ansible-role-cis-amazon-linux icon indicating copy to clipboard operation
ansible-role-cis-amazon-linux copied to clipboard

Ansible role to apply CIS Amazon Linux Benchmark v2.0.0

Results 14 ansible-role-cis-amazon-linux issues
Sort by recently updated
recently updated
newest added

Hello, been doing some testing on AWS linux 2 LTS and come across an issues that is stopping the image from booting. looks like the root account is getting disabled...

When I apply this role with ```yml cis_level_1_exclusions: - 5.4.4 # 5.4.4 Ensure default user umask is 027 or more restrictive - 3.4.2 # cis_hosts_allow_all_ips - 3.4.3 # 3.4.3 -...

On the latest AMI the `ansible_distribution_version` is `2`. Needed to update the `cis_target_os_versions` to support `2` for the pre-flight check to pass for the playbook to run. Task 4.1.12 Populate...

Leveraging packer to build Amazon Linux 2 ami and get the following error: amazon-ebs: TASK [anthcourtney.cis-amazon-linux : Preflight - Fail if host is not suitable for this benchmark] *** amazon-ebs:...

Currently, the role is lacking a task to make sure NTPd is enabled and started.

InProgress
implement

4.1.3 Configure grub so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Fail if below command output is...

InProgress
implement

Following #13, we should start using ansible-lint and yamllint and try to follow as closely as we can to keep with standards.

enhancement
InProgress
implement

Root's PATH in Amazon Linux (and CentOS, and likely other similar distributions) by default has `/root/bin` in it, which doesn't exist: ``` [root@ip-192-168-3-209 ~]# env | grep PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin [root@ip-192-168-3-209...

bug
InProgress

@bstock92 has submitted #60. This issue is to remind us to test the changes and close when changes has been merged into master.

bug
InProgress

Hello, general question. we are having issues when one of our tools is trying to connect to the socket /var/run/docker.sock when we have applied the playbook. not 100% sure why...