jeff1evesque / cis_benchmark Goto Github PK

We need to enforce cron related stigs for the raspbian4x operating system.

We need to create a version v2.0.0 base box, which will entail the following enhancements:

• removal of ssh keys
• generate corresponding md5 hash

Then, we'll need to implement a corresponding switch statement within our Vagrantfile, which will allow users to choose between the linux operating systems.

We need to enforce cis related stigs for xinetd, on the raspbian4x operating system.

We will implement a puppet template, to remediate audit.rules related stig items, for the trusty64 operating system.

We need to create trusty64.yml, which will contain the default stig implementation for ubuntu 14.04.

Note: this issue is a partial continuation of #3.

We need to make minor stylistic changes (indentation) for our 50-default.conf.erb template.

We need to make minor stylistic comment changes in rsyslog.conf.erb.

We need to create raspbian4x.yml, which will contain the default stig implementation for raspbian4x. Note: this issue is similar to #5.

We will implement a puppet template, to remediate syslog-ng related stig items, for the raspbian4x operating system.

We need to ensure the rsyslog daemon is installed, and running on the raspbian4x operating system.

We need to enforce cron related stigs for the centos7x operating system.

We need to add which cis benchmarks are implemented for our corresponding puppet module, within this projects main README.md. For example, the trusty64 operating system implements the CIS 2.0.0 benchmark. Likewise, we need to make it apparent which benchmarks are used for the other operating systems.

We need to ensure the rsyslog daemon is installed, and running on the trusty64 operating system.

Our puppet module will have other module dependencies, which need to be included in our README.md.

We need to fix the following typo within auditd_rules.pp:

  file { '/etc/audit/audit.rules':
    ensure   => present,
    mode     => '0640',
    owner    => 'root',
    group    => 'root',
    template => dos2unix(template('cis/trusty64/audit.rules.erb')),
    notify   => Exec['restart-auditd'],
  }

As well as similar typo's within rsyslog.pp.

We need to remove the Vagrantfile, since this puppet module can be tested via the puppet-demonstration project. Therefore, we need to mention this integration within this projects main README.md.

We need to move the service directive for cis 4.2.1.1 under the if condition, within the rsyslog.pp.

We need to ensure the auditd daemon is installed, and running on the raspbian4x operating system.

We need to explicitly compare $::apparmor_enabled == 'Y' in our audit.rules, and ensure the corresponding apparmor.enabled returns a value, even if apparmor is not installed.

We will implement a puppet template, to remediate syslog-ng related stig items, for the centos7x operating system.

We need to enforce cis related stigs for xinetd`, on the trusty64 operating system.

We need to define the group for the /etc/audit/audit.rules file, implemented within the trust environment.

We need to enforce cis related stigs for xinetd, on the centos7x operating system.

We need to ensure the rsyslog daemon is installed, and running on the centos7x operating system.

We need to enforce permission on all logfiles, for the centos7x operating system.

We will implement a puppet template, to remediate syslog-ng related stig items, for the trusty64 operating system.

We have some small minor typos within rsyslog.pp.

We need to enforce ssh related stigs, for the raspbian4x operating system.

We will implement a puppet template, to remediate rsyslog.conf related stig items, for the raspbian4x operating system.

We need to create centos7x.yml, which will contain the default stig implementation for centos7x.

Note: this issue is similar to #5.

We need to enforce permission on all logfiles, for the trusty64 operating system.

We will implement a puppet template, to remediate audit.rules related stig items, for the centos7x operating system.

We need to enforce cron related stigs for the trusty64 operating system.

We need to correctly define our example yaml files.

Since our corresponding fact returns a string, we need to adjust the following from xinetd.pp, respectively:

...
  ## apply rules if xinetd installed
  if ($xinetd_installed) {
...

We will implement a puppet template, to remediate rsyslog.conf related stig items, for the trusty64 operating system.

We will implement a puppet template, to remediate rsyslog.conf related stig items, for the trusty64 operating system.

We need to ensure the auditd daemon is installed, and running on the centos7x operating system.

We will add an initial Vagrantfile, which should include a switch statement allowing users to toggle between various operating systems.

Note: it is not certain if we'll be able to implement the raspbian operating system within vagrant.

We need to enforce ssh related stigs, for the centos7x operating system.

We will implement a puppet template, to remediate audit.rules related stig items, for the raspbian4x operating system.

We need to ensure the auditd daemon is installed, and running on the trusty64 operating system.

We need to ensure the following directive exists:

  ## ensure auditd running
  service { 'auditd':
    ensure => true,
    enable => true,
  }

We need to enforce pam related stigs, for the centos7x operating system.

We need to enforce permission on all logfiles, for the raspbian4x operating system.

We need to fix the following typos in our trusty.yaml:

cis_4_2_1_4 = false
cis_4_2_1_5 = false

We need to make a minor typo fix within the docstring of audit.rules.erb.

We need to enforce ssh related stigs, for the trusty64 operating system.

We need to enable by default CIS 4.1.2, for the trusty 64 operating system.

We forgot to add a <% end %> closing tag in audit.rules.erb.