Merge pull request #43 from ansible-lockdown/devel

Updates For Linting
ansible-lockdown · Aug 10, 2023 · b1f0097 · b1f0097
2 parents d73548d + e6f8a9a
commit b1f0097
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 30 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -5,10 +5,7 @@ quiet: true
 skip_list:
     - 'schema'
     - 'no-changed-when'
-    - 'fqcn-builtins'
     - 'experimental'
-    - 'fqcn[action-core]'
-    - 'fqcn[action]'
     - 'name[casing]'
     - 'name[template]'
     - 'jinja[spacing]'

diff --git a/.yamllint b/.yamllint
@@ -30,4 +30,4 @@ rules:
     trailing-spaces: enable
     truthy:
         allowed-values: ['true', 'false']
-        check-keys: false
+        check-keys: true
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -4,8 +4,8 @@
 
 August 2023 Update
   - Updated Workflows To Central Repo
-    - Renamed them to better run across all repos. 
-  - Removed Templates & PR Temmplate from repo and adjusted to Org level. 
+    - Renamed them to better run across all repos.
+  - Removed Templates & PR Temmplate from repo and adjusted to Org level.
   - Updated Readme Layout to add new pipeline badges.
   - Fixed WN16 References in defaults/main.
   - Cat2_Cloud moved from tasks/main and renamed to cat2_cloud_lockout_order and in cat2.yml workflow.
@@ -54,4 +54,4 @@ January 2023 Release
   - Added Version 2 Release 3 changes during this update.
   - Added Version 2 Release 4 changes during this update.
   - Added Version 2 Release 5 changes during this update.
-  - Added Warning Count Summary to the End Of Playbook
+  - Added Warning Count Summary to the End Of Playbook.
diff --git a/tasks/cat2.yml b/tasks/cat2.yml
@@ -1079,15 +1079,15 @@
         notify: reboot_windows
 
       - name: "MEDIUM | WN19-00-000390 | AUDIT | Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. | Warning Message No SecGuide.admx"
-        debug:
+        ansible.builtin.debug:
             msg:
                 - "Warning!! SecGuide.admx is not installed in C:\\Windows\\PolicyDefinitions folder."
                 - "This policy setting requires the installation of the SecGuide.admx custom templates"
                 - "included with the STIG package."
         when: wn19_secguide_admx_audit.results[0].matched != 1
 
       - name: "MEDIUM | WN19-00-000390 | AUDIT | Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. | Warning Message No SecGuide.adml"
-        debug:
+        ansible.builtin.debug:
             msg:
                 - "Warning!! SecGuide.adml is not installed in C:\\Windows\\PolicyDefinitions\\en-US folder"
                 - "This policy setting requires the installation of the SecGuide.adml custom templates"
@@ -1123,15 +1123,15 @@
         notify: reboot_windows
 
       - name: "MEDIUM | WN19-00-000400 | AUDIT | Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server - mrxsmb10 | Warning Message No SecGuide.admx"
-        debug:
+        ansible.builtin.debug:
             msg:
                 - "Warning!! SecGuide.admx is not installed in C:\\Windows\\PolicyDefinitions folder."
                 - "This policy setting requires the installation of the SecGuide.admx custom templates"
                 - "included with the STIG package."
         when: wn19_secguide_admx_audit.results[0].matched != 1
 
       - name: "MEDIUM | WN19-00-000400 | AUDIT | Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server - mrxsmb10 | Warning Message No SecGuide.adml"
-        debug:
+        ansible.builtin.debug:
             msg:
                 - "Warning!! SecGuide.adml is not installed in C:\\Windows\\PolicyDefinitions\\en-US folder"
                 - "This policy setting requires the installation of the SecGuide.adml custom templates"
@@ -1225,7 +1225,7 @@
         when: "'Installed' in wn19_00_000430_ftp_audit"
 
       - name: "MEDIUM | WN19-00-000430 | AUDIT | Windows Server 2019 FTP servers must be configured to prevent access to the system drive. | Warning Message."
-        debug:
+        ansible.builtin.debug:
             msg:
                 - "Warning!! This is a manual task. For any sites with a Binding that lists FTP, right-click the site and select Explore."
                 - "If the site includes any system areas such as root of the drive, Program Files, or Windows directories, this is a finding"
@@ -1437,7 +1437,7 @@
         when: wn19stig_passwordhistorysize < 24
 
       - name: "MEDIUM | WN19-AC-000040 | PATCH | Windows Server 2019 password history must be configured to 24 passwords remembered. | Apply Variable"
-        win_security_policy:
+        community.windows.win_security_policy:
             section: System Access
             key: PasswordHistorySize
             value: "{{ wn19stig_passwordhistorysize }}"

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
@@ -22,23 +22,6 @@
   tags:
       - always
 
-# 1 = disabled 0 = enabled
-# this reg key may be useful to detect when secure conenctions are enabled, etc?
-- name: "PRELIM | Detect if Remote Desktop Services (RDP) is enabled"
-  ansible.windows.win_reg_stat:
-      path: HKLM:\System\CurrentControlSet\Control\Terminal Server
-      name: fDenyTSConnections
-  changed_when: false
-  failed_when: false
-  register: win2019_rdp_enabled
-  tags:
-      - always
-
-# remove this debug or set a verbose level
-- name: win2019_rdp_enabled.value var
-  ansible.builtin.debug:
-      var: win2019_rdp_enabled.value
-
 - name: Get Drive Letters"
   ansible.windows.win_shell: Get-Volume | ?{ $_.DriveType -eq 'Fixed' } | Select-Object -ExpandProperty 'DriveLetter'
   changed_when: false