merge origing

2022-11-07 10:42:15 -05:00 · 2022-11-07 10:42:15 -05:00 · 433ace2183
--- a/stig/linux/config/CentOS74.mof
+++ b/stig/linux/config/CentOS74.mof
--- a/stig/linux/config/CentOS75.mof
+++ b/stig/linux/config/CentOS75.mof
--- a/stig/linux/config/CentOS76.mof
+++ b/stig/linux/config/CentOS76.mof
--- a/stig/linux/config/CentOS77.mof
+++ b/stig/linux/config/CentOS77.mof
--- a/stig/linux/config/CentOS78.mof
+++ b/stig/linux/config/CentOS78.mof
--- a/stig/linux/config/CentOS79.mof
+++ b/stig/linux/config/CentOS79.mof
--- a/stig/linux/config/RHEL72.mof
+++ b/stig/linux/config/RHEL72.mof
--- a/stig/linux/config/RHEL73.mof
+++ b/stig/linux/config/RHEL73.mof
--- a/stig/linux/config/RHEL74.mof
+++ b/stig/linux/config/RHEL74.mof
--- a/stig/linux/config/RHEL75.mof
+++ b/stig/linux/config/RHEL75.mof
--- a/stig/linux/config/RHEL77.mof
+++ b/stig/linux/config/RHEL77.mof
--- a/stig/linux/config/RHEL78.mof
+++ b/stig/linux/config/RHEL78.mof
--- a/stig/linux/config/RHEL79.mof
+++ b/stig/linux/config/RHEL79.mof
--- a/stig/linux/config/Ubuntu1804-DataScience.mof
+++ b/stig/linux/config/Ubuntu1804-DataScience.mof
--- a/stig/linux/config/Ubuntu1804.mof
+++ b/stig/linux/config/Ubuntu1804.mof
--- a/stig/linux/config/localhost.mof
+++ b/stig/linux/config/localhost.mof
@ -1,37 +1,46 @@
-/*
-@TargetNode='localhost'
-@GeneratedBy=Microsoft
-@GenerationDate=01/31/2022 17:13:26
-@GenerationHost=Microsoft
-*/
-
-instance of MSFT_nxScriptResource as $MSFT_nxScriptResource1ref
-{
-ResourceID = "[nxScript]EmptyDsc";
- GetScript = "#!/bin/bash\necho emptyGet";
- TestScript = "#!/bin/bash\nexit 0";
- SourceInfo = "D:\\dev\\project-chairlift\\linux\\build-linux-config.ps1::105::9::nxScript";
- SetScript = "#!/bin/bash\necho emptySet";
- ModuleName = "nx";
- ModuleVersion = "1.0";
- ConfigurationName = "LinuxBaseLine";
-};
-instance of OMI_ConfigurationDocument
-
-                    {
- Version="2.0.0";
- 
-                        MinimumCompatibleVersion = "1.0.0";
- 
-                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
- 
-                        Author="Microsoft";
- 
-                        GenerationDate="01/31/2022 17:13:26";
- 
-                        GenerationHost="Microsoft";
- 
-                        Name="LinuxBaseLine";
-
-                    };
-
+/*
+@TargetNode='localhost'
+@GeneratedBy=Microsoft
+@GenerationDate=06/30/2022 11:38:45
+@GenerationHost=Microsoft
+*/
+
+instance of MSFT_nxScriptResource as $MSFT_nxScriptResource1ref
+{
+ResourceID = "[nxScript]EmptyDsc";
+ GetScript = "#!/bin/bash\necho emptyGet";
+ TestScript = "#!/bin/bash\nexit 0";
+ SourceInfo = "D:\\dev\\project-chairlift\\linux\\build-linux-config.ps1::105::9::nxScript";
+ SetScript = "#!/bin/bash\necho emptySet";
+ ModuleName = "nx";
+ ModuleVersion = "1.0";
+
+ ConfigurationName = "LinuxBaseLine";
+
+};
+instance of OMI_ConfigurationDocument
+
+
+                    {
+ Version="2.0.0";
+
+
+                        MinimumCompatibleVersion = "1.0.0";
+
+
+                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
+
+
+                        Author="Microsoft";
+
+
+                        GenerationDate="06/30/2022 11:38:45";
+
+
+                        GenerationHost="Microsoft";
+
+
+                        Name="LinuxBaseLine";
+
+
+                    };
--- a/stig/linux/config/rhel8STIG-ansible.zip
+++ b/stig/linux/config/rhel8STIG-ansible.zip
--- a/stig/linux/createUiDefinition.json
+++ b/stig/linux/createUiDefinition.json
--- a/stig/linux/mainTemplate.json
+++ b/stig/linux/mainTemplate.json
--- a/stig/linux/rhel8STIG.sh
+++ b/stig/linux/rhel8STIG.sh
@ -302,21 +302,20 @@ echo 'Defaults !runaspw' >> /etc/sudoers.d/237642
 # END V-237642

 ###############################################################################
-echo "Installing Ansible for STIG automation..."
+echo "Installing Ansible for STIG automation (pip3 install)..."
 ###############################################################################
-yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-# replacing releasever in epel repo files; issue in 8.1/8.2 where the $releasever returns "8.1" / "8.2" instead of "8"
-sed -i 's/$releasever/8/g' /etc/yum.repos.d/epel*.repo
-yum -y install ansible
+pip3 install ansible --user

 ###############################################################################
 echo "Unzipping rhel8STIG-ansible.zip to ./rhel8STIG"
 ###############################################################################
 unzip rhel8STIG-ansible.zip -d ./rhel8STIG
-chmod +x ./rhel8STIG/enforce.sh
-# due to enforce.sh content pathing, changing to expanded directory for script execution
-cd ./rhel8STIG
-sh ./enforce.sh
+
+###############################################################################
+echo "Invoking ansible-playbook to automate STIG rules"
+###############################################################################
+/root/.local/bin/ansible-playbook -v -b -i /dev/null ./rhel8STIG/site.yml
+

 ###############################################################################
 # "Automating Rule Id V-230483" 8.0 auditd.conf does not recogn. percent sign
@ -345,5 +344,5 @@ fips-mode-setup --enable
 ###############################################################################
 echo "Restarting system to apply STIG settings..."
 ###############################################################################
-touch ./../azAutomationComplete
+touch ./azAutomationComplete
 shutdown -r +1 2>&1
--- a/stig/windows/RequiredModules.ps1
+++ b/stig/windows/RequiredModules.ps1
@ -14,6 +14,6 @@ function Get-RequiredModules {
        @{ModuleName = 'WindowsDefenderDsc'; ModuleVersion = '2.1.0' },
        @{ModuleName = 'xDnsServer'; ModuleVersion = '1.16.0.0' },
        @{ModuleName = 'xWebAdministration'; ModuleVersion = '3.2.0' },
-        @{ModuleName = 'PowerSTIG'; ModuleVersion = '4.11.0' }
+        @{ModuleName = 'PowerSTIG'; ModuleVersion = '4.12.1' }
    )
-}
+}