Merge pull request #5 from ansible-lockdown/amazon2023

uk-bolly · web-flow · commit 3d656dbd36f2 · 2023-08-23T13:58:15.000+01:00
Amazon2023 added
diff --git a/AMAZON2023.tfvars b/AMAZON2023.tfvars
@@ -0,0 +1,6 @@
+# Amazon Linux 2023
+ami_id        = "ami-08a52ddb321b32a8c"
+ami_os        = "AmazonLinux2023"
+ami_username  = "ec2-user"
+ami_user_home = "/home/ec2-user"
+benchmark_os  = "Amazon2023"
diff --git a/main.tf b/main.tf
@@ -77,6 +77,9 @@ resource "local_file" "inventory" {
         run_audit: true
         system_is_ec2: true
         skip_reboot: false
+        amzn2023cis_rule_1_2_2: false  # Breaks patching
+        amzn2023cis_rule_1_2_4: false  # Breaks patching
+        amzn2023cis_rule_4_6_6: false  # default image has no root password and nopasswd not removed from sudo
         rhel_07_010340: false
         rhel7stig_bootloader_password_hash: 'grub.pbkdf2.sha512.somethingnewhere'
         rhel9cis_rule_5_6_6: false  # skip root passwd check and keys only
