From f6821e1b26d35eda9df6d6ca18e6013c07b89cb2 Mon Sep 17 00:00:00 2001 From: ozhuang Date: Thu, 19 Aug 2021 11:51:43 +0800 Subject: [PATCH 1/2] typo error, make it consistent with CIS v2.0.1 --- tasks/section1.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/section1.yml b/tasks/section1.yml index 8ba92ba..f50c0e6 100644 --- a/tasks/section1.yml +++ b/tasks/section1.yml @@ -258,7 +258,7 @@ - filesystems - rule_1.1.1.8 -- name: "SCORED | 1.1.2 | PATCH | Ensure separate partition exists for /tmp | enable and start/restart tmp.mount" +- name: "SCORED | 1.1.2 | PATCH | Ensure /tmp is configured | enable and start/restart tmp.mount" copy: src: "{{ tmp_mount_file[ansible_os_family] }}" dest: /etc/systemd/system/tmp.mount @@ -278,7 +278,7 @@ - patch - rule_1.1.2 -- name: "SCORED | 1.1.2 | PATCH | Ensure separate partition exists for /tmp | enable and start/restart tmp.mount" +- name: "SCORED | 1.1.2 | PATCH | Ensure /tmp is configured | enable and start/restart tmp.mount" systemd: name: tmp.mount daemon_reload: yes From d4152c64e3400173b8d4da0501824698161c5e0d Mon Sep 17 00:00:00 2001 From: ozhuang Date: Mon, 11 Oct 2021 17:37:58 +0800 Subject: [PATCH 2/2] Fixed typo error on README --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a2fea12..c934382 100644 --- a/README.md +++ b/README.md @@ -140,10 +140,10 @@ ubuntu1804cis_time_synchronization_servers: config: "minpoll 8" ``` -##### - name: "SCORED | 1.1.5 | PATCH | Ensure noexec option set on /tmp partition" -It is not implemented, noexec for /tmp will disrupt apt. /tmp contains executable scripts during package installation -``` - +##### 1.1.5 | PATCH | Ensure noexec option set on /tmp partition +It is not implemented because noexec for /tmp will disrupt apt. /tmp contains executable scripts during package installation +```yaml +ubuntu1804cis_rule_1_1_5: false ``` ##### 1.5.3 | PATCH | Ensure authentication required for single user mode It is disabled by default as it is setting random password for root. To enable it set: