Closed bbaassssiiee closed 7 months ago
Overall Review of Changes: We like control over PermitRootLogin and X11Forwarding. We should also fix the config files created by the installer.
PermitRootLogin
X11Forwarding
How has this been tested?:
--- - name: Security Audit hosts: all become: true gather_facts: true pre_tasks: - name: Install packages ansible.builtin.package: state: present name: - openscap-scanner - scap-security-guide post_tasks: - name: Run CIS oscap scan and create /tmp/report.html ansible.builtin.command: oscap xccdf eval --profile cis \ --report /tmp/report.html \ /usr/share/xml/scap/ssg/content/ssg-almalinux9-ds.xml changed_when: true no_log: false register: scan_return failed_when: scan_return.stdout is not defined - name: Set permissions ansible.builtin.file: path: /tmp/report.html owner: "{{ ansible_ssh_user }}" mode: '0600'
I used the wrong branch for the PR.
Overall Review of Changes: We like control over
PermitRootLogin
andX11Forwarding
. We should also fix the config files created by the installer.Issue Fixes:
Enhancements:
How has this been tested?: