linux : Preflight - Fail if host is not suitable for this benchmark] *** amazon-ebs:...
Currently, the role is lacking a task to make sure NTPd is enabled and started.
4.1.3 Configure grub so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Fail if below command output is...
Following #13, we should start using ansible-lint and yamllint and try to follow as closely as we can to keep with standards.
Root's PATH in Amazon Linux (and CentOS, and likely other similar distributions) by default has `/root/bin` in it, which doesn't exist: ``` [root@ip-192-168-3-209 ~]# env | grep PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin [root@ip-192-168-3-209...
@bstock92 has submitted #60. This issue is to remind us to test the changes and close when changes has been merged into master.
Hello, general question. we are having issues when one of our tools is trying to connect to the socket /var/run/docker.sock when we have applied the playbook. not 100% sure why...