added 2.1.1 and 2.1.2

Signed-off-by: George Nalen <[email protected]>
ansible-lockdown · Aug 24, 2020 · 44d5f18 · 44d5f18
1 parent dc97350
commit 44d5f18
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 6 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -104,6 +104,33 @@ ubtu18cis_rule_1_8_1_6: true
 ubtu18cis_rule_1_8_2: true
 ubtu18cis_rule_1_9: true
 
+# Section 2 Fixes
+# Section 2 is Services (inetd, special purpose, and service clients)
+ubtu18cis_rule_2_1_1: true
+ubtu18cis_rule_2_1_2: true
+ubtu18cis_rule_2_2_1: true
+ubtu18cis_rule_2_2_2: true
+ubtu18cis_rule_2_2_3: true
+ubtu18cis_rule_2_2_4: true
+ubtu18cis_rule_2_2_5: true
+ubtu18cis_rule_2_2_6: true
+ubtu18cis_rule_2_2_7: true
+ubtu18cis_rule_2_2_8: true
+ubtu18cis_rule_2_2_9: true
+ubtu18cis_rule_2_2_10: true
+ubtu18cis_rule_2_2_11: true
+ubtu18cis_rule_2_2_12: true
+ubtu18cis_rule_2_2_13: true
+ubtu18cis_rule_2_2_14: true
+ubtu18cis_rule_2_2_15: true
+ubtu18cis_rule_2_2_16: true
+ubtu18cis_rule_2_2_17: true
+ubtu18cis_rule_2_3_1: true
+ubtu18cis_rule_2_3_2: true
+ubtu18cis_rule_2_3_3: true
+ubtu18cis_rule_2_3_4: true
+ubtu18cis_rule_2_3_5: true
+
 # Service configuration variables, set to true to keep service
 ubtu18cis_allow_autofs: false
 ubtu18cis_allow_usb_storage: false

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -34,11 +34,11 @@
   tags:
       - section1
 
-# - name: Include section 2 patches
-#   import_tasks: section2.yml
-#   when: ubtu18cis_section2_patch | bool
-#   tags:
-#       - section2
+- name: Include section 2 patches
+  import_tasks: section2.yml
+  when: ubtu18cis_section2_patch | bool
+  tags:
+      - section2
 
 # - name: Include section 3 patches
 #   import_tasks: section3.yml

diff --git a/tasks/section1.yml b/tasks/section1.yml
@@ -993,4 +993,18 @@
       - scored
       - patch
       - rule_1.8.2
-      - banner
+      - banner
+
+- name: "NOTSCORED | 1.9 | PATCH | Ensure updates, patches, and additional security software are installed"
+  apt:
+      name: "*"
+      state: latest
+  when:
+      - ubtu18cis_rule_1_9
+  tags:
+      - level1-server
+      - level1-workstation
+      - notscored
+      - patch
+      - rule_1.9
+      - patching
diff --git a/tasks/section2.yml b/tasks/section2.yml
@@ -0,0 +1,28 @@
+---
+- name: "SCORED | 2.1.1 | PATCH | Ensure xinetd is not installed"
+  apt:
+      name: xinetd
+      state: absent
+  when:
+      - ubtu18cis_rule_2_1_1
+  tags:
+      - level1-server
+      - level1-workstation
+      - scored
+      - patch
+      - rule_2.1.1
+      - xinetd
+
+- name: "SCORED | 2.1.2 | PATCH | Ensure openbsd-inetd is not installed"
+  apt:
+      name: openbsd-inetd
+      state: absent
+  when:
+      - ubtu18cis_rule_2_1_2
+  tags:
+      - level1-server
+      - level1-workstation
+      - scored
+      - patch
+      - rule_2.1.2
+      - openbsd-inetd