Skip to content

Commit

Permalink
✨ Add: CIS Debian 12 L1 (#75)
Browse files Browse the repository at this point in the history 
* rm: rhel7 -> reason defunct

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add: debian12 cis

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add debian12cis1

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add debian12cis1 add readme

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* deprecated oracle7/oracle8

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* cleaned up deprecated stuff

Signed-off-by: Manuel Weber <manuel@mondoo.com>

---------

Signed-off-by: Manuel Weber <manuel@mondoo.com>
  • Loading branch information
@mm-weber
mm-weber authored Nov 8, 2024
1 parent b9c8ada commit ae6c95f
Show file tree
Hide file tree
Showing 5 changed files with 131 additions and 201 deletions.
8 changes: 2 additions & 6 deletions aws/ec2-instances/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,20 +28,16 @@ This repository contains Terraform code for provisioning AWS EC2 instances for t
| Debian 11 cnspec | Latest Debian 11 image with cnspec | `create_debian11_cnspec` | N/A |
| Debian 11 CIS | CIS Debian Linux 11 Benchmark - Level 1 | `create_debian11_cis` | [CIS Debian Linux 11 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp?sku=7158qffnkd38liu1mrksgz53n) |
| Debian 11 CIS cnspec | CIS Debian Linux 11 Benchmark - Level 1 with latest cnspec | `create_debian11_cis_cnspec` | [CIS Debian Linux 11 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp?sku=7158qffnkd38liu1mrksgz53n) |
| Oracle 7 | Latest Oracle 7 image | `create_oracle7` | |
| Oracle 7 cnspec | Latest Oracle 7 image with latest cnspec | `create_oracle7_cnspec` | |
| Debian 12 CIS | CIS Debian Linux 12 Benchmark - Level 1 | `create_debian12_cis` | [CIS Debian Linux 12 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qx5nmpdvckqgc?applicationId=AWSMPContessa&ref_=beagle&sr=0-3) |
| Debian 12 CIS cnspec | CIS Debian Linux 12 Benchmark - Level 1 with latest cnspec | `create_debian12_cis_cnspec` | [CIS Debian Linux 12 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qx5nmpdvckqgc?applicationId=AWSMPContessa&ref_=beagle&sr=0-3) |
| Oracle 7 CIS | CIS Oracle Linux 7 Benchmark - Level 1 | `create_oracle7_cis` | [CIS Oracle Linux 7 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-pshwm5x5a7wmg?sr=0-24&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 7 CIS cnspec | CIS Oracle Linux 7 Benchmark - Level 1 with latest cnspec | `create_oracle7_cis_cnspec` | [CIS Oracle Linux 7 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-pshwm5x5a7wmg?sr=0-24&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 8 | Latest Oracle 8 image | `create_oracle8` | |
| Oracle 8 cnspec | Latest Oracle 8 image with latest cnspec | `create_oracle8_cnspec` | |
| Oracle 8 CIS | CIS Oracle Linux 8 Benchmark - Level 1 | `create_oracle8_cis` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 8 CIS cnspec | CIS Oracle Linux 8 Benchmark - Level 1 with latest cnspec | `create_oracle8_cis_cnspec` | [CIS Oracle Linux 8 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-qohiqfju7iecs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) |
| Oracle 9 | Latest Oracle 9 image | `create_oracle9` | |
| Oracle 9 cnspec | Latest Oracle 9 image with latest cnspec | `create_oracle9_cnspec` | |
| Oracle 9 CIS | CIS Oracle Linux 9 Benchmark - Level 1 | `create_oracle9_cis` | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) |
| Oracle 9 CIS cnspec | CIS Oracle Linux 9 Benchmark - Level 1 with latest cnspec | `create_oracle9_cis_cnspec` | [CIS Oracle Linux 9 Benchmark - Level 1](https://aws.amazon.com/marketplace/pp/prodview-uvycouobpppp4?sr=0-1&ref_=beagle&applicationId=AWS-EC2-Console) |
| RHEL 7 | Latest Red Hat Enterprise Linux 7 | `create_rhel7` | |
| RHEL 7 cnspec | Latest Red Hat Enterprise Linux 7 with latest cnspec | `create_rhel7_cnspec` |
| RHEL 7 mondoo pass private | Saved image of a manually hardened CIS RHEL7 image (which CIS deleted) | `create_rhel7_pass_private` | |
| RHEL 8 | Latest Red Hat Enterprise Linux 8 | `create_rhel8` | |
| RHEL 8 cnspec | Latest Red Hat Enterprise Linux 8 with latest cnspec | `create_rhel8_cnspec` | |
Expand Down
68 changes: 10 additions & 58 deletions aws/ec2-instances/amis.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,22 +115,6 @@ data "aws_ami" "rhel9_cis" {
}


data "aws_ami" "rhel7" {
most_recent = true

filter {
name = "name"
values = ["RHEL_HA-7*_HVM-*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["309956199498"]
}

data "aws_ami" "rhel7-cis-pass-private" {
most_recent = true

Expand Down Expand Up @@ -411,81 +395,49 @@ data "aws_ami" "debian12" {
owners = ["136693071363"]
}

data "aws_ami" "suse15" {
data "aws_ami" "debian12_cis" {
most_recent = true

filter {
name = "name"
values = ["suse-sles-15-sp5*"]
}

filter {
name = "architecture"
values = ["x86_64"]
values = ["CIS Debian Linux 12*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["013907871322"]
owners = ["679593333241"]
}

data "aws_ami" "suse15_cis" {
data "aws_ami" "suse15" {
most_recent = true

filter {
name = "name"
values = ["CIS SUSE Linux Enterprise 15 Benchmark*Level*"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
values = ["suse-sles-15-sp5*"]
}

owners = ["679593333241"]
}

data "aws_ami" "oracle7" {
most_recent = true

filter {
name = "name"
values = ["*SupportedImages OL7.9*"]
name = "architecture"
values = ["x86_64"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}

owners = ["679593333241"]
owners = ["013907871322"]
}

#data "aws_ami" "oracle7_cis" {
# most_recent = true
#
# filter {
# name = "name"
# values = ["CIS Oracle Linux 7 Benchmark*"]
# }
#
# filter {
# name = "virtualization-type"
# values = ["hvm"]
# }
#
# owners = ["679593333241"]
#}

data "aws_ami" "oracle8" {
data "aws_ami" "suse15_cis" {
most_recent = true

filter {
name = "name"
values = ["*SupportedImages OL8.8*"]
values = ["CIS SUSE Linux Enterprise 15 Benchmark*Level*"]
}

filter {
Expand Down
173 changes: 103 additions & 70 deletions aws/ec2-instances/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,29 +286,28 @@ module "debian12_cnspec" {
user_data_replace_on_change = true
}

// Oracle 7

module "oracle7" {
module "debian12_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle7
name = "${var.prefix}-oracle7-${random_id.instance_id.id}"
ami = data.aws_ami.oracle7.id
create = var.create_debian12_cis
name = "${var.prefix}-debian12-cis-${random_id.instance_id.id}"
ami = data.aws_ami.debian12_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "oracle7_cnspec" {
module "debian12_cis_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle7_cnspec
name = "${var.prefix}-oracle7-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle7.id
create = var.create_debian12_cis_cnspec
name = "${var.prefix}-debian12-cis-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.debian12_cis.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
Expand All @@ -318,6 +317,40 @@ module "oracle7_cnspec" {
user_data_replace_on_change = true
}



// Oracle 7

#module "oracle7" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_oracle7
# name = "${var.prefix}-oracle7-${random_id.instance_id.id}"
# ami = data.aws_ami.oracle7.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
#}
#
#module "oracle7_cnspec" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_oracle7_cnspec
# name = "${var.prefix}-oracle7-cnspec-${random_id.instance_id.id}"
# ami = data.aws_ami.oracle7.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
# user_data = base64encode(local.linux_user_data)
# user_data_replace_on_change = true
#}

#module "oracle7_cis" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
Expand Down Expand Up @@ -348,37 +381,37 @@ module "oracle7_cnspec" {
# user_data_replace_on_change = true
#}

// Oracle 8

module "oracle8" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle8
name = "${var.prefix}-oracle8-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}
// Oracle 8 deprecated

module "oracle8_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_oracle8_cnspec
name = "${var.prefix}-oracle8-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.oracle8.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
user_data = base64encode(local.linux_user_data)
user_data_replace_on_change = true
}
#module "oracle8" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_oracle8
# name = "${var.prefix}-oracle8-${random_id.instance_id.id}"
# ami = data.aws_ami.oracle8.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
#}
#
#module "oracle8_cnspec" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_oracle8_cnspec
# name = "${var.prefix}-oracle8-cnspec-${random_id.instance_id.id}"
# ami = data.aws_ami.oracle8.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
# user_data = base64encode(local.linux_user_data)
# user_data_replace_on_change = true
#}

module "oracle8_cis" {
source = "terraform-aws-modules/ec2-instance/aws"
Expand Down Expand Up @@ -613,37 +646,37 @@ module "centos7_hardened_community" {
associate_public_ip_address = true
}


// Red Hat Linux 7
module "rhel7" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_rhel7
name = "${var.prefix}-rhel7-${random_id.instance_id.id}"
ami = data.aws_ami.rhel7.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
}

module "rhel7_cnspec" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 5.6.1"

create = var.create_rhel7_cnspec
name = "${var.prefix}-rhel7-cnspec-${random_id.instance_id.id}"
ami = data.aws_ami.rhel7.id
instance_type = var.linux_instance_type
vpc_security_group_ids = [module.linux_sg.security_group_id]
subnet_id = module.vpc.public_subnets[0]
key_name = var.aws_key_pair_name
associate_public_ip_address = true
user_data = base64encode(local.linux_user_data)
user_data_replace_on_change = true
}
# DISFUNCT
#// Red Hat Linux 7
#module "rhel7" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_rhel7
# name = "${var.prefix}-rhel7-${random_id.instance_id.id}"
# ami = data.aws_ami.rhel7.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
#}
#
#module "rhel7_cnspec" {
# source = "terraform-aws-modules/ec2-instance/aws"
# version = "~> 5.6.1"
#
# create = var.create_rhel7_cnspec
# name = "${var.prefix}-rhel7-cnspec-${random_id.instance_id.id}"
# ami = data.aws_ami.rhel7.id
# instance_type = var.linux_instance_type
# vpc_security_group_ids = [module.linux_sg.security_group_id]
# subnet_id = module.vpc.public_subnets[0]
# key_name = var.aws_key_pair_name
# associate_public_ip_address = true
# user_data = base64encode(local.linux_user_data)
# user_data_replace_on_change = true
#}

// Private RHEL7 Image
module "rhel7_pass_private" {
Expand Down
Loading

0 comments on commit ae6c95f

Please sign in to comment.