add cjis to compliance demo (#134)

ansible · Mar 3, 2024 · 3468d1c · 3468d1c
1 parent 10f0bb4
commit 3468d1c
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 1 deletion.
diff --git a/linux/compliance-enforce.yml b/linux/compliance-enforce.yml
@@ -13,5 +13,4 @@
     - name: Run Compliance Profile
       ansible.builtin.include_role:
         name: "redhatofficial.rhel{{ ansible_distribution_major_version }}_{{ compliance_profile }}"
-
 ...
diff --git a/linux/compliance_profiles.md b/linux/compliance_profiles.md
@@ -5,6 +5,7 @@ The following compliance profiles are supported by the [**Linux / Enforce Compli
 | **Profile** | **Role Repository** |
 |-------------|---------------------|
 | CIS | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cis |
+| CJIS | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cjis |
 | CUI | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-cui |
 | HIPAA | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-hipaa |
 | OSPP | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-ospp |

diff --git a/linux/setup.yml b/linux/setup.yml
@@ -377,6 +377,9 @@ controller_templates:
       sudo_remove_no_authenticate: false
       # used by CIS and STIG profile role
       accounts_password_set_max_life_existing: false
+      # used by the CJIS profile role
+      service_firewalld_enabled: false
+      firewalld_sshd_port_enabled: false
     survey_enabled: true
     survey:
       name: ''
@@ -392,6 +395,7 @@ controller_templates:
           required: true
           choices:
             - cis
+            - cjis
             - cui
             - hipaa
             - ospp
@@ -423,6 +427,7 @@ controller_templates:
           required: true
           choices:
             - cis
+            - cjis
             - cui
             - hipaa
             - ospp

diff --git a/roles/requirements.yml b/roles/requirements.yml
@@ -3,6 +3,8 @@ roles:
   # RHEL 7 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel7_cis
     version: 0.1.69
+  - name: redhatofficial.rhel7_cjis
+    version: 0.1.69
   - name: redhatofficial.rhel7_cui
     version: 0.1.67
   - name: redhatofficial.rhel7_hipaa
@@ -16,6 +18,8 @@ roles:
   # RHEL 8 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel8_cis
     version: 0.1.69
+  - name: redhatofficial.rhel8_cjis
+    version: 0.1.69
   - name: redhatofficial.rhel8_cui
     version: 0.1.69
   - name: redhatofficial.rhel8_hipaa