Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addressing issue 38 #39

Closed
wants to merge 127 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
127 commits
Select commit Hold shift + click to select a range
1376d35
Add 18.6.1, 18.6.2, 18.6.3
AnvaySingh May 17, 2022
2c17312
v1.0.0 README and meta file updates
georgenalen Jan 3, 2023
2219410
v1.0.0 section 1 updates
georgenalen Jan 3, 2023
6c9c50d
v1.0.0 section 2 updates
georgenalen Jan 4, 2023
23eb77a
v1.0.0 section 5 updates
georgenalen Jan 5, 2023
881aedb
v1.0.0 section 9 updates
georgenalen Jan 5, 2023
5da967c
v1.0.0 section 17 updates
georgenalen Jan 5, 2023
7cbdda4
v1.0.0 section 19 updates
georgenalen Jan 5, 2023
a559144
v1.0.0 section 18 updates
georgenalen Jan 9, 2023
fae5e81
fixes after testing
georgenalen Jan 9, 2023
4556884
GH workflow update
georgenalen Jan 9, 2023
b7c2b65
updated 1.2.3 variable name
georgenalen Jan 9, 2023
8587003
updated ansible vars for testing pipeline
georgenalen Jan 9, 2023
3c9fb7c
updated unnecessary comments and removed roque score mentions
georgenalen Jan 9, 2023
9c6c2da
removed misc. unneeded items and added the update galaxy workflow
georgenalen Jan 9, 2023
70ae796
really adding the galaxy update this time
georgenalen Jan 9, 2023
94182b9
updated checkout version in GH actions
georgenalen Jan 10, 2023
23c93c6
removed final SCORED reference
georgenalen Jan 10, 2023
8d49f28
Minor updates
georgenalen Jan 31, 2023
41ae4e1
sections 1 and 2 updated
georgenalen May 3, 2023
a3dca5c
updated section 17
georgenalen May 3, 2023
78fa555
updates for section 18
georgenalen May 5, 2023
4b6dd7b
Updated fqcns, workflow wording, readme, ansible-lint
georgenalen May 5, 2023
37b0626
updated yamllint
georgenalen May 5, 2023
7ef11bd
updated gitignore
georgenalen May 5, 2023
37cf69f
updated meta file
georgenalen May 5, 2023
e89503f
updates from local testing
georgenalen May 5, 2023
707c336
updated badge links
georgenalen May 8, 2023
2fdf215
fix for issue #17
georgenalen Jun 7, 2023
f188b28
Update workflows and readme -1
frederickw082922 Aug 28, 2023
2b321e9
Update workflow-1
frederickw082922 Aug 28, 2023
e233a27
Audit removal and ChangeLog update -1
frederickw082922 Aug 30, 2023
c27359b
Audit tasks update-1
frederickw082922 Aug 30, 2023
38dc1b5
Audit tasks update-2
frederickw082922 Aug 30, 2023
be6c353
Update Dafults+main update-1
frederickw082922 Aug 31, 2023
90f35d9
Update Dafults+main update-2
frederickw082922 Aug 31, 2023
d39ae36
Update Dafults+main update-3
frederickw082922 Aug 31, 2023
6c71d41
Update Dafults+main update-3
frederickw082922 Aug 31, 2023
a2331c6
Update Dafults+main update-4
frederickw082922 Aug 31, 2023
aa45ac7
Update Dafults+main update-5
frederickw082922 Aug 31, 2023
bf719e2
Update Dafults+main update-6
frederickw082922 Aug 31, 2023
4287a2a
Update Dafults+main update-7
frederickw082922 Aug 31, 2023
509da8c
Update Dafults+main update-8
frederickw082922 Aug 31, 2023
0a7737e
Update Dafults+main update-9
frederickw082922 Aug 31, 2023
bd8c928
Update Dafults+main update-10
frederickw082922 Aug 31, 2023
f37c81c
Update Defaults+main update-11
frederickw082922 Sep 1, 2023
8b022f2
Update Defaults+main update-12
frederickw082922 Sep 1, 2023
3003fff
Update Defaults+main update-13
frederickw082922 Sep 1, 2023
46a3709
Update Defaults+main update-14
frederickw082922 Sep 1, 2023
08ed359
Update Defaults+main update-15
frederickw082922 Sep 1, 2023
fffc3d3
Update Defaults+main update-16
frederickw082922 Sep 5, 2023
d18073a
Update Defaults+main update-17
frederickw082922 Sep 5, 2023
2ce1136
Update Defaults+main update-18
frederickw082922 Sep 5, 2023
03ff484
Update Defaults+main update-19
frederickw082922 Sep 5, 2023
de789cc
Update Defaults+main update-20
frederickw082922 Sep 5, 2023
e7a56e8
Update Defaults+main update-21
frederickw082922 Sep 7, 2023
1239572
Update Defaults+main update-22
frederickw082922 Sep 8, 2023
4691b12
Update sec2 removed 2.3.1.6
frederickw082922 Sep 11, 2023
aba4af0
Update discord url and Order to 18.6.4.1
frederickw082922 Sep 14, 2023
1d55c77
Update to 18.6.8.1
frederickw082922 Sep 15, 2023
d05acae
Update to 18.9.38.1
frederickw082922 Sep 15, 2023
e8c3201
Update to 19.7.7.2
frederickw082922 Sep 18, 2023
88e38b8
Update to 19.x
frederickw082922 Sep 19, 2023
d2f1269
Update to 19.x-2
frederickw082922 Sep 19, 2023
077eff2
Update to 19.x-3
frederickw082922 Sep 19, 2023
88b5e4a
Update to 19.x-4
frederickw082922 Sep 19, 2023
a5a63a1
Update import_task with file:
frederickw082922 Sep 20, 2023
d6641dd
Update Printer Spooler 5.0 to Service Module
frederickw082922 Sep 20, 2023
25acfa8
Update Printer Spooler 5.0 to Service Module-2
frederickw082922 Sep 20, 2023
b1d92fb
Update defaults/main vars -1
frederickw082922 Sep 21, 2023
4ce710e
Update ChangeLog, Readme and main/handelers
frederickw082922 Sep 21, 2023
ca0a234
Update ChangeLog and Section5x with registry-1
frederickw082922 Sep 21, 2023
b359cba
Update Section5x with service-2
frederickw082922 Sep 21, 2023
bb3ee6d
Update Section5x with service-3
frederickw082922 Sep 21, 2023
fda4b89
Typo Fixes
frederickw082922 Sep 21, 2023
286cda7
Typo Fixes-2
frederickw082922 Sep 21, 2023
8f153ab
Updated DC & MS Only titles and when statements -1
frederickw082922 Sep 25, 2023
813769e
Updated DC & MS Only titles and when statements -2
frederickw082922 Sep 25, 2023
91d4b32
Updated DC & MS Only titles and when statements -3
frederickw082922 Sep 25, 2023
fba1881
Updated DC & MS Only titles and when statements -4
frederickw082922 Sep 25, 2023
5222c6b
Updated 18x and default/main Controls with multi input based from CI…
frederickw082922 Sep 25, 2023
a141034
Updated 18x and default/main Controls with multi input based from CI…
frederickw082922 Sep 25, 2023
4df2174
Updated 18x and default/main Controls with multi input based from CI…
frederickw082922 Sep 26, 2023
50f6e26
Added DC and MS to Cloud Order for lock out controls
frederickw082922 Sep 27, 2023
a3dc0dd
Typo Fixes
frederickw082922 Sep 27, 2023
1b53550
Typo Fixes defaults/main
frederickw082922 Sep 27, 2023
b0005e4
Update DC/MS Lockout order Fix
frederickw082922 Sep 27, 2023
e55a3fc
Update sec18.7.x controls
frederickw082922 Sep 28, 2023
5691832
Update sec18.7.x controls-1
frederickw082922 Sep 28, 2023
d6dc953
Updated section 18.7.x -1
frederickw082922 Oct 3, 2023
c8159cb
Update readme and collections -1
frederickw082922 Oct 19, 2023
8f443f0
Update defaults/main Typo -1
frederickw082922 Nov 14, 2023
078d711
Update ChangeLog and Typo Fix
frederickw082922 Feb 20, 2024
3c08bd2
Update 18.3.5 and 18.3.6 var Fix
frederickw082922 Feb 21, 2024
64aa39a
Typo fix on 5.1|5.2 tag
frederickw082922 Feb 21, 2024
340e62b
Added missing GUID on 18.10.43.6.1.2
frederickw082922 Feb 21, 2024
7423e37
#27 Update correct reg value 18.6.4.3
frederickw082922 Feb 21, 2024
4fce28f
#28 update reg value fix for 18.10.43.10.2
frederickw082922 Feb 21, 2024
18a00ea
Update ChangeLog
frederickw082922 Feb 21, 2024
771f69f
Update correct reg value for 18.7.10|11
frederickw082922 Feb 21, 2024
09d17b4
Update ChangeLog based on PR26 by ai13f
frederickw082922 Feb 21, 2024
72daa94
18.7.x Tag fixes
frederickw082922 Mar 12, 2024
dbd6605
Update cloud_lockout logic
frederickw082922 Mar 14, 2024
8af827e
Update section 19 with loop and change_requires_reboot
frederickw082922 Mar 14, 2024
ba60fe8
Update handeler name to change_requires_reboot
frederickw082922 Mar 15, 2024
0d06d38
Fix 18.9.7.2 title and var
frederickw082922 Mar 15, 2024
6dacf01
Fix 18.10.89.2.2 reg value
frederickw082922 Mar 15, 2024
d2069de
Update meta
frederickw082922 Mar 18, 2024
6364571
defaults main var update
frederickw082922 Mar 18, 2024
ab04bc3
update section5 with handeler name chance
frederickw082922 Mar 18, 2024
882419d
update win_skip_for_test withe latest controls
frederickw082922 Mar 18, 2024
636dbc9
update changelog
frederickw082922 Mar 19, 2024
9d6355d
Update ChangeLog with @Mr.Steve81
frederickw082922 Mar 19, 2024
604be9c
Typo Fixes
frederickw082922 Mar 19, 2024
fb61c71
Only applies to Azure
mfortin Mar 21, 2024
b26e601
Update control 1.1.6
mfortin Mar 25, 2024
cae0c88
Fixing controls stated in issue 38
mfortin Mar 26, 2024
b6e95b3
revert
mfortin Mar 26, 2024
c1d533f
Update control 1.1.6
mfortin Mar 25, 2024
c3d0d76
revert
mfortin Mar 26, 2024
91373ec
Update section18.yml
mfortin Mar 26, 2024
95d211e
Fixing controls stated in issue 38
mfortin Mar 26, 2024
65b9a29
Addressing issue #36
mfortin Mar 26, 2024
2b11c04
test
mfortin Mar 26, 2024
0c99c0a
test
mfortin Mar 26, 2024
309f44f
Fix from #32
frederickw082922 Apr 1, 2024
ddc9819
Update ChangeLog with fix for #32
frederickw082922 Apr 1, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 18 additions & 6 deletions .ansible-lint
100755 → 100644
Original file line number Diff line number Diff line change
@@ -1,11 +1,23 @@
---

parseable: true
quiet: true
skip_list:
- '204'
- '305'
- '303'
- '403'
- '306'
- '602'
- 'schema'
- 'no-changed-when'
- 'experimental'
- 'name[casing]'
- 'name[template]'
- 'jinja[spacing]'
- 'yaml[line-length]'
- 'key-order[task]'
- 'var-naming' # Older playbook no new release
- '204'
- '208'
- '305'
- '303'
- '403'
- '306'
- '602'
use_default_rules: true
verbosity: 0
40 changes: 0 additions & 40 deletions .github/ISSUE_TEMPLATE/bug_report.md

This file was deleted.

25 changes: 0 additions & 25 deletions .github/ISSUE_TEMPLATE/feature-request-or-enhancement.md

This file was deleted.

19 changes: 0 additions & 19 deletions .github/ISSUE_TEMPLATE/question.md

This file was deleted.

15 changes: 0 additions & 15 deletions .github/pull_request_template.md

This file was deleted.

143 changes: 143 additions & 0 deletions .github/workflows/devel_pipeline_validation.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
---

# This is a basic workflow to help you get started with Actions

name: Devel Pipeline Validation

# Controls when the action will run.
# Triggers the workflow on push or pull request
# events but only for the devel branch
on: # yamllint disable-line rule:truthy
pull_request_target:
types: [opened, reopened, synchronize]
branches:
- devel
paths:
- '**.yml'
- '**.sh'
- '**.j2'
- '**.ps1'
- '**.cfg'

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
# This section contains all the jobs below that are running in the workflow.
jobs:
# This will create messages for the first time contributors and direct them to the Discord server
welcome:
# The type of runner that the job will run on.
runs-on: ubuntu-latest
steps:
- uses: actions/first-interaction@main
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
pr-message: |-
Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well.

# This workflow will run Terraform to load an instance in Azure to test the playbook against a live cloud-based instance.
playbook-test:
# The type of runner that the job will run on.
runs-on: ubuntu-latest

env:
ENABLE_DEBUG: false
# Imported as a variable by terraform.
TF_VAR_repository: ${{ github.event.repository.name }}
ARM_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }}
WIN_USERNAME: ${{ secrets.WIN_USERNAME }}
WIN_PASSWORD: ${{ secrets.WIN_PASSWORD }}

defaults:
run:
shell: bash
working-directory: .github/workflows/github_windows_IaC

# Steps represent a sequence of tasks that will be executed as part of the job.
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it.
- name: Clone ${{ github.event.repository.name }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

# Pull In Terraform Code For Windows Azure
- name: Clone github IaC plan
uses: actions/checkout@v3
with:
repository: ansible-lockdown/github_windows_IaC
path: .github/workflows/github_windows_IaC

# Sensitive Data Stored And Passed To Terraform
# Default Working Dir Defined In Defaults Above.
- name: user details
run: echo "{\"username\":\"${WIN_USERNAME}\",\"password\":\"${WIN_PASSWORD}\"}" >> sensitive_info.json

# Show the Os Var and Benchmark Type And Load
- name: DEBUG - Show IaC files
if: env.ENABLE_DEBUG == 'true'
run: |
echo "OSVAR = $OSVAR"
echo "benchmark_type = $benchmark_type"
pwd
ls
env:
# Imported from github variables this is used to load the relevant OS.tfvars file
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}

# Initialize The Terraform Working Directory
- name: Terraform_Init
id: init
run: terraform init
env:
# Imported from github variables this is used to load the relevant OS.tfvars file
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}

# Validate The Syntax Of Terraform Files
- name: Terraform_Validate
id: validate
run: terraform validate
env:
# Imported from github variables this is used to load the relevant OS.tfvars file
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}

# Execute The Actions And Build Azure Server
- name: Terraform_Apply
id: apply
env:
# Imported from github variables this is used to load the relevant OS.tfvars file
WIN_USERNAME: ${{ secrets.WIN_USERNAME }}
WIN_PASSWORD: ${{ secrets.WIN_PASSWORD }}
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
run: terraform apply -var-file "${OSVAR}.tfvars" --auto-approve

# Debug Section
- name: DEBUG - Show Ansible Hostfile
if: env.ENABLE_DEBUG == 'true'
run: cat hosts.yml

# Run the Ansible Playbook
- name: Run_Ansible_Playbook
uses: arillso/action.playbook@master
with:
playbook: site.yml
inventory: .github/workflows/github_windows_IaC/hosts.yml
galaxy_file: collections/requirements.yml
# verbose: 3
env:
ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_DEPRECATION_WARNINGS: "false"

# Destroy The Azure Test System
- name: Terraform_Destroy
if: always() && env.ENABLE_DEBUG == 'false'
env:
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
run: terraform destroy -var-file "${OSVAR}.tfvars" --auto-approve
Loading
Loading