Merge pull request #25 from ansible-lockdown/devel

Added Issue/PR Templates and Issue Fixes Signed-off-by: George Nalen <[email protected]>
ansible-lockdown · Sep 1, 2021 · a35f6d3 · a35f6d3
2 parents a019ff1 + 4aa8a02
commit a35f6d3
Show file tree

Hide file tree

Showing 8 changed files with 92 additions and 13 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,32 @@
+---
+name: Report Issue
+about: Create a bug issue ticket to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the Issue**
+A clear and concise description of what the bug is.
+
+**Expected Behavior**
+A clear and concise description of what you expected to happen.
+
+**Actual Behavior**
+A clear and concise description of what's happening.
+
+**Control(s) Affected**
+What controls are being affected by the issue
+
+**Environment (please complete the following information):**
+ - Ansible Version: [e.g. 2.10] 
+ - Host Python Version: [e.g. Python 3.7.6]
+ - Ansible Server Python Version: [e.g. Python 3.7.6]
+ - Additional Details:
+
+**Additional Notes**
+Anything additional goes here
+
+**Possible Solution**
+Enter a suggested fix here
diff --git a/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md b/.github/ISSUE_TEMPLATE/feature-request-or-enhancement.md
@@ -0,0 +1,21 @@
+---
+name: Feature Request or Enhancement
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Feature Request or Enhancement**
+ - Feature []
+ - Enhancement []
+
+**Summary of Request**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Suggested Code**
+Please provide any code you have in mind to fulfill the request
diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md
@@ -0,0 +1,17 @@
+---
+name: Question
+about: Ask away.......
+title: ''
+labels: question
+assignees: ''
+
+---
+
+**Question**
+Pose question here. 
+
+**Environment (please complete the following information):**
+ - Ansible Version: [e.g. 2.10] 
+ - Host Python Version: [e.g. Python 3.7.6]
+ - Ansible Server Python Version: [e.g. Python 3.7.6]
+ - Additional Details:
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+**Overall Review of Changes:**
+A general description of the changes made that are being requested for merge
+
+**Any Related Open Issues:**
+Please list any open issues this PR addresses
+
+**How has this been tested?:**
+Please give an overview of how these changes were tested. If they were not please use N/A
+
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -322,7 +322,7 @@ ubtu20cis_vsftpd_server: false
 ubtu20cis_httpd_server: false
 ubtu20cis_dovecot_server: false
 ubtu20cis_smb_server: false
-ubtu20cis_squid_server: fase
+ubtu20cis_squid_server: false
 ubtu20cis_snmp_server: false
 ubtu20cis_rsync_server: false
 ubtu20cis_nis_server: false
@@ -428,7 +428,7 @@ ubtu20cis_ntp_server_options: "iburst"
 # Control 2.1.15
 # ubtu20_cis_mail_transfer_agent is the mail transfer agent in use
 # The options are exim4, postfix or other
-ubtu20_cis_mail_transfer_agent: "other"
+# ubtu20_cis_mail_transfer_agent: "other"
 
 # Section 3 Control Variables
 # Control 3.1.2

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -37,6 +37,12 @@
       - ubtu20cis_section5_patch or
         ubtu20cis_section6_patch
 
+- name: Gather the package facts
+  package_facts:
+      manager: auto
+  tags:
+      - always
+
 - name: Include section 1 patches
   import_tasks: section_1/main.yml
   when: ubtu20cis_section1_patch

diff --git a/tasks/parse_etc_password.yml b/tasks/parse_etc_password.yml
@@ -30,11 +30,3 @@
                     \g<shell>
   tags:
       - always
-
-- name: test1
-  debug:
-      msg: "{{ ubtu20cis_passwd | json_query('uid') }}"
-
-- name: test2
-  debug:
-      msg: "{{ ubtu20cis_passwd | selectattr('uid', '>=', 1000) | map(attribute='dir') | flatten }}"
diff --git a/tasks/section_2/cis_2.1.x.yml b/tasks/section_2/cis_2.1.x.yml
@@ -397,22 +397,24 @@
             - { regexp: '^dc_mailname_in_oh', line: "dc_mailname_in_oh='true'" }
             - { regexp: '^dc_localdelivery', line: "dc_localdelivery='mail_spool'" }
         notify: restart exim4
-        when: ubtu20_cis_mail_transfer_agent == "exim4"
+        when: "'exim4' in ansible_facts.packages"
 
       - name: "AUTOMATED | 2.1.15 | PATCH | Ensure mail transfer agent is configured for local-only mode | Make changes if postfix is installed"
         lineinfile:
             path: /etc/postfix/main.cf
             regexp: '^(#)?inet_interfaces'
             line: 'inet_interfaces = loopback-only'
         notify: restart postfix
-        when: ubtu20_cis_mail_transfer_agent == "postfix"
+        when: "'postfix' in ansible_facts.packages"
 
       - name: "AUTOMATED | 2.1.15 | PATCH | Ensure mail transfer agent is configured for local-only mode | Message out other main agents"
         debug:
             msg:
                 - "Warning!! You are not using either exim4 or postfix"
                 - "Please review your vendors documentation to configure local-only mode"
-        when: ubtu20_cis_mail_transfer_agent == "other"
+        when:
+            - "'exim4' not in ansible_facts.packages"
+            - "'postfix' not in ansible_facts.packages"
   when:
       - ubtu20cis_rule_2_1_15
   tags: