linting and spacing

Signed-off-by: Mark Bolwell <[email protected]>

.gitattributes

@@ -3,4 +3,4 @@
 *.yml linguist-detectable=true
 *.ps1 linguist-detectable=true
 *.j2 linguist-detectable=true
-*.md linguist-documentation
+*.md linguist-documentation

.github/workflows/github_vars.tfvars

@@ -1,7 +1,7 @@
 // github_actions variables
 // Resourced in github_networks.tf
 // Declared in variables.tf
-// 
+//
 
 namespace         = "Ansible_Lockdown_GH_PR_Actions"
 environment       = "Ansible_Lockdown_GH_PR_Pipeline"

templates/ansible_vars_goss.yml.j2

@@ -1,7 +1,7 @@
 ## metadata for Audit benchmark
 benchmark_version: '2.1.0'
 
-# Some audit tests may need to scan every filesystem or have an impact on a system 
+# Some audit tests may need to scan every filesystem or have an impact on a system
 # these may need be scheduled to minimise impact also ability to set a timeout if taking too long
 run_heavy_tests: {{ audit_run_heavy_tests }}
 timeout_ms: {{ audit_cmd_timeout }}

templates/audit/ubtu18cis_4_1_10_access.rules.j2

@@ -4,4 +4,3 @@
 -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
 -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access
 {% endif %}
-

templates/audit/ubtu18cis_4_1_11_privileged.rules.j2

@@ -1,4 +1,3 @@
-{% for proc in priv_procs.stdout_lines -%} 
+{% for proc in priv_procs.stdout_lines -%}
 -a always,exit -F path={{ proc }} -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
 {% endfor %}
-

templates/audit/ubtu18cis_4_1_12_audit.rules.j2

@@ -2,4 +2,3 @@
 {% if ansible_architecture == 'x86_64' -%}
 -a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts
 {% endif %}
-

templates/audit/ubtu18cis_4_1_13_delete.rules.j2

@@ -2,4 +2,3 @@
 {% if ansible_architecture == 'x86_64' -%}
 -a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete
 {% endif %}
-

templates/audit/ubtu18cis_4_1_14_scope.rules.j2

@@ -1,3 +1,2 @@
 -w /etc/sudoers -p wa -k scope
 -w /etc/sudoers.d/ -p wa -k scope
-

templates/audit/ubtu18cis_4_1_15_actions.rules.j2

@@ -2,4 +2,3 @@
 {% if ansible_architecture == 'x86_64' -%}
 -a always,exit -F arch=b64 -C euid!=uid -F euid=0 -F auid>=1000 -F auid!=4294967295 -S execve -k actions
 {% endif %}
-

templates/audit/ubtu18cis_4_1_16_modules.rules.j2

@@ -7,4 +7,3 @@
 {% if ansible_architecture == 'x86_64' -%}
 -a always,exit -F arch=b64 -S init_module -S delete_module -k modules
 {% endif %}
-

templates/audit/ubtu18cis_4_1_17_99finalize.rules.j2

@@ -1,2 +1 @@
 -e 2
-

templates/audit/ubtu18cis_4_1_3_timechange.rules.j2

@@ -5,4 +5,3 @@
 -a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
 -a always,exit -F arch=b64 -S clock_settime -k time-change
 {% endif %}
-

templates/audit/ubtu18cis_4_1_4_identity.rules.j2

@@ -3,4 +3,3 @@
 -w /etc/gshadow -p wa -k identity
 -w /etc/shadow -p wa -k identity
 -w /etc/security/opasswd -p wa -k identity
-

templates/audit/ubtu18cis_4_1_5_systemlocale.rules.j2

@@ -6,4 +6,3 @@
 -w /etc/issue.net -p wa -k system-locale
 -w /etc/hosts -p wa -k system-locale
 -w /etc/network -p wa -k system-locale
-

templates/audit/ubtu18cis_4_1_6_macpolicy.rules.j2

@@ -1,3 +1,2 @@
 -w /etc/apparmor/ -p wa -k MAC-policy
 -w /etc/apparmor.d/ -p wa -k MAC-policy
-

templates/audit/ubtu18cis_4_1_7_logins.rules.j2

@@ -1,4 +1,3 @@
 -w /var/log/faillog -p wa -k logins
 -w /var/log/lastlog -p wa -k logins
 -w /var/log/tallylog -p wa -k logins
-

templates/audit/ubtu18cis_4_1_8_session.rules.j2

@@ -1,4 +1,3 @@
 -w /var/run/utmp -p wa -k session
 -w /var/log/wtmp -p wa -k logins
 -w /var/log/btmp -p wa -k logins
-

templates/audit/ubtu18cis_4_1_9_permmod.rules.j2

@@ -6,4 +6,3 @@
 -a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod
 -a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod
 {% endif %}
-

templates/ntp.conf.j2

@@ -65,4 +65,4 @@ restrict source notrap nomodify noquery
 #fudge 127.127.8.1 time1 0.0042        # relative to PPS for my hardware
 
 #server 127.127.22.1                   # ATOM(PPS)
-#fudge 127.127.22.1 flag3 1            # enable PPS API
+#fudge 127.127.22.1 flag3 1            # enable PPS API

templates/ubtu18cis_4_1_3_timechange64.rules.j2

@@ -2,4 +2,4 @@
 -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
 -a always,exit -F arch=b64 -S clock_settime -k time-change
 -a always,exit -F arch=b32 -S clock_settime -k time-change
--w /etc/localtime -p wa -k time-change
+-w /etc/localtime -p wa -k time-change