Rhel9

Puppetfile

@@ -4,34 +4,35 @@
 # The following directive installs modules to the managed moduledir.
 moduledir '.modules'
 
-mod 'puppetlabs/package', '2.3.0'
-mod 'puppetlabs/service', '2.3.0'
-mod 'herculesteam/augeasproviders_sysctl', '2.6.2'
-mod 'puppet/augeasproviders_pam', '3.0.1'
-mod 'puppet/augeasproviders_core', '3.2.0'
-mod 'puppetlabs/facts', '1.4.0'
-mod 'puppetlabs/apt', '8.5.0'
-mod 'camptocamp/augeas', '1.9.0'
-mod 'puppet/alternatives', '4.1.0'
-mod 'puppet/firewalld', '4.5.1'
-mod 'puppet/kmod', '3.2.0'
-mod 'puppet/logrotate', '6.1.0'
-mod 'puppet/postfix', '3.0.0'
-mod 'puppet/selinux', '3.4.1'
-mod 'puppet/systemd', '3.10.0'
-mod 'puppetlabs/augeas_core', '1.2.0'
-mod 'puppetlabs/concat', '7.2.0'
-mod 'puppetlabs/firewall', '3.5.0'
-mod 'puppetlabs/inifile', '5.3.0'
-mod 'puppetlabs/mailalias_core', '1.1.0'
-mod 'puppetlabs/ntp', '9.1.1'
-mod 'puppetlabs/puppet_agent', '4.12.1'
-mod 'puppetlabs/reboot', '4.2.0'
-mod 'puppetlabs/stdlib', '6.6.0'
-mod 'ubeek/auditd', '1.0.3'
-mod 'puppetlabs/mount_core', '1.1.0'
-mod 'puppet/cron', '3.0.0'
-mod 'puppet/augeasproviders_grub', '4.0.0'
-mod 'puppet/augeasproviders_shellvar', '5.0.0'
-mod 'puppetlabs/lvm', '1.4.0'
+mod 'puppet/chrony', '3.0.0'
 mod 'puppetlabs/exec', '2.2.0'
+mod 'puppetlabs/lvm', '1.4.0'
+mod 'puppet/augeasproviders_shellvar', '5.0.0'
+mod 'puppet/augeasproviders_grub', '4.0.0'
+mod 'puppet/cron', '3.0.0'
+mod 'puppetlabs/mount_core', '1.1.0'
+mod 'ubeek/auditd', '1.0.3'
+mod 'puppetlabs/stdlib', '6.6.0'
+mod 'puppetlabs/reboot', '4.2.0'
+mod 'puppetlabs/puppet_agent', '4.12.1'
+mod 'puppetlabs/ntp', '9.1.1'
+mod 'puppetlabs/mailalias_core', '1.1.0'
+mod 'puppetlabs/inifile', '5.3.0'
+mod 'puppetlabs/firewall', '3.5.0'
+mod 'puppetlabs/concat', '7.2.0'
+mod 'puppetlabs/augeas_core', '1.2.0'
+mod 'puppet/systemd', '3.10.0'
+mod 'puppet/selinux', '3.4.1'
+mod 'puppet/postfix', '3.0.0'
+mod 'puppet/logrotate', '6.1.0'
+mod 'puppet/kmod', '3.2.0'
+mod 'puppet/firewalld', '4.5.1'
+mod 'puppet/alternatives', '4.1.0'
+mod 'camptocamp/augeas', '1.9.0'
+mod 'puppetlabs/apt', '8.5.0'
+mod 'puppetlabs/facts', '1.4.0'
+mod 'puppet/augeasproviders_core', '3.2.0'
+mod 'puppet/augeasproviders_pam', '3.0.1'
+mod 'herculesteam/augeasproviders_sysctl', '2.6.2'
+mod 'puppetlabs/service', '2.3.0'
+mod 'puppetlabs/package', '2.3.0'

README.md

@@ -33,6 +33,8 @@ This Puppet module implements security controls defined in the Center for Intern
 | RedHat 7     | 3.1.1 |
 | RedHat 8     | 2.0.0 |
 | Rocky 8      | 1.0.0 |
+| RedHat 9     | 1.0.0 |
+| Rocky 9      | 1.0.0 |
 | SLES   15    | 1.1.1 |
 | Ubuntu 18.04 | 2.1.0 |
 | Ubuntu 20.04 | 1.1.0 |
@@ -120,7 +122,9 @@ As of enforcement for the Redhat 7 OS, there are 223 CIS rules that are either e
 
 ```yaml
 # hieradata/common.yaml
-secure_linux_cis::rules::ensure_mounting_of_squashfs_filesystems_is_disabled::enforced: false
+secure_linux_cis::exclude_rules:
+  - ensure_mounting_of_squashfs_filesystems_is_disabled
+  - ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client
 ```
 
 ### Enabling rules with Hiera (Not applicable to 3.0.0 descriptive based 'rules' .pp files)

bolt-project.yaml

@@ -30,3 +30,4 @@ modules:
 - puppetlabs/service
 - puppetlabs/exec
 - puppetlabs/package
+- puppet/chrony