CIS 1.1.0

• lint files updated
• ansible version updated
• Lots of lint and standardisation changes
• fqcn
• Assertions for root and grub passwords
• Import tasks to allow tags to be used
• Warnings made standard
• warn count feature added
• workflow updates
• wireless interface discovery
• idempotency checks and updates

reboot variable changed from ubtu20_skip_reboot to skip_reboot (still default true)

Remediate portion

Issues and PRs address

• #1 set bootloader pwd - Allowed unrestricted by default but set new variables

  • Added extra variable options ubtu20cis_set_grub_password and ubtu20cis_set_root_password (defaults true)

• #2 Ensure locks for failed attempts

• #3 root path integrity

• thanks to @vbotka

  • #63 parse_etc_password

• thanks to @makefu

  • #67 UFW incoming firewall ports (optional)

• thanks to @CFoltin

  • #68 logrotate alignment
  • #69 stop rule overwrite UFW

• thanks to @hackery

  • #70 TMOUT stops being repeated

Many improvements on multiple controls
Remediate and audit version now match. When using remediate will pull in latest version of audit for that release.

Audit

• updated goss version used
• aligned new variables with audit
• audit path used now default to /opt from /var/tmp

What's Changed

• Yamllint Check, Ansible-lint Chek, Module Updates, Bug #73&80 Fixed, Included FIX PR #81 by @MrSteve81 in #83
• Installing chrony removes systemd timesyncd by @kdebisschop in #79
• Issue 84 addressed by @uk-bolly in #85
• Ufw optional by @uk-bolly in #86
• Release to main branch by @uk-bolly in #87

New Contributors

• @MrSteve81 made their first contribution in #83
• @kdebisschop made their first contribution in #79

Full Changelog: v1.1.2...V1.1.3