From 82ba1c3d20b0eb0b6ee2204bc0402317193f1cfb Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 19 Sep 2023 12:52:10 +0100 Subject: [PATCH 1/2] updated baselines Signed-off-by: Mark Bolwell --- .config/.gitleaks-report.json | 140 +++++++++++++++++++++++++++++----- .config/.secrets.baseline | 34 +-------- 2 files changed, 121 insertions(+), 53 deletions(-) diff --git a/.config/.gitleaks-report.json b/.config/.gitleaks-report.json index 5fcadd2b..9d4353b5 100644 --- a/.config/.gitleaks-report.json +++ b/.config/.gitleaks-report.json @@ -9,15 +9,15 @@ "Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f", "File": ".config/.gitleaks-report.json", "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", "Entropy": 3.7561984, "Author": "Mark Bolwell", "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Date": "2023-09-19T11:27:57Z", + "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", "Tags": [], "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:9" + "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:9" }, { "Description": "Generic API Key", @@ -29,15 +29,15 @@ "Secret": "grub.pbkdf2.sha512.10000", "File": ".config/.gitleaks-report.json", "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", "Entropy": 3.8035088, "Author": "Mark Bolwell", "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Date": "2023-09-19T11:27:57Z", + "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", "Tags": [], "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:29" + "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:29" }, { "Description": "Generic API Key", @@ -49,15 +49,15 @@ "Secret": "4fae1797297d5c73819a504516f2de7740e4b52d", "File": ".config/.gitleaks-report.json", "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", "Entropy": 3.7898228, "Author": "Mark Bolwell", "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Date": "2023-09-19T11:27:57Z", + "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", "Tags": [], "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:49" + "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:49" }, { "Description": "Generic API Key", @@ -69,15 +69,15 @@ "Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1", "File": ".config/.gitleaks-report.json", "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", "Entropy": 3.618454, "Author": "Mark Bolwell", "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Date": "2023-09-19T11:27:57Z", + "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", "Tags": [], "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:69" + "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:69" }, { "Description": "Generic API Key", @@ -89,15 +89,15 @@ "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", "File": ".config/.gitleaks-report.json", "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", "Entropy": 3.8439426, "Author": "Mark Bolwell", "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Date": "2023-09-19T11:27:57Z", + "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", "Tags": [], "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:89" + "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:89" }, { "Description": "Generic API Key", @@ -119,6 +119,106 @@ "RuleID": "generic-api-key", "Fingerprint": "358016009cd8ec06f468d091aba4e92e984a8c4b:.config/.secrets.baseline:generic-api-key:133" }, + { + "Description": "Generic API Key", + "StartLine": 9, + "EndLine": 9, + "StartColumn": 5, + "EndColumn": 55, + "Match": "Secret\": \"0f5b530255e5a064cc73699e4fa44ba8b2ad399f\"", + "Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f", + "File": ".config/.gitleaks-report.json", + "SymlinkFile": "", + "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Entropy": 3.7561984, + "Author": "Mark Bolwell", + "Email": "mark.bollyuk@gmail.com", + "Date": "2023-09-13T11:09:38Z", + "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Tags": [], + "RuleID": "generic-api-key", + "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:9" + }, + { + "Description": "Generic API Key", + "StartLine": 29, + "EndLine": 29, + "StartColumn": 5, + "EndColumn": 39, + "Match": "Secret\": \"grub.pbkdf2.sha512.10000\"", + "Secret": "grub.pbkdf2.sha512.10000", + "File": ".config/.gitleaks-report.json", + "SymlinkFile": "", + "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Entropy": 3.8035088, + "Author": "Mark Bolwell", + "Email": "mark.bollyuk@gmail.com", + "Date": "2023-09-13T11:09:38Z", + "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Tags": [], + "RuleID": "generic-api-key", + "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:29" + }, + { + "Description": "Generic API Key", + "StartLine": 49, + "EndLine": 49, + "StartColumn": 5, + "EndColumn": 55, + "Match": "Secret\": \"4fae1797297d5c73819a504516f2de7740e4b52d\"", + "Secret": "4fae1797297d5c73819a504516f2de7740e4b52d", + "File": ".config/.gitleaks-report.json", + "SymlinkFile": "", + "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Entropy": 3.7898228, + "Author": "Mark Bolwell", + "Email": "mark.bollyuk@gmail.com", + "Date": "2023-09-13T11:09:38Z", + "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Tags": [], + "RuleID": "generic-api-key", + "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:49" + }, + { + "Description": "Generic API Key", + "StartLine": 69, + "EndLine": 69, + "StartColumn": 5, + "EndColumn": 55, + "Match": "Secret\": \"f395ee0a2d842bfcf81da0aad13591e2a9311fe1\"", + "Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1", + "File": ".config/.gitleaks-report.json", + "SymlinkFile": "", + "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Entropy": 3.618454, + "Author": "Mark Bolwell", + "Email": "mark.bollyuk@gmail.com", + "Date": "2023-09-13T11:09:38Z", + "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Tags": [], + "RuleID": "generic-api-key", + "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:69" + }, + { + "Description": "Generic API Key", + "StartLine": 89, + "EndLine": 89, + "StartColumn": 5, + "EndColumn": 55, + "Match": "Secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", + "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", + "File": ".config/.gitleaks-report.json", + "SymlinkFile": "", + "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", + "Entropy": 3.8439426, + "Author": "Mark Bolwell", + "Email": "mark.bollyuk@gmail.com", + "Date": "2023-09-13T11:09:38Z", + "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", + "Tags": [], + "RuleID": "generic-api-key", + "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:89" + }, { "Description": "Generic API Key", "StartLine": 9, diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline index 85b45d85..e043ec59 100644 --- a/.config/.secrets.baseline +++ b/.config/.secrets.baseline @@ -75,10 +75,6 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, - { - "path": "detect_secrets.filters.common.is_baseline_file", - "filename": ".config/.secrets.baseline" - }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -118,34 +114,6 @@ } ], "results": { - "defaults/main.yml": [ - { - "type": "Secret Keyword", - "filename": "defaults/main.yml", - "hashed_secret": "4fae1797297d5c73819a504516f2de7740e4b52d", - "is_verified": false, - "line_number": 480, - "is_secret": false - }, - { - "type": "Secret Keyword", - "filename": "defaults/main.yml", - "hashed_secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f", - "is_verified": false, - "line_number": 623, - "is_secret": false - } - ], - "tasks/main.yml": [ - { - "type": "Secret Keyword", - "filename": "tasks/main.yml", - "hashed_secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1", - "is_verified": false, - "line_number": 54, - "is_secret": false - } - ], "tasks/parse_etc_password.yml": [ { "type": "Secret Keyword", @@ -156,5 +124,5 @@ } ] }, - "generated_at": "2023-09-19T11:33:19Z" + "generated_at": "2023-09-19T11:51:36Z" } From 03d1b7becff5f233fbf016d9e7a4123fce181c83 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 19 Sep 2023 13:55:34 +0100 Subject: [PATCH 2/2] updated secrets Signed-off-by: Mark Bolwell --- .config/.gitleaks-report.json | 323 +--------------------------------- .config/.secrets.baseline | 17 +- .pre-commit-config.yaml | 3 +- defaults/main.yml | 4 +- tasks/main.yml | 2 +- 5 files changed, 10 insertions(+), 339 deletions(-) diff --git a/.config/.gitleaks-report.json b/.config/.gitleaks-report.json index 9d4353b5..fe51488c 100644 --- a/.config/.gitleaks-report.json +++ b/.config/.gitleaks-report.json @@ -1,322 +1 @@ -[ - { - "Description": "Generic API Key", - "StartLine": 9, - "EndLine": 9, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"0f5b530255e5a064cc73699e4fa44ba8b2ad399f\"", - "Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", - "Entropy": 3.7561984, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-19T11:27:57Z", - "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:9" - }, - { - "Description": "Generic API Key", - "StartLine": 29, - "EndLine": 29, - "StartColumn": 5, - "EndColumn": 39, - "Match": "Secret\": \"grub.pbkdf2.sha512.10000\"", - "Secret": "grub.pbkdf2.sha512.10000", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", - "Entropy": 3.8035088, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-19T11:27:57Z", - "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:29" - }, - { - "Description": "Generic API Key", - "StartLine": 49, - "EndLine": 49, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"4fae1797297d5c73819a504516f2de7740e4b52d\"", - "Secret": "4fae1797297d5c73819a504516f2de7740e4b52d", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", - "Entropy": 3.7898228, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-19T11:27:57Z", - "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:49" - }, - { - "Description": "Generic API Key", - "StartLine": 69, - "EndLine": 69, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"f395ee0a2d842bfcf81da0aad13591e2a9311fe1\"", - "Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", - "Entropy": 3.618454, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-19T11:27:57Z", - "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:69" - }, - { - "Description": "Generic API Key", - "StartLine": 89, - "EndLine": 89, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", - "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "c8f5ebf1569dd2c144653ec698e4720f63bfd563", - "Entropy": 3.8439426, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-19T11:27:57Z", - "Message": "updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c8f5ebf1569dd2c144653ec698e4720f63bfd563:.config/.gitleaks-report.json:generic-api-key:89" - }, - { - "Description": "Generic API Key", - "StartLine": 133, - "EndLine": 133, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"0f5b530255e5a064cc73699e4fa44ba8b2ad399f\"", - "Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "358016009cd8ec06f468d091aba4e92e984a8c4b", - "Entropy": 3.7561984, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-11T10:19:54Z", - "Message": "updated secrets\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "358016009cd8ec06f468d091aba4e92e984a8c4b:.config/.secrets.baseline:generic-api-key:133" - }, - { - "Description": "Generic API Key", - "StartLine": 9, - "EndLine": 9, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"0f5b530255e5a064cc73699e4fa44ba8b2ad399f\"", - "Secret": "0f5b530255e5a064cc73699e4fa44ba8b2ad399f", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", - "Entropy": 3.7561984, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:9" - }, - { - "Description": "Generic API Key", - "StartLine": 29, - "EndLine": 29, - "StartColumn": 5, - "EndColumn": 39, - "Match": "Secret\": \"grub.pbkdf2.sha512.10000\"", - "Secret": "grub.pbkdf2.sha512.10000", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", - "Entropy": 3.8035088, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:29" - }, - { - "Description": "Generic API Key", - "StartLine": 49, - "EndLine": 49, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"4fae1797297d5c73819a504516f2de7740e4b52d\"", - "Secret": "4fae1797297d5c73819a504516f2de7740e4b52d", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", - "Entropy": 3.7898228, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:49" - }, - { - "Description": "Generic API Key", - "StartLine": 69, - "EndLine": 69, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"f395ee0a2d842bfcf81da0aad13591e2a9311fe1\"", - "Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", - "Entropy": 3.618454, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:69" - }, - { - "Description": "Generic API Key", - "StartLine": 89, - "EndLine": 89, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", - "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "ccba850bbd069650698ee18c27592f0c6ccef12e", - "Entropy": 3.8439426, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-13T11:09:38Z", - "Message": "updated secrets scan\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ccba850bbd069650698ee18c27592f0c6ccef12e:.config/.gitleaks-report.json:generic-api-key:89" - }, - { - "Description": "Generic API Key", - "StartLine": 9, - "EndLine": 9, - "StartColumn": 5, - "EndColumn": 39, - "Match": "Secret\": \"grub.pbkdf2.sha512.10000\"", - "Secret": "grub.pbkdf2.sha512.10000", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e", - "Entropy": 3.8035088, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-11T09:06:43Z", - "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.gitleaks-report.json:generic-api-key:9" - }, - { - "Description": "Generic API Key", - "StartLine": 125, - "EndLine": 125, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"4fae1797297d5c73819a504516f2de7740e4b52d\"", - "Secret": "4fae1797297d5c73819a504516f2de7740e4b52d", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e", - "Entropy": 3.7898228, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-11T09:06:43Z", - "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:125" - }, - { - "Description": "Generic API Key", - "StartLine": 135, - "EndLine": 135, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"f395ee0a2d842bfcf81da0aad13591e2a9311fe1\"", - "Secret": "f395ee0a2d842bfcf81da0aad13591e2a9311fe1", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e", - "Entropy": 3.618454, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-11T09:06:43Z", - "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:135" - }, - { - "Description": "Generic API Key", - "StartLine": 145, - "EndLine": 145, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", - "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "f046ed0c486cba258a6d50e7124566a314b87c8e", - "Entropy": 3.8439426, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-09-11T09:06:43Z", - "Message": "added pre-commit setup\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "f046ed0c486cba258a6d50e7124566a314b87c8e:.config/.secrets.baseline:generic-api-key:145" - }, - { - "Description": "Generic API Key", - "StartLine": 479, - "EndLine": 479, - "StartColumn": 23, - "EndColumn": 63, - "Match": "password_hash: \"grub.pbkdf2.sha512.10000\"", - "Secret": "grub.pbkdf2.sha512.10000", - "File": "defaults/main.yml", - "SymlinkFile": "", - "Commit": "ea067d7f8f12f2a81d7b2b99449799b1fae1ae51", - "Entropy": 3.8035088, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-10T15:12:00Z", - "Message": "updated default vars\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ea067d7f8f12f2a81d7b2b99449799b1fae1ae51:defaults/main.yml:generic-api-key:479" - } -] +[] diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline index e043ec59..ad5f40df 100644 --- a/.config/.secrets.baseline +++ b/.config/.secrets.baseline @@ -109,20 +109,11 @@ { "path": "detect_secrets.filters.regex.should_exclude_file", "pattern": [ - ".config/.gitleaks-report.json" + ".config/.gitleaks-report.json", + "tasks/parse_etc_password.yml" ] } ], - "results": { - "tasks/parse_etc_password.yml": [ - { - "type": "Secret Keyword", - "filename": "tasks/parse_etc_password.yml", - "hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "is_verified": false, - "line_number": 16 - } - ] - }, - "generated_at": "2023-09-19T11:51:36Z" + "results": {}, + "generated_at": "2023-09-19T12:32:59Z" } diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 97c79434..9fa68a00 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,13 +34,14 @@ repos: hooks: - id: detect-secrets args: [ '--baseline', '.config/.secrets.baseline' ] - exclude: .config/.gitleaks-report.json + exclude: .config/.gitleaks-report.json tasks/parse_etc_password - repo: https://github.com/gitleaks/gitleaks rev: v8.17.0 hooks: - id: gitleaks args: ['--baseline-path', '.config/.gitleaks-report.json'] + exclude: .config/.secrets.baseline - repo: https://github.com/ansible-community/ansible-lint rev: v6.17.2 diff --git a/defaults/main.yml b/defaults/main.yml index 3b2b64f9..e42dfe03 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -477,7 +477,7 @@ ubtu20cis_set_grub_password: true ubtu20cis_grub_user_file: /etc/grub.d/40_custom ubtu20cis_grub_user: root ubtu20cis_grub_file: /boot/grub/grub.cfg -ubtu20cis_bootloader_password_hash: "grub.pbkdf2.sha512.10000" +ubtu20cis_bootloader_password_hash: "grub.pbkdf2.sha512.10000" # pragma: allowlist secret # Change the following value to true if you wish to be prompted to get past grub bootloader ubtu20cis_ask_passwd_to_boot: false @@ -620,7 +620,7 @@ ubtu20cis_sudo_timestamp_timeout: 15 ubtu20cis_sugroup: nosugroup # Controls 4.4.x -ubtu20cis_passwd_hash_algo: sha512 +ubtu20cis_passwd_hash_algo: sha512 # pragma: allowlist secret # pam_tally2 login options allows for audit to be removed if required ubtu20cis_pamtally2_login_opts: 'onerr=fail audit silent deny=5 unlock_time=900' diff --git a/tasks/main.yml b/tasks/main.yml index 5afb0e98..8994906f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -51,7 +51,7 @@ fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} has no password set - It can break access" success_msg: "You have a password set for sudo user {{ ansible_env.SUDO_USER }}" vars: - sudo_password_rule: ubtu20cis_rule_4_3_4 + sudo_password_rule: ubtu20cis_rule_4_3_4 # pragma: allowlist secret when: - ubtu20cis_rule_4_3_4 - ansible_env.SUDO_USER is defined