Merge pull request #91 from ansible-lockdown/cis_2.0.1

Cis 2.0.1 release
ansible-lockdown · Sep 13, 2023 · 17c7401 · 17c7401
2 parents 4c02b43 + f0e2e67
commit 17c7401
Show file tree

Hide file tree

Showing 118 changed files with 5,735 additions and 4,260 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,14 +1,18 @@
+---
+
 parseable: true
 quiet: true
 skip_list:
     - 'schema'
     - 'no-changed-when'
     - 'var-spacing'
+    - 'fqcn-builtins'
     - 'experimental'
     - 'name[play]'
     - 'name[casing]'
     - 'name[template]'
     - 'fqcn[action]'
+    - 'key-order[task]'
     - '204'
     - '305'
     - '303'

diff --git a/.config/.gitleaks-report.json b/.config/.gitleaks-report.json
@@ -0,0 +1,122 @@
+[
+ {
+  "Description": "Generic API Key",
+  "StartLine": 133,
+  "EndLine": 133,
+  "StartColumn": 18,
+  "EndColumn": 68,
+  "Match": "secret\": \"0f5b530255e5a064cc73699e4fa44ba8b2ad399f\"",
+  "Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f",
+  "File": ".config/.secrets.baseline",
+  "SymlinkFile": "",
+  "Commit": "358016009cd8ec06f468d091aba4e92e984a8c4b",
+  "Entropy": 3.7561984,
+  "Author": "Mark Bolwell",
+  "Email": "[email protected]",
+  "Date": "2023-09-11T10:19:54Z",
+  "Message": "updated secrets\n\nSigned-off-by: Mark Bolwell \u003c[email protected]\u003e",
+  "Tags": [],
+  "RuleID": "generic-api-key",
+  "Fingerprint": "358016009cd8ec06f468d091aba4e92e984a8c4b:.config/.secrets.baseline:generic-api-key:133"
+ },
+ {
+  "Description": "Generic API Key",
+  "StartLine": 9,
+  "EndLine": 9,
+  "StartColumn": 5,
+  "EndColumn": 39,
+  "Match": "Secret\": \"grub.pbkdf2.sha512.10000\"",
+  "Secret": "grub.pbkdf2.sha512.10000",
+  "File": ".config/.gitleaks-report.json",
+  "SymlinkFile": "",
+  "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
+  "Entropy": 3.8035088,
+  "Author": "Mark Bolwell",
+  "Email": "[email protected]",
+  "Date": "2023-09-11T09:06:43Z",
+  "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003c[email protected]\u003e",
+  "Tags": [],
+  "RuleID": "generic-api-key",
+  "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.gitleaks-report.json:generic-api-key:9"
+ },
+ {
+  "Description": "Generic API Key",
+  "StartLine": 125,
+  "EndLine": 125,
+  "StartColumn": 18,
+  "EndColumn": 68,
+  "Match": "secret\": \"4fae1797297d5c73819a504516f2de7740e4b52d\"",
+  "Secret": "4fae1797297d5c73819a504516f2de7740e4b52d",
+  "File": ".config/.secrets.baseline",
+  "SymlinkFile": "",
+  "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
+  "Entropy": 3.7898228,
+  "Author": "Mark Bolwell",
+  "Email": "[email protected]",
+  "Date": "2023-09-11T09:06:43Z",
+  "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003c[email protected]\u003e",
+  "Tags": [],
+  "RuleID": "generic-api-key",
+  "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:125"
+ },
+ {
+  "Description": "Generic API Key",
+  "StartLine": 135,
+  "EndLine": 135,
+  "StartColumn": 18,
+  "EndColumn": 68,
+  "Match": "secret\": \"f395ee0a2d842bfcf81da0aad13591e2a9311fe1\"",
+  "Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1",
+  "File": ".config/.secrets.baseline",
+  "SymlinkFile": "",
+  "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
+  "Entropy": 3.618454,
+  "Author": "Mark Bolwell",
+  "Email": "[email protected]",
+  "Date": "2023-09-11T09:06:43Z",
+  "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003c[email protected]\u003e",
+  "Tags": [],
+  "RuleID": "generic-api-key",
+  "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:135"
+ },
+ {
+  "Description": "Generic API Key",
+  "StartLine": 145,
+  "EndLine": 145,
+  "StartColumn": 18,
+  "EndColumn": 68,
+  "Match": "secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"",
+  "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
+  "File": ".config/.secrets.baseline",
+  "SymlinkFile": "",
+  "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e",
+  "Entropy": 3.8439426,
+  "Author": "Mark Bolwell",
+  "Email": "[email protected]",
+  "Date": "2023-09-11T09:06:43Z",
+  "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003c[email protected]\u003e",
+  "Tags": [],
+  "RuleID": "generic-api-key",
+  "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:145"
+ },
+ {
+  "Description": "Generic API Key",
+  "StartLine": 479,
+  "EndLine": 479,
+  "StartColumn": 23,
+  "EndColumn": 63,
+  "Match": "password_hash: \"grub.pbkdf2.sha512.10000\"",
+  "Secret": "grub.pbkdf2.sha512.10000",
+  "File": "defaults/main.yml",
+  "SymlinkFile": "",
+  "Commit": "ea067d7f8f12f2a81d7b2b99449799b1fae1ae51",
+  "Entropy": 3.8035088,
+  "Author": "Mark Bolwell",
+  "Email": "[email protected]",
+  "Date": "2023-07-10T15:12:00Z",
+  "Message": "updated default vars\n\nSigned-off-by: Mark Bolwell \u003c[email protected]\u003e",
+  "Tags": [],
+  "RuleID": "generic-api-key",
+  "Fingerprint": "ea067d7f8f12f2a81d7b2b99449799b1fae1ae51:defaults/main.yml:generic-api-key:479"
+ }
+]
diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline
@@ -0,0 +1,153 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_file",
+      "pattern": [
+        ".config/.gitleaks-report.json"
+      ]
+    }
+  ],
+  "results": {
+    "defaults/main.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": "defaults/main.yml",
+        "hashed_secret": "4fae1797297d5c73819a504516f2de7740e4b52d",
+        "is_verified": false,
+        "line_number": 480
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "defaults/main.yml",
+        "hashed_secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f",
+        "is_verified": false,
+        "line_number": 623
+      }
+    ],
+    "tasks/main.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tasks/main.yml",
+        "hashed_secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1",
+        "is_verified": false,
+        "line_number": 54
+      }
+    ],
+    "tasks/parse_etc_password.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tasks/parse_etc_password.yml",
+        "hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
+        "is_verified": false,
+        "line_number": 16
+      }
+    ]
+  },
+  "generated_at": "2023-09-13T11:09:17Z"
+}
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
diff --git a/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md b/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
diff --git a/.github/workflows/OS.tfvars b/.github/workflows/OS.tfvars