Merge pull request #53 from ansible-lockdown/devel

Added Issue/PR Templates and Issue Fixes Signed-off-by: George Nalen <[email protected]>
ansible-lockdown · Sep 1, 2021 · e8cb36b · e8cb36b
2 parents 27d0c64 + a47129c
commit e8cb36b
Show file tree

Hide file tree

Showing 11 changed files with 94 additions and 13 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,32 @@
+---
+name: Report Issue
+about: Create a bug issue ticket to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the Issue**
+A clear and concise description of what the bug is.
+
+**Expected Behavior**
+A clear and concise description of what you expected to happen.
+
+**Actual Behavior**
+A clear and concise description of what's happening.
+
+**Control(s) Affected**
+What controls are being affected by the issue
+
+**Environment (please complete the following information):**
+ - Ansible Version: [e.g. 2.10] 
+ - Host Python Version: [e.g. Python 3.7.6]
+ - Ansible Server Python Version: [e.g. Python 3.7.6]
+ - Additional Details:
+
+**Additional Notes**
+Anything additional goes here
+
+**Possible Solution**
+Enter a suggested fix here
diff --git a/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md b/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
@@ -0,0 +1,21 @@
+---
+name: Feature Request or Enhancement
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Feature Request or Enhancement**
+ - Feature []
+ - Enhancement []
+
+**Summary of Request**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Suggested Code**
+Please provide any code you have in mind to fulfill the request
diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md
@@ -0,0 +1,17 @@
+---
+name: Question
+about: Ask away.......
+title: ''
+labels: question
+assignees: ''
+
+---
+
+**Question**
+Pose question here. 
+
+**Environment (please complete the following information):**
+ - Ansible Version: [e.g. 2.10] 
+ - Host Python Version: [e.g. Python 3.7.6]
+ - Ansible Server Python Version: [e.g. Python 3.7.6]
+ - Additional Details:
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+**Overall Review of Changes:**
+A general description of the changes made that are being requested for merge
+
+**Any Related Open Issues:**
+Please list any open issues this PR addresses
+
+**How as this been tested?:**
+Please give an overview of how these changes were tested. If they were not please use N/A
+
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -421,14 +421,6 @@ ubtu18cis_time_synchronization_servers:
     - 2.pool.ntp.org
     - 3.pool.ntp.org
 
-# Control 2.1.15
-# ubtu18cis_mail_server_type is the type of mail server in use
-# This control only automates exim4 or postfix, please address other mail servers manually
-# The values for this var are 'exim4' or 'postfix'
-ubtu18cis_mail_server_type: 'exim4'
-
-
-
 # Section 3 Control Variables
 # Control 3.3.2
 # values for the /etc/hosts.allow file for IP addresses permitted to connect to the host.

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -32,6 +32,12 @@
       - ubtu18cis_section5_patch or
         ubtu18cis_section6_patch
 
+- name: Gather the package facts
+  package_facts:
+      manager: auto
+  tags:
+      - always
+
 - name: Include section 1 patches
   include: section_1/main.yml
   when: ubtu18cis_section1_patch

diff --git a/tasks/section_1/main.yml b/tasks/section_1/main.yml
@@ -2,7 +2,7 @@
 - name: "SECTION | 1.1 | Disable Unused Filesystems"
   include: cis_1.1.x.yml
 
-- name: "SECTION | 1.2 | Cofnigure Software Updates"
+- name: "SECTION | 1.2 | Configure Software Updates"
   include: cis_1.2.x.yml
 
 - name: "SECTION | 1.3. | Filesystem Integrity Checking"

diff --git a/tasks/section_2/cis_2.1.x.yml b/tasks/section_2/cis_2.1.x.yml
@@ -343,7 +343,7 @@
             regexp: '^(#)?inet_interfaces'
             line: 'inet_interfaces = loopback-only'
         notify: restart postfix
-        when: ubtu18cis_mail_server_type == "postfix"
+        when: "'postfix' in ansible_facts.packages"
 
       - name: "AUTOMATED | 2.1.15 | PATCH | Ensure mail transfer agent is configured for local-only mode | for exim4"
         lineinfile:
@@ -363,7 +363,7 @@
             - { regexp: '^dc_hide_mailname=', line: dc_hide_mailname='' }
             - { regexp: '^dc_mailname_in_oh=', line: dc_mailname_in_oh='true' }
             - { regexp: '^dc_localdelivery=', line: dc_localdelivery='mail_spool' }
-        when: ubtu18cis_mail_server_type == "exim4"
+        when: "'exim4' in ansible_facts.packages"
   when:
       - ubtu18cis_rule_2_1_15
       - ubtu18cis_mail_server
@@ -379,6 +379,7 @@
   apt:
       name: rsync
       state: absent
+      purge: yes
   when:
       - ubtu18cis_rule_2_1_16
       - not ubtu18cis_rsync_server

diff --git a/tasks/section_5/cis_5.5.1.x.yml b/tasks/section_5/cis_5.5.1.x.yml
@@ -128,7 +128,7 @@
             - ubtu18cis_disruption_high
             - ubtu18cis_5_5_1_5_user_list.stdout | length > 0
   when:
-      - ubtu18cis_rule_5_4_1_5
+      - ubtu18cis_rule_5_5_1_5
   tags:
       - level1-server
       - level1-workstation

diff --git a/tasks/section_5/main.yml b/tasks/section_5/main.yml
@@ -11,7 +11,10 @@
 - name: "SECTION | 5.4.x | User PAM"
   include: cis_5.4.x.yml
 
-- name: "SECTION | 5.5.x | User Accounts and Enironment"
+- name: "SECTION | 5.5.1.x | User Accounts and Enironment part 1"
+  include: cis_5.5.1.x.yml
+
+- name: "SECTION | 5.5.x | User Accounts and Enironment part 2"
   include: cis_5.5.x.yml
 
 - name: "SECTION | 5.6 | Ensure root login is restricted to system console"