From c960a1d4c5a0c003f0b1ee8d13c647f1b6beb253 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 19 Jan 2024 12:04:04 -0500 Subject: [PATCH 1/5] Download issue and motd files from cisagov/ansible-role-banner Also point the hardening role to the downloaded cisagov issue and motd files. This ensures that the hardening role does not obliterate the work done by cisagov/ansible-role-banner. --- src/harden.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/harden.yml b/src/harden.yml index fbcb5ed..79d1bf0 100644 --- a/src/harden.yml +++ b/src/harden.yml @@ -4,6 +4,23 @@ become: true become_method: ansible.builtin.sudo tasks: + - name: >- + Download issue and motd files from cisagov/ansible-role-banner + ansible.builtin.get_url: + dest: /tmp/{{ item | basename }} + mode: "0644" + url: "{{ item }}" + delegate_to: localhost + loop: + - https://raw.githubusercontent.com/cisagov/ansible-role-banner/develop/files/issue + - https://raw.githubusercontent.com/cisagov/ansible-role-banner/develop/files/motd - name: Harden system - ansible.builtin.include_role: + # This role is forked from konstruktoid/ansible-role-hardening + # and we do not control the names of the role variables. This + # is the reason for the noqa comment. + ansible.builtin.include_role: # noqa var-naming[no-role-prefix] name: harden + vars: + # Point the role to the correct issue and motd templates + issue_template: /tmp/issue + motd_template: /tmp/motd From 34460f8e0cfb78e2d1ee4ef9a3961e3e7f99a154 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 19 Jan 2024 12:25:12 -0500 Subject: [PATCH 2/5] Bump version from 0.3.9 to 0.3.10 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index 771bc6e..aa4cd15 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.9" +__version__ = "0.3.10" From ab98307a78aa8f77768962d32c41765310b7487c Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 19 Jan 2024 12:25:22 -0500 Subject: [PATCH 3/5] Bump version from 0.3.10 to 0.3.10-rc.1 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index aa4cd15..fb109c5 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.10" +__version__ = "0.3.10-rc.1" From bf004a15e4080ef83b5d1b27d8058c2c96e4d854 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 22 Jan 2024 11:27:26 -0500 Subject: [PATCH 4/5] Delete local copies of issue and motd files when done with them Co-authored-by: dav3r --- src/harden.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/harden.yml b/src/harden.yml index 79d1bf0..9790664 100644 --- a/src/harden.yml +++ b/src/harden.yml @@ -24,3 +24,11 @@ # Point the role to the correct issue and motd templates issue_template: /tmp/issue motd_template: /tmp/motd + - name: Delete local copies of issue and motd files + ansible.builtin.file: + path: "{{ item }}" + state: absent + delegate_to: localhost + loop: + - /tmp/issue + - /tmp/motd From d62c37885a2f4eed78125470937f2bb048211f62 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Mon, 22 Jan 2024 12:59:53 -0500 Subject: [PATCH 5/5] Finalize version from 0.3.10-rc.1 to 0.3.10 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index fb109c5..aa4cd15 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.10-rc.1" +__version__ = "0.3.10"