Skip to content

Commit 223c952

Browse files
authored
Merge pull request #120 from ansible-lockdown/benchmark_3.0.1
Updates to Workflows, Readme, Changelog, General Fixes As Well
2 parents f004a8b + 9badd6f commit 223c952

File tree

12 files changed

+111
-22
lines changed

12 files changed

+111
-22
lines changed

.github/workflows/devel_pipeline_validation.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,13 @@ name: Ansible Remediate Devel Pipeline Validation
66

77
# Controls when the action will run.
88
# Triggers the workflow on push or pull request
9-
# events but only for the devel branch
9+
# events but only for the devel branch and any branch that contains benchmark in name.
1010
on: # yamllint disable-line rule:truthy
1111
pull_request_target:
1212
types: [opened, reopened, synchronize]
1313
branches:
1414
- devel
15+
- benchmark*
1516
paths:
1617
- '**.yml'
1718
- '**.sh'

.github/workflows/devel_pipeline_validation_gpo.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,13 @@ name: GPO Devel Pipeline Validation
66

77
# Controls when the action will run.
88
# Triggers the workflow on push or pull request
9-
# events but only for the devel branch
9+
# events but only for the devel branch and any branch that contains benchmark in name.
1010
on: # yamllint disable-line rule:truthy
1111
pull_request_target:
1212
types: [opened, reopened, synchronize]
1313
branches:
1414
- devel
15+
- benchmark*
1516
paths:
1617
- '**.yml'
1718
- '**.sh'
Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
3+
name: Export Private Repo Badges
4+
5+
# Use different minute offsets with the same hourly pattern:
6+
# Repo Group Suggested Cron Expression Explanation
7+
# Group A 0 */6 * * * Starts at top of hour
8+
# Group B 10 */6 * * * Starts art 10 after
9+
# And So On
10+
11+
on:
12+
push:
13+
branches:
14+
- latest
15+
schedule:
16+
- cron: '0 */6 * * *'
17+
workflow_dispatch:
18+
19+
jobs:
20+
export-badges:
21+
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'schedule' && startsWith(github.repository, 'ansible-lockdown/Private-')) || (github.event_name == 'push' && github.ref_name == 'latest')
22+
uses: ansible-lockdown/github_windows_IaC/.github/workflows/export_badges_private.yml@self_hosted
23+
with:
24+
# Full org/repo path passed for GitHub API calls (e.g., ansible-lockdown/Private-Windows-2016-CIS)
25+
repo_name: ${{ github.repository }}
26+
secrets:
27+
BADGE_PUSH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
---
2+
3+
name: Export Public Repo Badges
4+
5+
on:
6+
push:
7+
branches:
8+
- main
9+
- devel
10+
workflow_dispatch:
11+
12+
jobs:
13+
export-badges:
14+
if: github.repository_visibility == 'public' && (github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (github.ref_name == 'devel' || github.ref_name == 'main')))
15+
uses: ansible-lockdown/github_windows_IaC/.github/workflows/export_badges_public.yml@self_hosted
16+
with:
17+
repo_name: ${{ github.repository }}
18+
secrets:
19+
BADGE_PUSH_TOKEN: ${{ secrets.BADGE_PUSH_TOKEN }}

.github/workflows/main_pipeline_validation.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,13 @@ name: Ansible Remediate Main Pipeline Validation
66

77
# Controls when the action will run.
88
# Triggers the workflow on push or pull request
9-
# events but only for the devel branch
9+
# events but only for the main or latest branch
1010
on: # yamllint disable-line rule:truthy
1111
pull_request_target:
1212
types: [opened, reopened, synchronize]
1313
branches:
1414
- main
15+
- latest
1516
paths:
1617
- '**.yml'
1718
- '**.sh'

.github/workflows/main_pipeline_validation_gpo.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,13 @@ name: GPO Main Pipeline Validation
66

77
# Controls when the action will run.
88
# Triggers the workflow on push or pull request
9-
# events but only for the devel branch
9+
# events but only for the main or latest branch
1010
on: # yamllint disable-line rule:truthy
1111
pull_request_target:
1212
types: [opened, reopened, synchronize]
1313
branches:
1414
- main
15+
- latest
1516
paths:
1617
- '**.yml'
1718
- '**.sh'

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,3 +45,4 @@ benchparse/
4545
.github/
4646
.github/.ansible/.lock
4747
.ansible/
48+
.DS_Store

ChangeLog.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,27 @@
11
# Changelog
22

3+
## Release 3.1.1
4+
5+
May 2025 Update
6+
- Fixed Control 18.6.14.1 For Missing RequirePrivacy=1 in Ansible Hardening And title. - Thanks @mfortin
7+
- Updated 18.10.56.3.10.2 value to 60000 from 6000 in remediate and GPO - Thanks @mfortin
8+
- Updated 18.10.79.2 Path In Remediate - Thanks @mfortin
9+
- Updated 18.10.92.4.1 ManagePreviewBuildsPolicyValue to 1. - Thanks @mfortin
10+
- Updated Pipelines Branches Trigger
11+
- Updated Readme with New Badges
12+
313
## Release 3.1.0
414

15+
February 2025 Update
16+
- Added the cloud lockout cloud tasks import that was removed last release.
17+
18+
## Release 3.0.2
19+
520
February 2025 Update
621
- Added new Readme Badges
722
- General Typos and Fixes
823
- All Workflows Updated
924
- Fixed Control Tag for rule_2.3.10.9
10-
- Added the cloud lockout cloud tasks import that was removed last release.
1125

1226
## Release 3.0.1
1327

README.md

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,30 +6,54 @@
66

77
---
88

9+
## Public Repository 📣
10+
911
![Org Stars](https://img.shields.io/github/stars/ansible-lockdown?label=Org%20Stars&style=social)
1012
![Stars](https://img.shields.io/github/stars/ansible-lockdown/Windows-2019-CIS?label=Repo%20Stars&style=social)
1113
![Forks](https://img.shields.io/github/forks/ansible-lockdown/Windows-2019-CIS?style=social)
12-
![followers](https://img.shields.io/github/followers/ansible-lockdown?style=social)
14+
![Followers](https://img.shields.io/github/followers/ansible-lockdown?style=social)
1315
[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/AnsibleLockdown.svg?style=social&label=Follow%20%40AnsibleLockdown)](https://twitter.com/AnsibleLockdown)
14-
1516
![Discord Badge](https://img.shields.io/discord/925818806838919229?logo=discord)
1617

18+
![License](https://img.shields.io/github/license/ansible-lockdown/Windows-2019-CIS?label=License)
19+
20+
## Lint & Pre-Commit Tools 🔧
21+
22+
[![Pre-Commit.ci](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Windows-2019-CIS/pre-commit-ci.json)](https://results.pre-commit.ci/latest/github/ansible-lockdown/Windows-2019-CIS/devel)
23+
![YamlLint](https://img.shields.io/badge/yamllint-Present-brightgreen?style=flat&logo=yaml&logoColor=white)
24+
![Ansible-Lint](https://img.shields.io/badge/ansible--lint-Present-brightgreen?style=flat&logo=ansible&logoColor=white)
25+
26+
## Community Release Information 📂
27+
1728
![Release Branch](https://img.shields.io/badge/Release%20Branch-Main-brightgreen)
1829
![Release Tag](https://img.shields.io/github/v/tag/ansible-lockdown/Windows-2019-CIS?label=Release%20Tag&&color=success)
1930
![Main Release Date](https://img.shields.io/github/release-date/ansible-lockdown/Windows-2019-CIS?label=Release%20Date)
31+
![Benchmark Version Main](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Windows-2019-CIS/benchmark-version-main.json)
32+
![Benchmark Version Devel](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Windows-2019-CIS/benchmark-version-devel.json)
2033

2134
[![Main Pipeline Status](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/main_pipeline_validation.yml/badge.svg?)](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/main_pipeline_validation.yml)
2235
[![GPO Main Pipeline Status](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/main_pipeline_validation_gpo.yml/badge.svg?)](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/main_pipeline_validation_gpo.yml)
2336

2437
[![Devel Pipeline Status](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/devel_pipeline_validation.yml/badge.svg?)](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/devel_pipeline_validation.yml)
2538
[![GPO Devel Pipeline Status](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/devel_pipeline_validation_gpo.yml/badge.svg?)](https://github.com/ansible-lockdown/Windows-2019-CIS/actions/workflows/devel_pipeline_validation_gpo.yml)
26-
![Devel Commits](https://img.shields.io/github/commit-activity/m/ansible-lockdown/Windows-2019-CIS/devel?color=dark%20green&label=Devel%20Branch%20Commits)
2739

28-
![Issues Open](https://img.shields.io/github/issues-raw/ansible-lockdown/Windows-2019-CIS?label=Open%20Issues)
29-
![Issues Closed](https://img.shields.io/github/issues-closed-raw/ansible-lockdown/Windows-2019-CIS?label=Closed%20Issues&&color=success)
40+
![Devel Commits](https://img.shields.io/github/commit-activity/m/ansible-lockdown/Windows-2019-CIS/devel?color=dark%20green&label=Devel%20Branch%20Commits)
41+
![Open Issues](https://img.shields.io/github/issues-raw/ansible-lockdown/Windows-2019-CIS?label=Open%20Issues)
42+
![Closed Issues](https://img.shields.io/github/issues-closed-raw/ansible-lockdown/Windows-2019-CIS?label=Closed%20Issues&&color=success)
3043
![Pull Requests](https://img.shields.io/github/issues-pr/ansible-lockdown/Windows-2019-CIS?label=Pull%20Requests)
3144

32-
![License](https://img.shields.io/github/license/ansible-lockdown/Windows-2019-CIS?label=License)
45+
---
46+
47+
## Subscriber Release Information 🔐
48+
49+
![Private Release Branch](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Private-Windows-2019-CIS/release-branch.json)
50+
![Benchmark Version](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Private-Windows-2019-CIS/benchmark-version.json)
51+
52+
[![Private Remediate Pipeline](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Private-Windows-2019-CIS/remediate.json)](https://github.com/ansible-lockdown/Private-Windows-2019-CIS/actions/workflows/main_pipeline_validation.yml)
53+
[![Private GPO Pipeline](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Private-Windows-2019-CIS/gpo.json)](https://github.com/ansible-lockdown/Private-Windows-2019-CIS/actions/workflows/main_pipeline_validation_gpo.yml)
54+
55+
![Private Pull Requests](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Private-Windows-2019-CIS/prs.json)
56+
![Private Closed Issues](https://img.shields.io/endpoint?url=https://ansible-lockdown.github.io/github_windows_IaC/badges/Private-Windows-2019-CIS/issues-closed.json)
3357

3458
---
3559

tasks/ansible_hardening/prelim.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@
5353
failed_when: false
5454
register: prelim_all_users
5555

56-
- name: PRELIM | Obtain Then Load Default And User Hives | Create results list fact for username and SIDs
56+
- name: PRELIM | Obtain Then Load Default And User Hives | Create Results list fact for username and SIDs
5757
ansible.builtin.set_fact:
5858
prelim_username_and_sid_results_list: "{{ prelim_all_users.stdout_lines | map('split', ' ') | list }}"
5959

0 commit comments

Comments
 (0)