From f122f4213510dc4dbd1ca83a5f4793a5c699798e Mon Sep 17 00:00:00 2001
From: matt <l3acon@gmail.com>
Date: Tue, 20 Feb 2024 12:26:31 -0700
Subject: [PATCH] add cjis to compliance demo

---
 linux/cjis-prerequisites.yml | 22 ++++++++++++++++++++++
 linux/compliance-enforce.yml |  5 +++++
 linux/compliance_profiles.md |  1 +
 roles/requirements.yml       |  4 ++++
 4 files changed, 32 insertions(+)
 create mode 100644 linux/cjis-prerequisites.yml

diff --git a/linux/cjis-prerequisites.yml b/linux/cjis-prerequisites.yml
new file mode 100644
index 000000000..1b080f9d8
--- /dev/null
+++ b/linux/cjis-prerequisites.yml
@@ -0,0 +1,22 @@
+---
+# The CJIS role seems to assume these packages are installed and the
+# services are started, otherwise an error is encountered.
+
+- name: Install packages
+  ansible.builtin.package:
+    name:
+      - "NetworkManager"
+      - "firewalld"
+    state: present
+
+- name: Start services
+  ansible.builtin.service:
+    name: "NetworkManager"
+    enabled: true
+    state: started
+
+- name: Start services
+  ansible.builtin.service:
+    name: "firewalld"
+    enabled: true
+    state: started
diff --git a/linux/compliance-enforce.yml b/linux/compliance-enforce.yml
index b8122e406..f0536573f 100644
--- a/linux/compliance-enforce.yml
+++ b/linux/compliance-enforce.yml
@@ -10,6 +10,11 @@
       ansible.builtin.assert:
         that: "ansible_os_family == 'RedHat'"
 
+    - name: Include prerequisites for cjis profile
+      ansible.builtin.include_tasks:
+        file: cjis-prerequisites.yml
+      when: compliance_profile == 'cjis'
+
     - name: Run Compliance Profile
       ansible.builtin.include_role:
         name: "redhatofficial.rhel{{ ansible_distribution_major_version }}_{{ compliance_profile }}"
diff --git a/linux/compliance_profiles.md b/linux/compliance_profiles.md
index 4435eaa6c..209da1d90 100644
--- a/linux/compliance_profiles.md
+++ b/linux/compliance_profiles.md
@@ -5,6 +5,7 @@ The following compliance profiles are supported by the [**Linux / Enforce Compli
 | **Profile** | **Role Repository** |
 |-------------|---------------------|
 | CIS | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cis |
+| CJIS | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cjis |
 | CUI | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cui |
 | HIPAA | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-hipaa |
 | OSPP | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-ospp |
diff --git a/roles/requirements.yml b/roles/requirements.yml
index 75eaa0ce2..56f8e267e 100644
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -3,6 +3,8 @@ roles:
   # RHEL 7 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel7_cis
     version: 0.1.69
+  - name: redhatofficial.rhel7_cjis
+    version: 0.1.69
   - name: redhatofficial.rhel7_cui
     version: 0.1.67
   - name: redhatofficial.rhel7_hipaa
@@ -16,6 +18,8 @@ roles:
   # RHEL 8 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel8_cis
     version: 0.1.69
+  - name: redhatofficial.rhel8_cjis
+    version: 0.1.69
   - name: redhatofficial.rhel8_cui
     version: 0.1.69
   - name: redhatofficial.rhel8_hipaa