From bac6e9743e2c3a53c940768d82f2d98223afa376 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 16 May 2023 12:11:04 +0100
Subject: [PATCH 1/5] #18 corrected

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/LE_audit_setup.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/LE_audit_setup.yml b/tasks/LE_audit_setup.yml
index 61a4cdf..8321a32 100644
--- a/tasks/LE_audit_setup.yml
+++ b/tasks/LE_audit_setup.yml
@@ -13,7 +13,7 @@
 
 - name: copy audit binary
   copy:
-      src:
+      src: "{{ copy_goss_from_path }}"
       dest: "{{ audit_bin }}"
       mode: 0555
       owner: root

From 94f37e67ce9220b69e15b1e4e6b434bd3f1d345e Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 16 May 2023 12:14:09 +0100
Subject: [PATCH 2/5] updated due to #19 great catch

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/pre_remediation_audit.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tasks/pre_remediation_audit.yml b/tasks/pre_remediation_audit.yml
index dd98183..3e0c4a6 100644
--- a/tasks/pre_remediation_audit.yml
+++ b/tasks/pre_remediation_audit.yml
@@ -34,7 +34,6 @@
   copy:
       src: "{{ audit_local_copy }}"
       dest: "{{ audit_conf_dir }}"
-      mode: 0644
   when:
       - audit_content == 'copy'
 

From fee167ba2523fdc66ef5b02d7bd0d219a3e91351 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 4 Jun 2024 10:06:17 +0100
Subject: [PATCH 3/5] Issues #28 addressed thansk to @msachikanta

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 defaults/main.yml             | 2 +-
 tasks/section_5/cis_5.3.x.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 91ff01c..61bff4b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -411,7 +411,7 @@ amazon2cis_ssh_loglevel: INFO
 # To conform to CIS standards this value nees to be 10 or less
 amazon2cis_ssh_maxsessions: 10
 amazon2cis_sshd:
-    # clientalivecountmax: 0
+    clientalivecountmax: 0
     # clientaliveinterval shoudl be between 1 and 900
     clientaliveinterval: 300
     ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
diff --git a/tasks/section_5/cis_5.3.x.yml b/tasks/section_5/cis_5.3.x.yml
index 1e84d3a..70e901c 100644
--- a/tasks/section_5/cis_5.3.x.yml
+++ b/tasks/section_5/cis_5.3.x.yml
@@ -297,7 +297,7 @@
         lineinfile:
             path: /etc/ssh/sshd_config
             regexp: '^ClientAliveCountMax'
-            line: "ClientAliveCountMax 0"
+            line: "ClientAliveCountMax {{ amazon2cis_sshd['clientalivecountmax'] }}"
         notify: restart sshd
   when:
       - amazon2cis_rule_5_3_16

From 90f5b0f0059312cc599fe08145e1cc6d94b6be65 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 4 Jun 2024 10:08:55 +0100
Subject: [PATCH 4/5] addressed issue #29 thanks to @msachikanta

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.4.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index 953e582..65251f2 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -28,7 +28,7 @@
         lineinfile:
             dest: /usr/lib/systemd/system/rescue.service
             regexp: '/sbin/sulogin'
-            line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default'
+            line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
   when:
       - amazon2cis_rule_1_4_2
       - ansible_facts['distribution_major_version'] is version('2', '>=')

From 4975300535c6e11c2298ad9b23ba01b0d0b54531 Mon Sep 17 00:00:00 2001
From: Mathieu Fortin <mathieu.fortin@autodesk.com>
Date: Fri, 7 Jun 2024 12:04:51 -0400
Subject: [PATCH 5/5] Updating Grub

Signed-off-by: Mathieu Fortin <mathieu.fortin@autodesk.com>
---
 tasks/section_4/cis_4.1.1.x.yml | 20 ++++++++++----------
 tasks/section_4/cis_4.1.2.x.yml | 24 ++++++++++++------------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/tasks/section_4/cis_4.1.1.x.yml b/tasks/section_4/cis_4.1.1.x.yml
index f8a7a3f..a9a0ac0 100644
--- a/tasks/section_4/cis_4.1.1.x.yml
+++ b/tasks/section_4/cis_4.1.1.x.yml
@@ -34,26 +34,26 @@
 - name: "4.1.1.3 | PATCH | Ensure auditing for processes that start prior to auditd is enabled"
   block:
       - name: "4.1.1.3 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Get Grub CMDLINE Settings"
-        shell: grep GRUB_CMDLINE_LINUX= /etc/default/grub | cut -d'"' -f2
+        shell: grep -c -E '^GRUB_CMDLINE_LINUX(_DEFAULT)?=' /etc/default/grub
         changed_when: false
         failed_when: false
         register: amazon2cis_4_1_1_3_grub_cmdline_linux
 
-      - name: "4.1.1.3 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Set if audit setting already set"
-        replace:
+      - name: "4.1.1.3 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Set if Grub CMDLINE exists"
+        lineinfile:
             path: /etc/default/grub
-            regexp: 'audit=([^\D]+)'
-            replace: 'audit=1'
+            regexp: '^(GRUB_CMDLINE_LINUX(?:_DEFAULT)?)="(.*)( audit=\d)?(.*)"'
+            line: '\1="\2 audit=1\3"'
+            backrefs: true
         notify: grub2cfg
-        when: "'audit=' in amazon2cis_4_1_1_3_grub_cmdline_linux.stdout"
+        when: "'1' in amazon2cis_4_1_1_3_grub_cmdline_linux.stdout"
 
-      - name: "4.1.1.3 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Set if audit setting not already set"
+      - name: "4.1.1.3 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Set if Grub CMDLINE does not exist"
         lineinfile:
             path: /etc/default/grub
-            regexp: '^GRUB_CMDLINE_LINUX='
-            line: 'GRUB_CMDLINE_LINUX="{{ amazon2cis_4_1_1_3_grub_cmdline_linux.stdout }} audit=1"'
+            line: 'GRUB_CMDLINE_LINUX="audit=1"'
         notify: grub2cfg
-        when: "'audit=' not in amazon2cis_4_1_1_3_grub_cmdline_linux.stdout"
+        when: "'0' in amazon2cis_4_1_1_3_grub_cmdline_linux.stdout"
   when:
       - amazon2cis_rule_4_1_1_3
   tags:
diff --git a/tasks/section_4/cis_4.1.2.x.yml b/tasks/section_4/cis_4.1.2.x.yml
index c4cbb65..15afb76 100644
--- a/tasks/section_4/cis_4.1.2.x.yml
+++ b/tasks/section_4/cis_4.1.2.x.yml
@@ -55,26 +55,26 @@
 - name: "4.1.2.4 | PATCH | Ensure audit_backlog_limit is sufficient"
   block:
       - name: "4.1.2.4 | AUDIT | Ensure audit_backlog_limit is sufficient | Grep GRUB_CMDLINE_LINUX parameter"
-        shell: grep 'GRUB_CMDLINE_LINUX=' /etc/default/grub | cut -f2 -d'"'
+        shell: grep -c -E 'GRUB_CMDLINE_LINUX(_DEFAULT)?=' /etc/default/grub
         changed_when: false
         failed_when: false
         register: amazon2cis_4_1_2_4_grub_cmdline_linux_settings
 
-      - name: "4.1.2.4 | PATCH | Ensure audit_backlog_limit is sufficient | Set audit_backlog_limit if not configured"
+      - name: "4.1.2.4 | PATCH | Ensure audit_backlog_limit is sufficient | Set audit_backlog_limit if GRUB_CMDLINE_LINUX exists"
         lineinfile:
-            dest: /etc/default/grub
-            regexp: '^GRUB_CMDLINE_LINUX='
-            line: 'GRUB_CMDLINE_LINUX="{{ amazon2cis_4_1_2_4_grub_cmdline_linux_settings.stdout }} audit_backlog_limit={{ amazon2cis_audit_backlog_limit }}"'
+            path: /etc/default/grub
+            regexp: '^(GRUB_CMDLINE_LINUX(?:_DEFAULT)?)="(.*)( audit_backlog_limit={{ amazon2cis_audit_backlog_limit }})?(.*)"'
+            line: '\1="\2 audit_backlog_limit={{ amazon2cis_audit_backlog_limit }}\3"'
+            backrefs: true
         notify: grub2cfg
-        when: '"audit_backlog_limit" not in amazon2cis_4_1_2_4_grub_cmdline_linux_settings.stdout'
+        when: "'1' in amazon2cis_4_1_2_4_grub_cmdline_linux_settings.stdout"
 
-      - name: "4.1.2.4 | PATCH | Ensure audit_backlog_limit is sufficient | Adjust audit_backlog_limit if exists"
-        replace:
-            dest: /etc/default/grub
-            regexp: 'audit_backlog_limit=([^\D]+)'
-            replace: 'audit_backlog_limit={{ amazon2cis_audit_backlog_limit }}'
+      - name: "4.1.2.4 | PATCH | Ensure audit_backlog_limit is sufficient | Set audit_backlog_limit if GRUB_CMDLINE_LINUX does not exists"
+        lineinfile:
+            path: /etc/default/grub
+            replace: 'GRUB_CMDLINE_LINUX="audit_backlog_limit={{ amazon2cis_audit_backlog_limit }}"'
         notify: grub2cfg
-        when: '"audit_backlog_limit" in amazon2cis_4_1_2_4_grub_cmdline_linux_settings.stdout'
+        when: "'0' in amazon2cis_4_1_2_4_grub_cmdline_linux_settings.stdout"
   when:
       - amazon2cis_rule_4_1_2_4
   tags: