diff --git a/.ansible-lint b/.ansible-lint index 057c65e0..b717f678 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,12 +6,10 @@ skip_list: - 'schema' - 'no-changed-when' - 'var-spacing' - - 'fqcn-builtins' - 'experimental' - 'name[play]' - 'name[casing]' - 'name[template]' - - 'fqcn[action]' - 'key-order[task]' - '204' - '305' diff --git a/.config/.gitleaks-report.json b/.config/.gitleaks-report.json deleted file mode 100644 index f4d917f5..00000000 --- a/.config/.gitleaks-report.json +++ /dev/null @@ -1,1002 +0,0 @@ -[ - { - "Description": "Generic API Key", - "StartLine": 119, - "EndLine": 119, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8\"", - "Secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.853056, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:119" - }, - { - "Description": "Generic API Key", - "StartLine": 127, - "EndLine": 127, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"64411efd0f0561fe4852c6e414071345c9c6432a\"", - "Secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.646039, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:127" - }, - { - "Description": "Generic API Key", - "StartLine": 135, - "EndLine": 135, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"a415ab5cc17c8c093c015ccdb7e552aee7911aa4\"", - "Secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.5221736, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:135" - }, - { - "Description": "Generic API Key", - "StartLine": 145, - "EndLine": 145, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"64411efd0f0561fe4852c6e414071345c9c6432a\"", - "Secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.646039, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:145" - }, - { - "Description": "Generic API Key", - "StartLine": 153, - "EndLine": 153, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7\"", - "Secret": "fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.5771668, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:153" - }, - { - "Description": "Generic API Key", - "StartLine": 163, - "EndLine": 163, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", - "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.8439426, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:163" - }, - { - "Description": "Generic API Key", - "StartLine": 172, - "EndLine": 172, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"274ff31a12d07c984f83f338007478f492c95c51\"", - "Secret": "274ff31a12d07c984f83f338007478f492c95c51", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.587326, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:172" - }, - { - "Description": "Generic API Key", - "StartLine": 182, - "EndLine": 182, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"3f45c5a5029cbf4183d4690573957395e85f66dd\"", - "Secret": "3f45c5a5029cbf4183d4690573957395e85f66dd", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.7551522, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:182" - }, - { - "Description": "Generic API Key", - "StartLine": 192, - "EndLine": 192, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"a30d367c7335bbdcedad98744739bf09b326df27\"", - "Secret": "a30d367c7335bbdcedad98744739bf09b326df27", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.6848295, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:192" - }, - { - "Description": "Generic API Key", - "StartLine": 202, - "EndLine": 202, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"6deb0d41b8719dbb7c65a46285ce1b8f5b4564e4\"", - "Secret": "6deb0d41b8719dbb7c65a46285ce1b8f5b4564e4", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097", - "Entropy": 3.668454, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T13:04:14Z", - "Message": "secrets baseline added\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "c974ea1afb733c3b5fa0aa4451738c06e3a6e097:.config/.secrets.baseline:generic-api-key:202" - }, - { - "Description": "Generic API Key", - "StartLine": 119, - "EndLine": 119, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"353e8061f2befecb6818ba0c034c632fb0bcae1b\"", - "Secret": "353e8061f2befecb6818ba0c034c632fb0bcae1b", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.558695, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:119" - }, - { - "Description": "Generic API Key", - "StartLine": 127, - "EndLine": 127, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"353e8061f2befecb6818ba0c034c632fb0bcae1b\"", - "Secret": "353e8061f2befecb6818ba0c034c632fb0bcae1b", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.558695, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:127" - }, - { - "Description": "Generic API Key", - "StartLine": 135, - "EndLine": 135, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"6b3c7d9027d858a09c59b981b442c936f11eecd0\"", - "Secret": "6b3c7d9027d858a09c59b981b442c936f11eecd0", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.8873262, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:135" - }, - { - "Description": "Generic API Key", - "StartLine": 143, - "EndLine": 143, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"36927a289d8550ba3d1055d9b5e1148e641cfaf7\"", - "Secret": "36927a289d8550ba3d1055d9b5e1148e641cfaf7", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.9061983, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:143" - }, - { - "Description": "Generic API Key", - "StartLine": 151, - "EndLine": 151, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"36927a289d8550ba3d1055d9b5e1148e641cfaf7\"", - "Secret": "36927a289d8550ba3d1055d9b5e1148e641cfaf7", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.9061983, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:151" - }, - { - "Description": "Generic API Key", - "StartLine": 159, - "EndLine": 159, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"a958aae73567ae14f8ab96593cbf9086a7f0c657\"", - "Secret": "a958aae73567ae14f8ab96593cbf9086a7f0c657", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.6464393, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:159" - }, - { - "Description": "Generic API Key", - "StartLine": 167, - "EndLine": 167, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"a958aae73567ae14f8ab96593cbf9086a7f0c657\"", - "Secret": "a958aae73567ae14f8ab96593cbf9086a7f0c657", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.6464393, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:167" - }, - { - "Description": "Generic API Key", - "StartLine": 175, - "EndLine": 175, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"c50c571c8ac7e21ff1b4d9e25113f6baf946e4ef\"", - "Secret": "c50c571c8ac7e21ff1b4d9e25113f6baf946e4ef", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.8037016, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:175" - }, - { - "Description": "Generic API Key", - "StartLine": 183, - "EndLine": 183, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"c50c571c8ac7e21ff1b4d9e25113f6baf946e4ef\"", - "Secret": "c50c571c8ac7e21ff1b4d9e25113f6baf946e4ef", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.8037016, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:183" - }, - { - "Description": "Generic API Key", - "StartLine": 191, - "EndLine": 191, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"0d1a728e5fa06b415885bee520ac58b10d5c643b\"", - "Secret": "0d1a728e5fa06b415885bee520ac58b10d5c643b", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.7275672, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:191" - }, - { - "Description": "Generic API Key", - "StartLine": 199, - "EndLine": 199, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"0d1a728e5fa06b415885bee520ac58b10d5c643b\"", - "Secret": "0d1a728e5fa06b415885bee520ac58b10d5c643b", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.7275672, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:199" - }, - { - "Description": "Generic API Key", - "StartLine": 207, - "EndLine": 207, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"3387d0c6d33de64323729c4113cccdeaab4403bf\"", - "Secret": "3387d0c6d33de64323729c4113cccdeaab4403bf", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.6316872, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:207" - }, - { - "Description": "Generic API Key", - "StartLine": 215, - "EndLine": 215, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"3387d0c6d33de64323729c4113cccdeaab4403bf\"", - "Secret": "3387d0c6d33de64323729c4113cccdeaab4403bf", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.6316872, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:215" - }, - { - "Description": "Generic API Key", - "StartLine": 223, - "EndLine": 223, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"d27395dcb6f29035d178c121fc348af5a65d24c6\"", - "Secret": "d27395dcb6f29035d178c121fc348af5a65d24c6", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.7964394, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:223" - }, - { - "Description": "Generic API Key", - "StartLine": 231, - "EndLine": 231, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"d27395dcb6f29035d178c121fc348af5a65d24c6\"", - "Secret": "d27395dcb6f29035d178c121fc348af5a65d24c6", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.7964394, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:231" - }, - { - "Description": "Generic API Key", - "StartLine": 239, - "EndLine": 239, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"bff32bf63ff70ada262c18e41677656438b8ffa5\"", - "Secret": "bff32bf63ff70ada262c18e41677656438b8ffa5", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.677167, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:239" - }, - { - "Description": "Generic API Key", - "StartLine": 247, - "EndLine": 247, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"bff32bf63ff70ada262c18e41677656438b8ffa5\"", - "Secret": "bff32bf63ff70ada262c18e41677656438b8ffa5", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.677167, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:247" - }, - { - "Description": "Generic API Key", - "StartLine": 340, - "EndLine": 340, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"283437dc39244b51748ab6d80c3b6efee478c23b\"", - "Secret": "283437dc39244b51748ab6d80c3b6efee478c23b", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.7659574, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:340" - }, - { - "Description": "Generic API Key", - "StartLine": 348, - "EndLine": 348, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"9a256aa1ca46eabff77d7330151942b05b311940\"", - "Secret": "9a256aa1ca46eabff77d7330151942b05b311940", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.7593408, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:348" - }, - { - "Description": "Generic API Key", - "StartLine": 356, - "EndLine": 356, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"b6d73078c1ba47753f71a1938b1977f17cf06ea9\"", - "Secret": "b6d73078c1ba47753f71a1938b1977f17cf06ea9", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.6373262, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:356" - }, - { - "Description": "Generic API Key", - "StartLine": 364, - "EndLine": 364, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"be4fc4886bd949b369d5e092eb87494f12e57e5b\"", - "Secret": "be4fc4886bd949b369d5e092eb87494f12e57e5b", - "File": ".config/.secrets.baseline", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 3.6732197, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:.config/.secrets.baseline:generic-api-key:364" - }, - { - "Description": "Generic API Key", - "StartLine": 9, - "EndLine": 9, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8\"", - "Secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.853056, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:9" - }, - { - "Description": "Generic API Key", - "StartLine": 29, - "EndLine": 29, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"64411efd0f0561fe4852c6e414071345c9c6432a\"", - "Secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.646039, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:29" - }, - { - "Description": "Generic API Key", - "StartLine": 49, - "EndLine": 49, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"a415ab5cc17c8c093c015ccdb7e552aee7911aa4\"", - "Secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.5221736, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:49" - }, - { - "Description": "Generic API Key", - "StartLine": 69, - "EndLine": 69, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"64411efd0f0561fe4852c6e414071345c9c6432a\"", - "Secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.646039, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:69" - }, - { - "Description": "Generic API Key", - "StartLine": 89, - "EndLine": 89, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7\"", - "Secret": "fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.5771668, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:89" - }, - { - "Description": "Generic API Key", - "StartLine": 109, - "EndLine": 109, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", - "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.8439426, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:109" - }, - { - "Description": "Generic API Key", - "StartLine": 129, - "EndLine": 129, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"274ff31a12d07c984f83f338007478f492c95c51\"", - "Secret": "274ff31a12d07c984f83f338007478f492c95c51", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.587326, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:129" - }, - { - "Description": "Generic API Key", - "StartLine": 149, - "EndLine": 149, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"3f45c5a5029cbf4183d4690573957395e85f66dd\"", - "Secret": "3f45c5a5029cbf4183d4690573957395e85f66dd", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.7551522, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:149" - }, - { - "Description": "Generic API Key", - "StartLine": 169, - "EndLine": 169, - "StartColumn": 5, - "EndColumn": 55, - "Match": "Secret\": \"a30d367c7335bbdcedad98744739bf09b326df27\"", - "Secret": "a30d367c7335bbdcedad98744739bf09b326df27", - "File": ".config/.gitleaks-report.json", - "SymlinkFile": "", - "Commit": "2e7917e891d54b06cdfd08d357fbdea46d2d7318", - "Entropy": 3.6848295, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:20:49Z", - "Message": "testing gitleaks\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "2e7917e891d54b06cdfd08d357fbdea46d2d7318:.config/.gitleaks-report.json:generic-api-key:169" - }, - { - "Description": "Generic API Key", - "StartLine": 119, - "EndLine": 119, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8\"", - "Secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.853056, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:119" - }, - { - "Description": "Generic API Key", - "StartLine": 127, - "EndLine": 127, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"64411efd0f0561fe4852c6e414071345c9c6432a\"", - "Secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.646039, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:127" - }, - { - "Description": "Generic API Key", - "StartLine": 135, - "EndLine": 135, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"a415ab5cc17c8c093c015ccdb7e552aee7911aa4\"", - "Secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.5221736, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:135" - }, - { - "Description": "Generic API Key", - "StartLine": 145, - "EndLine": 145, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"64411efd0f0561fe4852c6e414071345c9c6432a\"", - "Secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.646039, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:145" - }, - { - "Description": "Generic API Key", - "StartLine": 153, - "EndLine": 153, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7\"", - "Secret": "fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.5771668, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:153" - }, - { - "Description": "Generic API Key", - "StartLine": 163, - "EndLine": 163, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360\"", - "Secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.8439426, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:163" - }, - { - "Description": "Generic API Key", - "StartLine": 173, - "EndLine": 173, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"274ff31a12d07c984f83f338007478f492c95c51\"", - "Secret": "274ff31a12d07c984f83f338007478f492c95c51", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.587326, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:173" - }, - { - "Description": "Generic API Key", - "StartLine": 183, - "EndLine": 183, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"3f45c5a5029cbf4183d4690573957395e85f66dd\"", - "Secret": "3f45c5a5029cbf4183d4690573957395e85f66dd", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.7551522, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:183" - }, - { - "Description": "Generic API Key", - "StartLine": 193, - "EndLine": 193, - "StartColumn": 18, - "EndColumn": 68, - "Match": "secret\": \"a30d367c7335bbdcedad98744739bf09b326df27\"", - "Secret": "a30d367c7335bbdcedad98744739bf09b326df27", - "File": ".secrets.baseline", - "SymlinkFile": "", - "Commit": "282a531eb870309372409e616db11f049bc24787", - "Entropy": 3.6848295, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-07-04T16:26:59Z", - "Message": "secret baseline and gpg sign updated\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "generic-api-key", - "Fingerprint": "282a531eb870309372409e616db11f049bc24787:.secrets.baseline:generic-api-key:193" - }, - { - "Description": "Private Key", - "StartLine": 5098, - "EndLine": 5124, - "StartColumn": 2, - "EndColumn": 29, - "Match": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAqdL2x1I6RwW4tGN2OfZn9W/WyWunYuucqNZVlDhDt3L/7anL\nHTQa+n0/pi1OmMf7o5UTw4LUSXpfi/8qekb2J/mMx7dQdQBivcJheFJqSu3/sNag\n9B8P8Z40BWsUOetdlbE0FS+WWgujPx2OquqsDlVEyt6tftQdZNDG7XYXMr0n/8yB\noJfnoXK1PUfdoTfVHqst+ks4L7qT64bKfaJYYRxiH417CmmxCO1i1MNtidlFl4BC\nYv4YR6atOv3XyXFPc1hFwwISZmS4S63IifK1zlpHGJQ5W2DKjq/DX6Csi/63mHyE\nmdcqnUbDgrLvFfVfpwnwUNkr0jg8ZbrXZCno4wIDAQABAoIBACBZc3DclQVabajP\nGYJJEdyLBVsxCp2pTBpNWdf2L9AOM/pN0ccqWclFeo5pKwOndKPgjfc8QLwOd4zv\nemP4iINs4ghZPxZKkISdNnv5Fw5W79H70IUwNZVNEZPGpf+yeg09yDIQ8o8MkHhB\nZR/hvAyu6X/LkzkJpt/BdWNej2S2mvrPXp6AUrcGOskzzfq1K9msMI0ZfFErTWhE\nv8FyTufMiS8cMR/1WqYmoWciW2yOYGDOARciMszJfI+ZxglH9/osB9iliHmhlw4Y\nP69l/vEExLStsMBPLX1NvDDldSA6akoMYuvqOwuy06FTDyDEWbVdCli1PlAggdUO\ni4RBfAECgYEA9+Zjpe6Wz8UnkWmQITm+IVm6kQ7v0mIuqZaVzWRxzhjl2rwBfDte\nit47v+N0E+N84GxPsz+OOUMrp/hb8QHBNY0DAtzPkdj44yY5OMpucTO+nmjhDVU+\nsN43uYhHFGq6dnRkm30Zeysw/1mC/Ss2Y3gZb31cfs4m7RBhMnuBf4ECgYEAr19+\nJ8ayPgP5Z+terHCY+7qamuygrgMy3YtxmnWW5m9ZsoqQAn8usciQ1e0MsYVZllGH\nTX6+0lMN+1AeYcE/s30YRn6SSMrlyilTJA545oqefpPtImLSqcwgkbPhods6CB/F\n8p75F73rdILzErsEp9OW2xmLdd3zP6JyKGtimmMCgYAo/Pr08KIW8G4+aMnf9IAv\nW3qxiVq12m4EtFVIhJcckJlQtU05kUdshpoyfBUxRKfdI4t6A8QsS6LoPvRUwQmF\nJS+eRYw8fTeJt0Q206G3LesSnhy366RV8igckR/PjGYQN+Z6nxCbgOS1E8PIwGBZ\nyf3KpVupy8Q75j1r72fWAQKBgQCnV6/BtNAQbSpoByhn02mniwBMJM+OPG8lCBJ3\nGQ3NBSPKQn34Y/PioUfTWkdqfZxm25UIVZEwkSAeVu0myohGdW/clJpx62op5hT3\nqveixVNH5U+6KCJs8+OAJO2AzPgrGGaChT+bcBZlLy9TCDIBEt44Y7+30Pp0FkZo\nW0/TkQKBgCLZrulvwgi6wnj9FQSoNMRDdNXTT24VPM8phkH1Pq/sfaVEMB4R315g\niHx/6IkCFh+xXzNnFFzLyhrwjtWRu0hu4eLYP8Ngrs9gS6qfHacPzrCMX42gZkXs\nV5a2wdOr4RQ90vwU43UGY4XatC1QaHZOsWEV/aU1Ve8RAFkkw4FI\n-----END RSA PRIVATE KEY----", - "Secret": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAqdL2x1I6RwW4tGN2OfZn9W/WyWunYuucqNZVlDhDt3L/7anL\nHTQa+n0/pi1OmMf7o5UTw4LUSXpfi/8qekb2J/mMx7dQdQBivcJheFJqSu3/sNag\n9B8P8Z40BWsUOetdlbE0FS+WWgujPx2OquqsDlVEyt6tftQdZNDG7XYXMr0n/8yB\noJfnoXK1PUfdoTfVHqst+ks4L7qT64bKfaJYYRxiH417CmmxCO1i1MNtidlFl4BC\nYv4YR6atOv3XyXFPc1hFwwISZmS4S63IifK1zlpHGJQ5W2DKjq/DX6Csi/63mHyE\nmdcqnUbDgrLvFfVfpwnwUNkr0jg8ZbrXZCno4wIDAQABAoIBACBZc3DclQVabajP\nGYJJEdyLBVsxCp2pTBpNWdf2L9AOM/pN0ccqWclFeo5pKwOndKPgjfc8QLwOd4zv\nemP4iINs4ghZPxZKkISdNnv5Fw5W79H70IUwNZVNEZPGpf+yeg09yDIQ8o8MkHhB\nZR/hvAyu6X/LkzkJpt/BdWNej2S2mvrPXp6AUrcGOskzzfq1K9msMI0ZfFErTWhE\nv8FyTufMiS8cMR/1WqYmoWciW2yOYGDOARciMszJfI+ZxglH9/osB9iliHmhlw4Y\nP69l/vEExLStsMBPLX1NvDDldSA6akoMYuvqOwuy06FTDyDEWbVdCli1PlAggdUO\ni4RBfAECgYEA9+Zjpe6Wz8UnkWmQITm+IVm6kQ7v0mIuqZaVzWRxzhjl2rwBfDte\nit47v+N0E+N84GxPsz+OOUMrp/hb8QHBNY0DAtzPkdj44yY5OMpucTO+nmjhDVU+\nsN43uYhHFGq6dnRkm30Zeysw/1mC/Ss2Y3gZb31cfs4m7RBhMnuBf4ECgYEAr19+\nJ8ayPgP5Z+terHCY+7qamuygrgMy3YtxmnWW5m9ZsoqQAn8usciQ1e0MsYVZllGH\nTX6+0lMN+1AeYcE/s30YRn6SSMrlyilTJA545oqefpPtImLSqcwgkbPhods6CB/F\n8p75F73rdILzErsEp9OW2xmLdd3zP6JyKGtimmMCgYAo/Pr08KIW8G4+aMnf9IAv\nW3qxiVq12m4EtFVIhJcckJlQtU05kUdshpoyfBUxRKfdI4t6A8QsS6LoPvRUwQmF\nJS+eRYw8fTeJt0Q206G3LesSnhy366RV8igckR/PjGYQN+Z6nxCbgOS1E8PIwGBZ\nyf3KpVupy8Q75j1r72fWAQKBgQCnV6/BtNAQbSpoByhn02mniwBMJM+OPG8lCBJ3\nGQ3NBSPKQn34Y/PioUfTWkdqfZxm25UIVZEwkSAeVu0myohGdW/clJpx62op5hT3\nqveixVNH5U+6KCJs8+OAJO2AzPgrGGaChT+bcBZlLy9TCDIBEt44Y7+30Pp0FkZo\nW0/TkQKBgCLZrulvwgi6wnj9FQSoNMRDdNXTT24VPM8phkH1Pq/sfaVEMB4R315g\niHx/6IkCFh+xXzNnFFzLyhrwjtWRu0hu4eLYP8Ngrs9gS6qfHacPzrCMX42gZkXs\nV5a2wdOr4RQ90vwU43UGY4XatC1QaHZOsWEV/aU1Ve8RAFkkw4FI\n-----END RSA PRIVATE KEY----", - "File": "windows_test.yml", - "SymlinkFile": "", - "Commit": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3", - "Entropy": 6.024994, - "Author": "Mark Bolwell", - "Email": "mark.bollyuk@gmail.com", - "Date": "2023-08-07T09:44:49Z", - "Message": "added new secrets bvaseline\n\nSigned-off-by: Mark Bolwell \u003cmark.bollyuk@gmail.com\u003e", - "Tags": [], - "RuleID": "private-key", - "Fingerprint": "ed2977ee2c0705ae7f3b1e261fa3750b5445dee3:windows_test.yml:private-key:5098" - } -] diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline index 0a492f40..65908eb9 100644 --- a/.config/.secrets.baseline +++ b/.config/.secrets.baseline @@ -75,10 +75,6 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, - { - "path": "detect_secrets.filters.common.is_baseline_file", - "filename": ".config/.secrets.baseline" - }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -109,92 +105,15 @@ }, { "path": "detect_secrets.filters.heuristic.is_templated_secret" + }, + { + "path": "detect_secrets.filters.regex.should_exclude_file", + "pattern": [ + ".config/.gitleaks-report.json", + "tasks/parse_etc_password.yml" + ] } ], - "results": { - "defaults/main.yml": [ - { - "type": "Secret Keyword", - "filename": "defaults/main.yml", - "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", - "is_verified": false, - "line_number": 409, - "is_secret": false - }, - { - "type": "Secret Keyword", - "filename": "defaults/main.yml", - "hashed_secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "is_verified": false, - "line_number": 420, - "is_secret": false - }, - { - "type": "Secret Keyword", - "filename": "defaults/main.yml", - "hashed_secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4", - "is_verified": false, - "line_number": 421, - "is_secret": false - } - ], - "tasks/main.yml": [ - { - "type": "Secret Keyword", - "filename": "tasks/main.yml", - "hashed_secret": "64411efd0f0561fe4852c6e414071345c9c6432a", - "is_verified": false, - "line_number": 42, - "is_secret": false - }, - { - "type": "Secret Keyword", - "filename": "tasks/main.yml", - "hashed_secret": "fd5cb8a4fb773a4b2bbb5f0d85f4e48d3afbc1c7", - "is_verified": false, - "line_number": 87, - "is_secret": false - } - ], - "tasks/parse_etc_password.yml": [ - { - "type": "Secret Keyword", - "filename": "tasks/parse_etc_password.yml", - "hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360", - "is_verified": false, - "line_number": 18 - } - ], - "vars/AlmaLinux.yml": [ - { - "type": "Hex High Entropy String", - "filename": "vars/AlmaLinux.yml", - "hashed_secret": "274ff31a12d07c984f83f338007478f492c95c51", - "is_verified": false, - "line_number": 7, - "is_secret": false - } - ], - "vars/OracleLinux.yml": [ - { - "type": "Hex High Entropy String", - "filename": "vars/OracleLinux.yml", - "hashed_secret": "3f45c5a5029cbf4183d4690573957395e85f66dd", - "is_verified": false, - "line_number": 6, - "is_secret": false - } - ], - "vars/Rocky.yml": [ - { - "type": "Hex High Entropy String", - "filename": "vars/Rocky.yml", - "hashed_secret": "a30d367c7335bbdcedad98744739bf09b326df27", - "is_verified": false, - "line_number": 8, - "is_secret": false - } - ] - }, - "generated_at": "2023-08-07T15:34:05Z" + "results": {}, + "generated_at": "2023-09-25T16:05:28Z" } diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml index a4e7d48a..39af625a 100644 --- a/.github/workflows/devel_pipeline_validation.yml +++ b/.github/workflows/devel_pipeline_validation.yml @@ -27,9 +27,9 @@ repo-token: ${{ secrets.GITHUB_TOKEN }} pr-message: |- Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown! - Please join in the conversation happening on the [Discord Server](https://discord.io/ansible-lockdown) as well. + Please join in the conversation happening on the [Discord Server](https://www.lockdownenterprise.com/discord) as well. - # This workflow contains a single job which tests the playbook + # This workflow contains a single job that tests the playbook playbook-test: # The type of runner that the job will run on runs-on: ubuntu-latest @@ -44,13 +44,13 @@ steps: - name: Clone ${{ github.event.repository.name }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} # Pull in terraform code for linux servers - - name: Clone github IaC plan - uses: actions/checkout@v3 + - name: Clone GitHub IaC plan + uses: actions/checkout@v4 with: repository: ansible-lockdown/github_linux_IaC path: .github/workflows/github_linux_IaC @@ -74,7 +74,7 @@ pwd ls env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -82,7 +82,7 @@ id: init run: terraform init env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -90,7 +90,7 @@ id: validate run: terraform validate env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -111,9 +111,9 @@ # Aws deployments taking a while to come up insert sleep or playbook fails - name: Sleep for 60 seconds - run: sleep 60s + run: sleep ${{ vars.BUILD_SLEEPTIME }} - # Run the ansible playbook + # Run the Ansible playbook - name: Run_Ansible_Playbook uses: arillso/action.playbook@master with: diff --git a/.github/workflows/main_pipeline_validation.yml b/.github/workflows/main_pipeline_validation.yml index 0b149fb3..8ded7018 100644 --- a/.github/workflows/main_pipeline_validation.yml +++ b/.github/workflows/main_pipeline_validation.yml @@ -18,7 +18,7 @@ # that can run sequentially or in parallel jobs: - # This workflow contains a single job which tests the playbook + # This workflow contains a single job that tests the playbook playbook-test: # The type of runner that the job will run on runs-on: ubuntu-latest @@ -33,13 +33,13 @@ steps: - name: Clone ${{ github.event.repository.name }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} # Pull in terraform code for linux servers - - name: Clone github IaC plan - uses: actions/checkout@v3 + - name: Clone GitHub IaC plan + uses: actions/checkout@v4 with: repository: ansible-lockdown/github_linux_IaC path: .github/workflows/github_linux_IaC @@ -63,7 +63,7 @@ pwd ls env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -71,7 +71,7 @@ id: init run: terraform init env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -79,7 +79,7 @@ id: validate run: terraform validate env: - # Imported from github variables this is used to load the relvent OS.tfvars file + # Imported from GitHub variables this is used to load the relevant OS.tfvars file OSVAR: ${{ vars.OSVAR }} TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }} @@ -100,9 +100,9 @@ # Aws deployments taking a while to come up insert sleep or playbook fails - name: Sleep for 60 seconds - run: sleep 60s + run: sleep ${{ vars.BUILD_SLEEPTIME }} - # Run the ansible playbook + # Run the Ansible playbook - name: Run_Ansible_Playbook uses: arillso/action.playbook@master with: diff --git a/.github/workflows/update_galaxy.yml b/.github/workflows/update_galaxy.yml index 951a53cb..f9352800 100644 --- a/.github/workflows/update_galaxy.yml +++ b/.github/workflows/update_galaxy.yml @@ -1,11 +1,7 @@ --- -# This is a basic workflow to help you get started with Actions - name: update galaxy -# Controls when the action will run. -# Triggers the workflow on merge request events to the main branch on: push: branches: @@ -14,8 +10,10 @@ jobs: update_role: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: robertdebock/galaxy-action@master + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Action Ansible Galaxy Release ${{ github.ref_name }} + uses: ansible-actions/ansible-galaxy-action@main with: - galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} - git_branch: main + galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 350509ca..ffc67b7e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -40,7 +40,8 @@ repos: rev: v8.17.0 hooks: - id: gitleaks - args: ['--baseline-path','.config/.gitleaks-report.json'] + args: ['--baseline-path', '.config/.gitleaks-report.json'] + exclude: .config/.secrets.baseline - repo: https://github.com/ansible-community/ansible-lint rev: v6.17.2 diff --git a/Changelog.md b/Changelog.md index 35e7c310..d6f9b2e9 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,18 @@ # Changes to rhel8CIS +## 1.5.14 based on CIS v2.0.0 + +- audit updates + - pre and post and format type updates + - #323 thanks to @cobrin preserve copied audit files permissions + - python 3 only + +- journald + - #320 thanks to @bbbbaassiieeee set files even if rsyslog chosen + +- home directories files change links + - #322 thanks to @mballon + ## 1.5.13 - Improvements for workflow and new pipeline methods diff --git a/README.md b/README.md index 426bdc26..3dd2da52 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ ![followers](https://img.shields.io/github/followers/ansible-lockdown?style=social) [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/AnsibleLockdown.svg?style=social&label=Follow%20%40AnsibleLockdown)](https://twitter.com/AnsibleLockdown) -![Ansible Galaxy Quality](https://img.shields.io/ansible/quality/56380?label=Quality&&logo=ansible) ![Discord Badge](https://img.shields.io/discord/925818806838919229?logo=discord) ![Release Branch](https://img.shields.io/badge/Release%20Branch-Main-brightgreen) @@ -40,7 +39,7 @@ ### Community -Join us on our [Discord Server](https://discord.io/ansible-lockdown) to ask questions, discuss features, or just chat with other Ansible-Lockdown users. +Join us on our [Discord Server](https://www.lockdownenterprise.com/discord) to ask questions, discuss features, or just chat with other Ansible-Lockdown users. --- @@ -125,17 +124,17 @@ default : ok=270 changed=23 unreachable=0 failed=0 s - [Tower User Guide](https://docs.ansible.com/ansible-tower/latest/html/userguide/index.html) - [Ansible Community Info](https://docs.ansible.com/ansible/latest/community/index.html) - Functioning Ansible and/or Tower Installed, configured, and running. This includes all of the base Ansible/Tower configurations, needed packages installed, and infrastructure setup. -- Please read through the tasks in this role to gain an understanding of what each control is doing. Some of the tasks are disruptive and can have unintended consiquences in a live production system. Also familiarize yourself with the variables in the defaults/main.yml file. +- Please read through the tasks in this role to gain an understanding of what each control is doing. Some of the tasks are disruptive and can have unintended consequences in a live production system. Also familiarize yourself with the variables in the defaults/main.yml file. **Technical Dependencies:** RHEL/AlmaLinux/Rocky/Oracle 8 - Other versions are not supported. -- AlmaLinux/Rocky Has been tested on 8.4(enabling crypto (sections 1.10&1.11) breaks updating or installs : July 01 2021 +- AlmaLinux/Rocky Has been tested on 8.8(enabling crypto (sections 1.10 & 1.11) breaks updating or installs : July 01 2021 - Access to download or add the goss binary and content to the system if using auditing (other options are available on how to get the content to the system.) - Python3 -- Ansible 2.9+ +- Ansible 2.10+ - python-def (should be included in RHEL 8) - libselinux-python diff --git a/collections/requirements.yml b/collections/requirements.yml index 4a418efa..8ebc6180 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,8 +1,14 @@ --- collections: -- name: community.general + - name: community.general + source: https://github.com/ansible-collections/community.general + type: git -- name: community.crypto + - name: community.crypto + source: https://github.com/ansible-collections/community.crypto + type: git -- name: ansible.posix + - name: ansible.posix + source: https://github.com/ansible-collections/ansible.posix + type: git diff --git a/defaults/main.yml b/defaults/main.yml index 68ae9c1c..1af35b6f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -406,7 +406,7 @@ rhel8cis_tmp_svc: false # DO NOT USE PLAIN TEXT PASSWORDS!!!!! # The intent here is to use a password utility like Ansible Vault here rhel8cis_rh_sub_user: user -rhel8cis_rh_sub_password: password +rhel8cis_rh_sub_password: password # pragma: allowlist secret # 1.2.2 # Do you require rhnsd @@ -417,8 +417,8 @@ rhel8cis_rhnsd_required: false rhel8cis_xinetd_required: false # 1.4.1 Bootloader password -rhel8cis_bootloader_password_hash: 'grub.pbkdf2.sha512.changethispassword' -rhel8cis_bootloader_password: random +rhel8cis_bootloader_password_hash: 'grub.pbkdf2.sha512.changethispassword' # pragma: allowlist secret +rhel8cis_bootloader_password: random # pragma: allowlist secret rhel8cis_set_boot_pass: false # 1.9 patch system diff --git a/site.yml b/site.yml index c56b473f..25595339 100644 --- a/site.yml +++ b/site.yml @@ -1,5 +1,6 @@ --- -- hosts: all # noqa: name[play] +- name: Run RHEL8 CIS hardening + hosts: all become: true roles: diff --git a/tasks/main.yml b/tasks/main.yml index f2a0e863..bb93e6fb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -39,8 +39,8 @@ - name: Check rhel8cis_bootloader_password_hash variable has been changed ansible.builtin.assert: - that: rhel8cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel8cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword' - msg: "This role will not be able to run single user password commands as rhel8cis_bootloader_password_hash variable has not been set correctly" + that: rhel8cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel8cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword' # pragma: allowlist secret + msg: "This role will not be able to run single user password commands as rhel8cis_bootloader_password_hash variable has not been set correctly" # pragma: allowlist secret when: - rhel8cis_set_boot_pass - rhel8cis_rule_1_4_1 @@ -84,7 +84,7 @@ fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} has no password set - It can break access" success_msg: "You have a password set for the {{ ansible_env.SUDO_USER }} user" vars: - sudo_password_rule: rhel8cis_rule_5_3_4 + sudo_password_rule: rhel8cis_rule_5_3_4 # pragma: allowlist secret when: - rhel8cis_rule_5_3_4 - ansible_env.SUDO_USER is defined diff --git a/tasks/post_remediation_audit.yml b/tasks/post_remediation_audit.yml index af8d651f..a2280529 100644 --- a/tasks/post_remediation_audit.yml +++ b/tasks/post_remediation_audit.yml @@ -1,7 +1,7 @@ --- - name: "Post Audit | Run post_remediation {{ benchmark }} audit" - ansible.builtin.shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ post_audit_outfile }} -g {{ group_names }}" + ansible.builtin.shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path | quote }} -o {{ post_audit_outfile | quote }} -g {{ group_names | quote }}" environment: "{{ audit_run_script_environment | default ({}) }}" vars: warn: false @@ -18,7 +18,7 @@ - name: Post Audit | Capture audit data if json format block: - name: Post Audit | "capture data {{ post_audit_outfile }}" - ansible.builtin.shell: "cat {{ post_audit_outfile }}" + ansible.builtin.shell: "cat {{ post_audit_outfile | quote }}" register: post_audit changed_when: false @@ -33,7 +33,7 @@ - name: Post Audit | Capture audit data if documentation format block: - name: "Post Audit | capture data {{ post_audit_outfile }}" - ansible.builtin.shell: "tail -2 {{ post_audit_outfile }}" + ansible.builtin.shell: "tail -2 {{ post_audit_outfile | quote }}" register: post_audit changed_when: false diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml index f2bd37ef..861db222 100644 --- a/tasks/pre_remediation_audit.yml +++ b/tasks/pre_remediation_audit.yml @@ -15,19 +15,10 @@ - name: Pre Audit | If using git for content set up block: - - name: Pre Audit | Install git (rh8 python3) + - name: Pre Audit | Install git ansible.builtin.package: name: git state: present - when: ansible_distribution_major_version == '8' - - - name: Pre Audit | Install git (rh7 python2) - ansible.builtin.package: - name: git - state: present - vars: - ansible_python_interpreter: "{{ python2_bin }}" - when: ansible_distribution_major_version == '7' - name: Pre Audit | retrieve audit content files from git ansible.builtin.git: @@ -41,7 +32,7 @@ ansible.builtin.copy: src: "{{ audit_local_copy }}" dest: "{{ audit_conf_dir }}" - mode: 0644 + mode: preserve when: - audit_content == 'copy' @@ -86,7 +77,7 @@ - goss_template - name: "Pre Audit | Run pre_remediation {{ benchmark }} audit" - ansible.builtin.shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path }} -o {{ pre_audit_outfile }} -g {{ group_names }}" + ansible.builtin.shell: "{{ audit_conf_dir }}/run_audit.sh -v {{ audit_vars_path | quote }} -o {{ pre_audit_outfile | quote }} -g {{ group_names | quote }}" environment: "{{ audit_run_script_environment | default ({}) }}" vars: warn: false @@ -94,7 +85,7 @@ - name: Pre Audit | Capture audit data if json format block: - name: "Pre Audit | capture data {{ pre_audit_outfile }}" - ansible.builtin.shell: "cat {{ pre_audit_outfile }}" + ansible.builtin.shell: "cat {{ pre_audit_outfile | quote }}" changed_when: false register: pre_audit @@ -109,7 +100,7 @@ - name: Pre Audit | Capture audit data if documentation format block: - name: "Pre Audit | capture data {{ pre_audit_outfile }}" - ansible.builtin.shell: "tail -2 {{ pre_audit_outfile }}" + ansible.builtin.shell: "tail -2 {{ pre_audit_outfile | quote }}" register: pre_audit changed_when: false diff --git a/tasks/section_3/cis_3.1.x.yml b/tasks/section_3/cis_3.1.x.yml index 27c8ed88..f704a17d 100644 --- a/tasks/section_3/cis_3.1.x.yml +++ b/tasks/section_3/cis_3.1.x.yml @@ -14,7 +14,6 @@ with_items: - net.ipv6.conf.all.disable_ipv6 - net.ipv6.conf.default.disable_ipv6 - - net.ipv6.conf.lo.disable_ipv6 - name: "3.1.1 | PATCH | Verify if IPv6 is enabled on the system | disable localhost sysctl" ansible.posix.sysctl: @@ -87,7 +86,7 @@ - name: "3.1.3 | PATCH | Ensure DCCP is disabled | blacklist" ansible.builtin.lineinfile: - path: /etc/modprobe.d/CIS.conf + path: /etc/modprobe.d/blacklist.conf regexp: "^(#)?blacklist dccp(\\s|$)" line: "blacklist dccp" create: true diff --git a/tasks/section_4/cis_4.2.2.x.yml b/tasks/section_4/cis_4.2.2.x.yml index 02b7daff..269a7d01 100644 --- a/tasks/section_4/cis_4.2.2.x.yml +++ b/tasks/section_4/cis_4.2.2.x.yml @@ -6,6 +6,7 @@ state: present when: - rhel8cis_rule_4_2_2_1_1 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation @@ -27,6 +28,7 @@ - { regexp: 'TrustedCertificateFile=', line: 'TrustedCertificateFile={{ rhel8cis_journal_trustedcertificatefile }}'} when: - rhel8cis_rule_4_2_2_1_2 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation @@ -43,6 +45,7 @@ when: - rhel8cis_system_is_log_server - rhel8cis_rule_4_2_2_1_3 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation @@ -60,6 +63,7 @@ when: - not rhel8cis_system_is_log_server - rhel8cis_rule_4_2_2_1_4 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation @@ -95,6 +99,7 @@ when: "'static' not in rhel8cis_4_2_2_2_status.stdout" when: - rhel8cis_rule_4_2_2_2 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation @@ -147,6 +152,7 @@ notify: restart systemd_journal_upload when: - rhel8cis_rule_4_2_2_5 + - rhel8cis_syslog == 'journald' tags: - level1-server - level2-workstation @@ -169,6 +175,7 @@ - { regexp: '^#MaxFileSec=|^MaxFileSec=', line: 'MaxFileSec={{ rhel8cis_journald_maxfilesec }}'} when: - rhel8cis_rule_4_2_2_6 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation @@ -211,6 +218,7 @@ warn_control_id: '4.2.2.7' when: - rhel8cis_rule_4_2_2_7 + - rhel8cis_syslog == 'journald' tags: - level1-server - level1-workstation diff --git a/tasks/section_4/main.yml b/tasks/section_4/main.yml index 7fb43986..4b93685e 100644 --- a/tasks/section_4/main.yml +++ b/tasks/section_4/main.yml @@ -19,7 +19,6 @@ - name: "SECTION | 4.2.2.x| Configure journald" ansible.builtin.import_tasks: cis_4.2.2.x.yml - when: rhel8cis_syslog == 'journald' - name: "SECTION | 4.2.3 | Configure logile perms" ansible.builtin.import_tasks: cis_4.2.3.yml diff --git a/tasks/section_6/cis_6.2.x.yml b/tasks/section_6/cis_6.2.x.yml index 93131982..959457eb 100644 --- a/tasks/section_6/cis_6.2.x.yml +++ b/tasks/section_6/cis_6.2.x.yml @@ -238,7 +238,7 @@ with_items: "{{ rhel8cis_passwd | selectattr('uid', '>=', rhel8uid_interactive_uid_start | int ) | selectattr('uid', '<=', rhel8uid_interactive_uid_stop | int ) | map(attribute='dir') | list }}" - name: "6.2.9 | AUDIT | Ensure all users' home directories exist" - ansible.builtin.shell: find -H {{ item.0 | quote }} -not -type l -perm /027 + ansible.builtin.shell: find -H {{ item.0 | quote }} -type d -not -type l -perm /027 check_mode: false changed_when: rhel_08_6_2_9_patch_audit.stdout | length > 0 register: rhel_08_6_2_9_patch_audit @@ -254,7 +254,7 @@ - name: "6.2.9 | PATCH | Ensure all users' home directories exist" ansible.builtin.file: path: "{{ item.0 }}" - recurse: true + recurse: false mode: a-st,g-w,o-rwx register: rhel_08_6_2_9_patch when: @@ -327,7 +327,7 @@ register: rhel_08_6_2_11_audit - name: "6.2.11 | AUDIT | Ensure users' home directories permissions are 750 or more restrictive" - ansible.builtin.shell: find -H {{ item.0 | quote }} -not -type l -perm /027 + ansible.builtin.shell: find -H {{ item.0 | quote }} type -d -not -type l -perm /027 check_mode: false changed_when: rhel_08_6_2_11_patch_audit.stdout | length > 0 register: rhel_08_6_2_11_patch_audit @@ -345,6 +345,7 @@ path: "{{ item.0 }}" recurse: true mode: a-st,g-w,o-rwx + follow: false register: rhel_08_6_2_11_patch when: - not ansible_check_mode diff --git a/templates/etc/systemd/system/tmp.mount.j2 b/templates/etc/systemd/system/tmp.mount.j2 index 0fd570a0..2e3a1896 100644 --- a/templates/etc/systemd/system/tmp.mount.j2 +++ b/templates/etc/systemd/system/tmp.mount.j2 @@ -27,4 +27,4 @@ Options=mode=1777,strictatime,{% if rhel8cis_rule_1_1_2_2 %}nodev,{% endif %}{% # Make 'systemctl enable tmp.mount' work: [Install] -WantedBy=local-fs.target \ No newline at end of file +WantedBy=local-fs.target diff --git a/vars/AlmaLinux.yml b/vars/AlmaLinux.yml index 98f4b8e2..7c7ea872 100644 --- a/vars/AlmaLinux.yml +++ b/vars/AlmaLinux.yml @@ -4,4 +4,4 @@ rpm_gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux rpm_packager: "AlmaLinux Packaging Team" # found on https://wiki.almalinux.org/cloud/Generic-cloud.html#download-and-verification note lower cas -rpm_key: "51d6647ec21ad6ea" +rpm_key: "51d6647ec21ad6ea" # pragma: allowlist secret diff --git a/vars/CentOS.yml b/vars/CentOS.yml index 1249109e..dc0648db 100644 --- a/vars/CentOS.yml +++ b/vars/CentOS.yml @@ -5,4 +5,4 @@ rpm_gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-{{ ansible_distribution | lower }}offi rpm_packager: "The CentOS Project" # found on https://www.centos.org/keys/ -rpm_key: "8483C65D" +rpm_key: "8483C65D" # pragma: allowlist secret diff --git a/vars/OracleLinux.yml b/vars/OracleLinux.yml index 6f67c0fa..af619a0e 100644 --- a/vars/OracleLinux.yml +++ b/vars/OracleLinux.yml @@ -3,4 +3,4 @@ rpm_gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle rpm_packager: "(none)" -rpm_key: "82562ea9ad986da3" +rpm_key: "82562ea9ad986da3" # pragma: allowlist secret diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 7b5e7d13..00c7615b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -4,4 +4,4 @@ rpm_gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-{{ ansible_distribution | lower }}-rel rpm_packager: "Red Hat, Inc" # found on https://access.redhat.com/security/team/key/ -rpm_key: "199e2f91fd431d51" +rpm_key: "199e2f91fd431d51" # pragma: allowlist secret diff --git a/vars/Rocky.yml b/vars/Rocky.yml index 270d5a9a..c20716f8 100644 --- a/vars/Rocky.yml +++ b/vars/Rocky.yml @@ -5,4 +5,4 @@ rpm_gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial rpm_packager: "infrastructure@rockylinux.org" # found on https://rockylinux.org/keys/ note lower case -rpm_key: "15af5dac6d745a60" +rpm_key: "15af5dac6d745a60" # pragma: allowlist secret