ansible-lockdown · uk-bolly · Sep 21, 2023 · Sep 20, 2023 · Sep 20, 2023 · Sep 20, 2023
diff --git a/.ansible-lint b/.ansible-lint
@@ -6,12 +6,10 @@ skip_list:
     - 'schema'
     - 'no-changed-when'
     - 'var-spacing'
-    - 'fqcn-builtins'
     - 'experimental'
     - 'name[play]'
     - 'name[casing]'
     - 'name[template]'
-    - 'fqcn[action]'
     - 'key-order[task]'
     - '204'
     - '305'

diff --git a/.config/.secrets.baseline b/.config/.secrets.baseline
@@ -109,20 +109,11 @@
     {
       "path": "detect_secrets.filters.regex.should_exclude_file",
       "pattern": [
-        ".config/.gitleaks-report.json"
+        ".config/.gitleaks-report.json",
+        "tasks/parse_etc_password.yml"
       ]
     }
   ],
-  "results": {
-    "tasks/parse_etc_password.yml": [
-      {
-        "type": "Secret Keyword",
-        "filename": "tasks/parse_etc_password.yml",
-        "hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
-        "is_verified": false,
-        "line_number": 18
-      }
-    ]
-  },
-  "generated_at": "2023-09-15T15:29:37Z"
+  "results": {},
+  "generated_at": "2023-09-20T16:18:57Z"
 }
diff --git a/.gitattributes b/.gitattributes
@@ -3,4 +3,4 @@
 *.yml linguist-detectable=true
 *.ps1 linguist-detectable=true
 *.j2 linguist-detectable=true
-*.md linguist-documentation
+*.md linguist-documentation
diff --git a/.github/workflows/github_vars.tfvars b/.github/workflows/github_vars.tfvars
@@ -1,7 +1,7 @@
 // github_actions variables
 // Resourced in github_networks.tf
 // Declared in variables.tf
-// 
+//
 
 namespace         = "Ansible_Lockdown_GH_PR_Actions"
 environment       = "Ansible_Lockdown_GH_PR_Pipeline"

diff --git a/.yamllint b/.yamllint
@@ -30,4 +30,4 @@ rules:
     trailing-spaces: enable
     truthy:
         allowed-values: ['true', 'false']
-        check-keys: false
+        check-keys: true
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.4.0
+
+workflow update
+linting updates
+import_tasks added file
+rule 3.1.2 logic update
+tidy up tags
+
 ## 1.3.1
 
 - issue 84 from ubuntu20 fixed vartmp

diff --git a/files/etc/apparmor.d/usr.bin.ssh b/files/etc/apparmor.d/usr.bin.ssh
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -20,6 +20,9 @@
       name: exim4
       state: restarted
 
+- name: Disable wireless adaptor
+  ansible.builtin.shell: nmcli radio wifi off
+
 - name: sysctl flush ipv4 route table
   ansible.posix.sysctl:
       name: net.ipv4.route.flush

diff --git a/library/goss.py b/library/goss.py
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -31,19 +31,22 @@
       - always
 
 - name: Prelim Import Tasks
-  ansible.builtin.import_tasks: prelim.yml
+  ansible.builtin.import_tasks:
+      file: prelim.yml
   tags:
       - always
 
 - name: Pre Remediate Audit Task Import
-  ansible.builtin.import_tasks: pre_remediation_audit.yml
+  ansible.builtin.import_tasks:
+      file: pre_remediation_audit.yml
   when:
       - run_audit
   tags:
       - run_audit
 
 - name: Run Password Parsing
-  ansible.builtin.import_tasks: parse_etc_password.yml
+  ansible.builtin.import_tasks:
+      file: parse_etc_password.yml
   when:
       - ubtu18cis_section5_patch or
         ubtu18cis_section6_patch
@@ -55,37 +58,43 @@
       - always
 
 - name: Include section 1 patches
-  ansible.builtin.import_tasks: section_1/main.yml
+  ansible.builtin.import_tasks:
+      file: section_1/main.yml
   when: ubtu18cis_section1_patch
   tags:
       - section1
 
 - name: Include section 2 patches
-  import_tasks: section_2/main.yml
+  ansible.builtin.import_tasks:
+      file: section_2/main.yml
   when: ubtu18cis_section2_patch
   tags:
       - section2
 
 - name: Include section 3 patches
-  ansible.builtin.import_tasks: section_3/main.yml
+  ansible.builtin.import_tasks:
+      file: section_3/main.yml
   when: ubtu18cis_section3_patch
   tags:
       - section3
 
 - name: Include section 4 patches
-  ansible.builtin.import_tasks: section_4/main.yml
+  ansible.builtin.import_tasks:
+      file: section_4/main.yml
   when: ubtu18cis_section4_patch
   tags:
       - section4
 
 - name: Include section 5 patches
-  ansible.builtin.import_tasks: section_5/main.yml
+  ansible.builtin.import_tasks:
+      file: section_5/main.yml
   when: ubtu18cis_section5_patch
   tags:
       - section5
 
 - name: Include section 6 patches
-  ansible.builtin.import_tasks: section_6/main.yml
+  ansible.builtin.import_tasks:
+      file: section_6/main.yml
   when: ubtu18cis_section6_patch | bool
   tags:
       - section6
@@ -113,7 +122,8 @@
             warn_control_id: 'Reboot Required'
 
 - name: Post Remediation Task
-  ansible.builtin.import_tasks: post_remediation_audit.yml
+  ansible.builtin.import_tasks:
+      file: post_remediation_audit.yml
   when:
       - run_audit
 

diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: Pre Audit | Setup the audit
-  ansible.builtin.include_tasks: LE_audit_setup.yml
+  ansible.builtin.include_tasks:
+      file: LE_audit_setup.yml
   when:
       - setup_audit
   tags: