final tweeks

This reverts commit 88b171bb48.

.ansible-lint

@@ -0,0 +1,12 @@
+---
+profile: production
+offline: false
+
+skip_list:
+  - "galaxy[no-changelog]"
+
+exclude_paths:
+  # would be better to move the roles here to the top-level roles directory
+  - collections/ansible_collections/demo/compliance/roles/
+  - roles/redhatofficial.*
+  - .github/

.devfile.yaml

@@ -0,0 +1,13 @@
+---
+schemaVersion: 2.2.0
+metadata:
+  name: product-demos
+components:
+  - name: product-demos-ee
+    container:
+      image: quay.io/mloriedo/ansible-creator-ee:latest  # workaround for https://github.com/eclipse/che/issues/21778
+      memoryRequest: 256M
+      memoryLimit: 5Gi
+      cpuRequest: 250m
+      cpuLimit: 2000m
+      args: ['tail', '-f', '/dev/null']

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -1,18 +0,0 @@
----
-name: Cat Lady Membership Application
-description: Tell us what qualifies you to be a registered cat fancier.
-body:
-- type: textarea
-  attributes:
-    label: Your favorite cat
-    placeholder: "Examples: Garfield, Maru, Mr. Mistoffolees"
-  validations:
-    required: true
-- type: dropdown
-  attributes:
-    label: How many rooms in your house are dedicated to cats?
-    options:
-    - 1
-    - 2
-    - All of them
-issue_body: false

.github/workflows/pre-commit.yml

@@ -0,0 +1,17 @@
+---
+name: pre-commit
+on:
+ - push
+ - pull_request_target
+
+env:
+  ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }}
+
+jobs:
+  pre-commit:
+    name: pre-commit
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
+    - uses: pre-commit/action@v3.0.0

.github/workflows/release.yml

@@ -0,0 +1,41 @@
+---
+name: release
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "v*.*.*"
+
+  workflow_run:
+    workflows: ["pre-commit"]
+    types:
+      - completed
+
+jobs:
+  release:
+    name: Release Job
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install go (required for Changelog parsing)
+        uses: actions/setup-go@v4
+
+      - name: Parse CHANGELOG.md
+        run: |
+          GO111MODULE=on go install github.com/rcmachado/changelog@0.7.0
+          changelog show "$GITHUB_REF_NAME" > ${{ github.workspace }}-CHANGELOG.txt
+          echo "Release note for $GITHUB_REF_NAME :"
+          cat ${{ github.workspace }}-CHANGELOG.txt
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          body_path: ${{ github.workspace }}-CHANGELOG.txt
+          files: |
+            LICENSE
+            CHANGELOG.md

.gitignore

@@ -1,4 +1,4 @@
-
+ansible-navigator.log
 sean_login_info.yml
 .DS_Store
 choose_demo.yml
@@ -6,3 +6,7 @@ choose_demo_example_azure.yml
 choose_demo_example_aws.yml
 .ansible.cfg
 *.gz
+*artifact*.json
+**/roles/*
+!**/roles/requirements.yml
+.deployment_id

.pre-commit-config.yaml

@@ -0,0 +1,29 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+
+      - id: check-yaml
+        exclude: \.j2.(yaml|yml)$|\.(yaml|yml).j2$
+        args: [--unsafe]   # see https://github.com/pre-commit/pre-commit-hooks/issues/273
+
+      - id: check-toml
+      - id: check-json
+      - id: check-symlinks
+
+  - repo: https://github.com/ansible/ansible-lint.git
+    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
+    rev: v6.20.3
+    hooks:
+      - id: ansible-lint
+        additional_dependencies:
+          - jmespath
+
+  - repo: https://github.com/psf/black-pre-commit-mirror
+    rev: 23.11.0
+    hooks:
+      - id: black
+...

.vscode/extensions.json

@@ -0,0 +1,7 @@
+{
+    "recommendations": [
+        "redhat.vscode-yaml",
+        "redhat.ansible",
+        "ms-python.black-formatter"
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "editor.renderWhitespace": "all"
+}

.yamllint

@@ -0,0 +1,19 @@
+---
+extends: default
+
+rules:
+  line-length: disable
+  trailing-spaces: enable
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: -1
+  indentation:
+    level: error
+    indent-sequences: true  # consistent with ansible-lint
+  truthy:
+    level: error
+    allowed-values:
+      - 'true'
+      - 'false'
+
+...

CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v-0.0.1](https://github.com/ansible/product-demos/-/tree/v-0.0.1) - 2024-01-12
+
+### Added
+
+- Initial release  ([1af584b4ea6d77812bfcb2f6474fee6ee1b13666](https://github.com/ansible/product-demos/-/commit/1af584b4ea6d77812bfcb2f6474fee6ee1b13666))

CONTRIBUTING.md

@@ -0,0 +1,147 @@
+# Contribution Guidelines
+This document aims to outline the requirements for the various forms of contribution for this project.
+
+## Project Architecture
+
+![project-architecture](.github/images/project-architecture.png)
+
+## Pull Requests
+
+**ALL** contributions are subject to review via pull request
+
+### Pull Requests
+1) Ensure the "base repository" is set to "ansible/product-demos".
+
+#### Pull Request Guidelines
+- PRs should include the playbook/demo and required entry in corresponding `<demo>/setup.yml`.
+- PRs should include documentation in corresponding `<demo>/README.md`.
+- PRs should be rebased against the `main` branch to avoid conflicts.
+- PRs should not impact more than a single directory/demo section.
+- PRs should not rely on external infrastructure or configuration unless the dependency is automated or specified in the `user_message` of `setup.yml`.
+
+## Adding a New Demo
+1) Create a new branch based on main. (eg. `git checkout -b <branch name>`)
+2) Add your playbook to the appropriate demo/section subdirectory.
+3) Make any changes needed to match the existing standards in the directory.
+   1) Ex: Parameterized hosts
+   ```ansible
+   hosts: "{{ _hosts | default('windows') }}"
+   ```
+4) Create an entry for your playbook in your subdirectories `setup.yml`
+   1) You can copy paste an existing one and edit it.
+   2) Ensure you edit the name, playbook path, survey etc.
+5) Add any needed roles/collections to the [requirements.yml](/collections/requirements.yml)
+6) Test via [demo.redhat.com](https://demo.redhat.com/catalog?item=babylon-catalog-prod/sandboxes-gpte.aap-product-demos.prod&utm_source=webapp&utm_medium=share-link), specify your branch name within the project configuration.
+
+> NOTE: demo.redhat.com is available to Red Hat Associates and Partners with a valid account.
+
+## New Demo Section/Category
+1) Create a new subdirectory with no spaces
+2) Create a new setup.yml copying appropriate elements from another
+   - Below is a sample skeleton for a new setup.yml
+    ```ansible
+    ---
+    user_message: ''
+
+    controller_components:
+    - job_templates
+
+    controller_templates:
+    ...
+    ```
+   - `controller_components` can be any of the roles defined [here](https://github.com/redhat-cop/controller_configuration/tree/devel/roles)
+   - Add variables for each component listed
+3) Include a README.md in the subdirectory
+
+## Testing
+
+We utilize pre-commit to handle Git hooks, initiating a pre-commit check with each commit, both locally and on CI.
+
+To install pre-commit, use the following commands:
+```bash
+pip install pre-commit
+pre-commit install
+```
+
+For further details, refer to the [pre-commit installation documentation](https://pre-commit.com/#installation).
+
+To execute ansible-lint (whether within pre-commit or independently), you must configure an environment variable for the token required to connect to Automation Hub. Obtain the token [here](https://console.redhat.com/ansible/automation-hub/token).
+
+Copy the token value and execute the following command:
+
+```bash
+export ANSIBLE_GALAXY_SERVER_AH_TOKEN=<token>
+```
+
+## Release Process
+
+We follow a structured release process for this project. Here are the steps involved:
+
+1. **Create a Release Branch:**
+   - Start by creating a new release branch from the `main` branch.
+
+   ```bash
+   git checkout -b release/v-<version>
+   ```
+
+2. **Update Changelog:**
+   - Open the `CHANGELOG.md` file to manually add your change to the appropriate section.
+   - Our changelog follows the [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) format and includes the following categories of changes:
+
+     - `Added` for new features.
+     - `Changed` for changes in existing functionality.
+     - `Deprecated` for features that will be removed in upcoming releases.
+     - `Fixed` for bug fixes.
+     - `Removed` for deprecated features that were removed.
+     - `Security` for security-related changes.
+
+   - Add a new entry under the relevant category. Include a brief summary of the change and the merge request commit tag.
+
+     ```markdown
+     ## [Unreleased]
+
+     ### Added
+
+     - New feature or enhancement ([Merge Request Commit](https://github.com/ansible/product-demos/-/commit/<commit-hash>))
+     ```
+
+   - Replace `<commit-hash>` with the actual commit hash from the merge request.
+
+3. **Commit Changes:**
+   - Commit the changes made to the `CHANGELOG.md` file.
+
+   ```bash
+   git add CHANGELOG.md
+   git commit -m "Update CHANGELOG for release <version>"
+   ```
+
+4. **Create a Pull Request:**
+   - Open a pull request from the release branch to the `main` branch.
+
+5. **Review and Merge:**
+   - Review the pull request and merge it into the `main` branch.
+
+6. **Tag the Release:**
+   - Once the pull request is merged, tag the release with the version number.
+
+   ```bash
+   git tag -a v-<version> -m "Release <version>"
+   git push origin v-<version>
+   ```
+
+7. **Publish the Release:**
+   - After the successful completion of the pull request and merging into the `main` branch, an automatic GitHub Action will be triggered to publish the release.
+
+     The GitHub Action will perform the following steps:
+     - Parse the `CHANGELOG.md` file.
+     - Generate a release note based on the changes.
+     - Attach relevant files (such as `LICENSE`, `CHANGELOG.md`, and the generated `CHANGELOG.txt`) to the GitHub Release.
+
+     No manual intervention is required for this step; the GitHub Action will handle the release process automatically.
+
+8. **Cleanup:**
+   - Delete the release branch.
+
+   ```bash
+   git branch -d release/v-<version>
+   ```

README.md

@@ -1,268 +1,67 @@
+[![Lab](https://img.shields.io/badge/Try%20Me-EE0000?style=for-the-badge&logo=redhat&logoColor=white)](https://red.ht/aap-product-demos)
+[![Dev Spaces](https://img.shields.io/badge/Customize%20Here-0078d7.svg?style=for-the-badge&logo=visual-studio-code&logoColor=white)](https://workspaces.openshift.com/f?url=https://github.com/ansible/product-demos)
+
 # Official Ansible Product Demos
 
-This repo currently under construction and working on a minimal viable demo for testing purposes
+This is a centralized location for Ansible Product Demos. This project is a collection of use cases implemented with Ansible for use with the Ansible Automation Platform.
 
-# Table of contents
+| Demo Name | Description |
+|-----------|-------------|
+| [Linux](linux/README.md) | Repository of demos for RHEL and Linux automation |
+| [Windows](windows/README.md) | Repository of demos for Windows Server automation |
+| [Cloud](cloud/README.md) | Demo for infrastructure and cloud provisioning automation |
+| [Network](network/README.md) | Ansible Network automation demos |
+| [Satellite](satellite/README.md) | Demos of automation with Red Hat Satellite Server |
 
-   * [How to use](#how-to-use)
-      * [1. Provide login information and choose demo](#1-provide-login-information-and-choose-demo)
-      * [2. Run Ansible Playbook](#2-run-ansible-playbook)
-   * [Demo Repository](#demo-repository)
-      * [Infrastructure Demos](#infrastructure-demos)
-      * [Network Demos](#network-demos)
-      * [Security Demos](#security-demos)
-      * [Developer Demos](#developer-demos)
-   * [Contribute](#contribute)
-   * [Notes](#notes)
+## Contributions
 
-# How to use
+If you would like to contribute to this project please refer to [contribution guide](CONTRIBUTING.md) for best practices.
 
-## 1. Provide login information and choose demo
+## Using this project
 
-  - Modify the `choose_demo.yml` file that is included in this repo with the username, password and IP address (or DNS name) of your Ansible Tower
-  - Choose the demo name you want from the table below (or choose `all`)
+This project is tested for compatibility with the [demo.redhat.com Product Demos Sandbox]([red.ht/aap-product-demos](https://demo.redhat.com/catalog?item=babylon-catalog-prod/sandboxes-gpte.aap-product-demos.prod&utm_source=webapp&utm_medium=share-link)) lab environment. To use with other Ansible Controller installations, review the [prerequisite documentation](https://github.com/RedHatGov/ansible-tower-samples).
 
-## 2. Run Ansible Playbook
+> NOTE: demo.redhat.com is available to Red Hat Associates and Partners with a valid account.
 
-```
-ansible-playbook playbooks/install_demo.yml -e @choose_demo.yml
-```
+1. First you must create a credential for [Automation Hub](https://console.redhat.com/ansible/automation-hub/) to successfully sync collections used by this project.
 
-# Demo Repository
+   1. In the Credentials section of the Controller UI, add a new Credential called `Automation Hub` with the type `Ansible Galaxy/Automation Hub API Token`
+   2. You can obtain a token [here](https://console.redhat.com/ansible/automation-hub/token). This page will also provide the Server URL and Auth Server URL.
+   3. Next, click on Organizations and edit the `Default` organization. Add your `Automation Hub` credential to the `Galaxy Credentials` section. Don't forget to click **Save**!!
 
-This repository currently holds 21 demos.
+      > You can also use an execution environment for disconnected environments. To do this, you must disable collection downloads in the Controller. This can be done in `Settings` > `Job Settings`. This setting prevents the controller from downloading collections listed in the [collections/requirements.yml](collections/requirements.yml) file.
 
-## Infrastructure Demos
-<table>
-  <tr>
-    <th>Demo Name</th>
-    <th>Author</th>
-    <th>install_demo.yml value</th>
-    <th>Description</th>
-    <th>Video Walkthrough</th>
-    <th>Workshop Types</th>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/azure_provision_vm.md">INFRASTRUCTURE / Azure create a MySQL Server</a></td>
-    <td>David Rojas</td>
-    <td><pre>demo: azure_mysql_server</pre></td>
-    <td>Provision MySQL server on Azure with Ansible Tower Survey and Environmental variables</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/azure_provision_vm.md">INFRASTRUCTURE / Azure Provision VM</a></td>
-    <td>David Rojas</td>
-    <td><pre>demo: azure_provision_vm</pre></td>
-    <td>Provision RHEL VM on Azure with Ansible Tower Survey and Environmental variables</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/chocolatey_app_install.md">INFRASTRUCTURE / Chocolatey App Install</a></td>
-    <td>David Rojas</td>
-    <td><pre>demo: chocolatey_app_install</pre></td>
-    <td>Install various application packages using Chocolatey from a survey</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/chocolatey_config.md">INFRASTRUCTURE / Chocolatey Config</a></td>
-    <td>David Rojas</td>
-    <td><pre>demo: chocolatey_config</pre></td>
-    <td>Configure Chocolatey parameters that require not just enabling but adding values</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/chocolatey_features.md">INFRASTRUCTURE / Chocolatey Features Config</a></td>
-    <td>David Rojas</td>
-    <td><pre>demo: chocolatey_features</pre></td>
-    <td>Enable or disable various Chocolatey features</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/deploy_application.md">INFRASTRUCTURE / Deploy Application</a></td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: deploy_application</pre></td>
-    <td>install yum applications on Linux with a survey</td>
-    <td><a href="https://www.youtube.com/watch?v=pU8ZgSBuEJw&list=PLdu06OJoEf2bp-PNtxPP_2n7Avkax8TED">Video Link</a></td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Fact Scan</td>
-    <td>Will Tome</td>
-    <td><pre>demo: fact_scan</pre></td>
-    <td>scan facts for Linux and Windows systems</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>windows</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Gather Debug Info</td>
-    <td>Will Tome</td>
-    <td><pre>demo: debug_info</pre></td>
-    <td>provide info for memory and CPU usage for specified systems</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Grant Sudo</td>
-    <td>Will Tome</td>
-    <td><pre>demo: grant_sudo</pre></td>
-    <td>grant sudo privledges for specified time via survey</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Patching</td>
-    <td>Will Tome</td>
-    <td><pre>demo: patching</pre></td>
-    <td>patching for Linux servers</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Red Hat Insights</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: insights</pre></td>
-    <td>install and configure Red Hat Insights</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Security Patching</td>
-    <td>Will Tome</td>
-    <td><pre>demo: security_patching</pre></td>
-    <td>upgrade all yum packages for security related except kernel</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>INFRASTRUCTURE / Turn off IBM Community Grid</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: turn_off_community_grid</pre></td>
-    <td>this role turns off IBM Community Grid boinc-client</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td><a href="https://github.com/ansible/product-demos/blob/master/docs/infrastructure/windows_regedit_legal_notice.md">INFRASTRUCTURE / Windows regedit legal notice</a></td>
-    <td>David Rojas</td>
-    <td><pre>demo: windows_regedit_legal_notice</pre></td>
-    <td>using regedit modify the legal notice</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>SERVER / Windows IIS Server</td>
-    <td>Colin McNaughton</td>
-    <td><pre>demo: windows_iis</pre></td>
-    <td>install webserver on Windows Server with a survey</td>
-    <td>Not available </td>
-    <td><ul><li>windows</li><li>demo</li></ul></td>
-  </tr>
-</table>
+2. If it is not already created for you, add an Execution Environment called `product-demos`
 
-## Network Demos
+     - Name: product-demos
+     - Image: quay.io/acme_corp/product-demos-ee:latest
+     - Pull: Only pull the image if not present before running
 
-<table>
-  <tr>
-    <th>Demo Name</th>
-    <th>Author</th>
-    <th>install_demo.yml value</th>
-    <th>Description</th>
-    <th>Video Walkthrough</th>
-    <th>Workshop Types</th>
-  </tr>
-  <tr>
-    <td>Cisco IOS logging config audit/remediation</td>
-    <td>Colin McCarthy</td>
-    <td><pre>demo: configlet_logging</pre></td>
-    <td>Cisco IOS logging config audit/remediation</td>
-    <td>Not available </td>
-    <td><ul><li>network</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>Cisco IOS ntp config audit/remediation</td>
-    <td>Colin McCarthy</td>
-    <td><pre>demo: configlet_ntp</pre></td>
-    <td>Cisco IOS ntp config audit/remediation</td>
-    <td>Not available </td>
-    <td><ul><li>network</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>NETWORK / WORKFLOW - F5 BIG-IP</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: f5_bigip_workflow</pre></td>
-    <td>Workflow for F5 BIG-IP to setup a VIP (Virtual IP) load balancer between two RHEL webservers</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>demo</li></ul></td>
-  </tr>
-</table>
+3. If it is not already created for you, create a Project called `Ansible official demo project` with this repo as a source. NOTE: if you are using a fork, be sure that you have the correct URL. Update the project.
 
-## Security Demos
+4. Finally, Create a Job Template called `Setup` with the following configuration:
 
-<table>
-  <tr>
-    <th>Demo Name</th>
-    <th>Author</th>
-    <th>install_demo.yml value</th>
-    <th>Description</th>
-    <th>Video Walkthrough</th>
-    <th>Workshop Types</th>
-  </tr>
-  <tr>
-    <td>SECURITY / Create Openscap Report</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: openscap</pre></td>
-    <td>Create HTML report using SCAP Security Guide (SSG)</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-  <tr>
-    <td>SECURITY / Hardening</td>
-    <td>Will Tome</td>
-    <td><pre>demo: hardening</pre></td>
-    <td>hardening for Linux servers</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-</table>
+     - Name: Setup
+     - Inventory: Demo Inventory
+     - Exec Env: product-demos
+     - Playbook: setup_demo.yml
+     - Credentials:
+        - Type: Red Hat Ansible Automation Platform
+        - Name: Controller Credential
+     - Extra vars:
 
-## Developer Demos
+            demo: <linux or windows or cloud or network>
 
-<table>
-  <tr>
-    <th>Demo Name</th>
-    <th>Author</th>
-    <th>install_demo.yml value</th>
-    <th>Description</th>
-    <th>Video Walkthrough</th>
-    <th>Workshop Types</th>
-  </tr>
-  <tr>
-    <td>DEVELOPER / Create Developer Report</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: developer_report</pre></td>
-    <td>'Create HTML report using <a href="https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts">Ansible facts</a>'
-</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li><li>rhel_90</li><li>demo</li></ul></td>
-  </tr>
-</table>
+## Bring Your Own Demo
 
+Can't find what you're looking for? Customize this repo to make it your own.
 
-# Contribute
+1. Create a fork of this repo.
+2. Update the URL of the `Ansible official demo project` in the Controller.
+3. Make changes as needed and run the **Setup** job
 
-please refer to the [contribute.md](docs/contribute.md) documentation included in this collection.
+See the [contribution guide](CONTRIBUTING.md) for more details on how to customize the project.
 
-# Notes
+---
 
-This README.md was auto-generated by Ansible user **colin** on **2020-12-09** with Ansible version **2.9.13.post0**
-
-To generate a README.md, execute the following command
-
-```
-ansible-playbook playbooks/generate_readme.yml
-```
+[Privacy statement](https://www.redhat.com/en/about/privacy-policy) | [Terms of use](https://www.redhat.com/en/about/terms-use) | [Security disclosure](https://www.ansible.com/security?hsLang=en-us) | [All policies and guidelines](https://www.redhat.com/en/about/all-policies-guidelines)

ansible.cfg

@@ -0,0 +1,16 @@
+[defaults]
+collections_path=./collections
+roles_path=./roles
+
+[galaxy]
+server_list = ah,galaxy
+
+[galaxy_server.ah]
+# Grab a token at https://console.redhat.com/ansible/automation-hub/token
+# Then define it using ANSIBLE_GALAXY_SERVER_AH_TOKEN=""
+
+url=https://console.redhat.com/api/automation-hub/content/published/
+auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
+
+[galaxy_server.galaxy]
+url=https://galaxy.ansible.com/

choose_demo.yml

@@ -1,29 +0,0 @@
----
-## example file for how to choose a demo
-## chose specific demo or choose all
-
-# SPECIFIC - example that installs just the deploy_application job template
-demo: developer_report
-
-# ALL - example that installs all demos
-# demo: all
-
-## Ansible Tower login infomation
-my_tower_username: colin
-my_tower_password: mahalo
-my_tower_host: test.rhdemo.io
-workshop_type: rhel
-
-# leave as comments unless you are deploying an public cloud Demo. Possible values are aws or azure
-public_cloud: none
-#only uncomment these and supply values for setting up an Azure Cloud Demo which means public_cloud: azure above
-#these value below are fake sample values only
-#my_subscription: bb66f723-9eb9-405b-7889-2e722a5a5a45
-#my_tenant: bbe51e50-8759-5cc6-93f7-71985d8dbddf
-#my_client: 7e7d5fd3-c84b-b64c-ae96-cf474f4aa573
-#my_secret: K1S5~EqpmvG68i8ni9-b1hmn3~yROfHM_I 
-#only uncomment these and supply values for setting up an AWS Cloud Demo which means public_cloud: aws above
-#these value below are fake sample values only
-#my_access_key: kwjewk4h54jker
-#my_secret_key: wnwrl4nwwrh6srwo4rwher4
-

choose_demo_example_aws.yml

@@ -1,33 +0,0 @@
----
-## example file for how to choose a demo
-## chose specific demo or choose all
-
-# SPECIFIC - example that installs just the deploy_application job template
-demo: aws_provision_vm
-
-# ALL - example that installs all demos
-# demo: all
-
-## Ansible Tower login infomation
-my_tower_username: student1  
-my_tower_password: TnSynS1Re31ZAF
-my_tower_host: student1.cb8b.open.redhat.com
-workshop_type: windows
-
-# leave as comments unless you are deploying an public cloud Demo 
-public_cloud: aws
-#only uncomment these and supply values for setting up an Azure Cloud Demo which means public_cloud: azure above
-#these value below are fake sample values only
-#my_subscription: bb66f723-9eb9-405b-7889-2e722a5a5a45
-#my_tenant: bbe51e50-8759-5cc6-93f7-71985d8dbddf
-#my_client: 7e7d5fd3-c84b-b64c-ae96-cf474f4aa573
-#my_secret: K1S5~EqpmvG68i8ni9-b1hmn3~yROfHM_I 
-#only uncomment these and supply values for setting up an AWS Cloud Demo which means public_cloud: aws above
-#these value below are fake sample values only
-my_access_key: 345IAJUNULTMIXFDSDFGF
-my_secret_key: 567BqE+YAH7DFG4RGSSDFG5SGDFGSDGF4
-
-
-
- 
-

choose_demo_example_azure.yml

@@ -1,32 +0,0 @@
----
-## example file for how to choose a demo
-## chose specific demo or choose all
-
-# SPECIFIC - example that installs just the deploy_application job template
-demo: azure_provision_vm
-
-# ALL - example that installs all demos
-# demo: all
-
-## Ansible Tower login infomation
-my_tower_username: drojas  
-my_tower_password: zapata
-my_tower_host: test.rhdemo.io
-workshop_type: windows
-
-# leave as comments unless you are deploying an public cloud Demo. Possible values are aws or azure
-public_cloud: azure
-#only uncomment these and supply values for setting up an Azure Cloud Demo which means public_cloud: azure above
-#these value below are fake sample values only
-my_subscription: bb66f723-9eb9-405b-7889-2e722a5a5a45
-my_tenant: bbe51e50-8759-5cc6-93f7-71985d8dbddf
-my_client: 7e7d5fd3-c84b-b64c-ae96-cf474f4aa573
-my_secret: K1S5~EqpmvG68i8ni9-b1hmn3~yROfHM_I 
-#only uncomment these and supply values for setting up an AWS Cloud Demo which means public_cloud: aws above
-#these value below are fake sample values only
-#my_access_key: kwjewk4h54jker
-#my_secret_key: wnwrl4nwwrh6srwo4rwher4 
-
-
- 
-

cloud/README.md

@@ -0,0 +1,69 @@
+# Cloud Demos
+
+## Table of Contents
+- [Cloud Demos](#cloud-demos)
+  - [Table of Contents](#table-of-contents)
+  - [About These Demos](#about-these-demos)
+    - [Jobs](#jobs)
+    - [Inventory](#inventory)
+  - [Post Setup Setup](#post-setup-setup)
+    - [Configure Credentials](#configure-credentials)
+    - [Add Workshop Credential Password](#add-workshop-credential-password)
+    - [Remove Inventory Variables](#remove-inventory-variables)
+    - [Getting your Puiblic Key for Create Keypair Job](#getting-your-puiblic-key-for-create-keypair-job)
+  - [Suggested Usage](#suggested-usage)
+  - [Known Issues](#known-issues)
+
+## About These Demos
+This category of demos shows examples of multi-cloud provisioning and management with Ansible Automation Platform. The list of demos can be found below. These demos are particularly helpful in building additional infrastructure for other demo categories such as Linux and Windows. See the [Suggested Usage](#suggested-usage) section of this document for recommendations on how to best use these demos.
+
+### Jobs
+
+- [**Cloud / Create Infra**](create_infra.yml) - Creates a VPC with required routing and firewall rules for provisioning VMs
+- [**Cloud / Create Keypair**](aws_key.yml) - Creates a keypair for connecting to EC2 instances
+- [**Cloud / Create VM**](create_vm.yml) - Create a VM based on a [blueprint](blueprints/) in the selected cloud provider
+- [**Cloud / Destroy VM**](destroy_vm.yml) - Destroy a VM that has been created in a cloud provider. VM must be imported into dynamic inventory to be deleted.
+- [**Cloud / Snapshot EC2**](snapshot_ec2.yml) - Snapshot a VM that has been created in a cloud provider. VM must be imported into dynamic inventory to be snapshot.
+- [**Cloud / Restore EC2 from Snapshot**](snapshot_ec2.yml) - Restore a VM that has been created in a cloud provider.  By default, volumes will be restored from their latest snapshot. VM must be imported into dynamic inventory to be patched.
+
+### Inventory
+
+A dynamic inventory is created to pull inventory hosts from cloud providers. The VM will be added by name therefore provisioning VMs with the same name will cause conflict in the inventory.
+
+Groups will be created based on the operating system (platform) of the VM provisioned as well as a group called `cloud_<cloud provider>`.
+
+## Post Setup Setup
+After running the setup job template, there are a few steps required to make the demos fully functional. See post setup actions below.
+
+   > These steps may differ if you in your environment
+
+### Configure Credentials
+
+- Add AWS Access and Secret key to the `AWS` Credential created by the setup job.
+
+### Add Workshop Credential Password
+
+1) Add a password that meets the [default complexity requirements](https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements#reference). This allows you to connect to Windows Servers provisioned with Create VM job. Required until [RFE](https://github.com/ansible/workshops/issues/1597]) is complete
+
+### Remove Inventory Variables
+
+1) Remove Workshop Inventory variables on the Details page of the inventory. Required until [RFE](https://github.com/ansible/workshops/issues/1597]) is complete
+
+### Getting your Puiblic Key for Create Keypair Job
+
+1) Connect to the command line of your Controller server. This is easiest to do by opening the VS Code Web Editor from the landing page where you found the Controller login details.
+2) Open a Terminal Window in the VS Code Web Editor.
+3) SSH to one of your linux nodes (eg. `ssh node1`). This should log you into the node as `ec2-user`
+4) `cat .ssh/authorized_keys` and copy the key listed including the  `ssh-rsa` prefix
+
+
+## Suggested Usage
+
+**Cloud / Create Keypair** - The Create Keypair job creates an EC2 keypair which can be used when creating EC2 instances to enable SSH access.
+
+**Cloud / Create VM** - The Create VM job builds a VM in the given provider based on the included `demo.cloud` collection. VM [blueprints](blueprints/) define variables for each provider that override the defaults in the collection. When creating VMs it is recommended to follow naming conventions that can be used as host patterns. (eg. VM names: `win1`, `win2`, `win3`.  Host Pattern: `win*` )
+
+**Cloud / AWS / Patch EC2 Workflow** - Create a VPC and one or more linux VM(s) in AWS using the `Cloud / Create VPC` and `Cloud / Create VM` templates. Run the workflow and observe the instance snapshots followed by patching operation. Optionally, use the survey to force a patch failure in order to demonstrate the restore path. At this time, the workflow does not support patching Windows instances.
+
+## Known Issues
+Azure does not work without a custom execution environment that includes the Azure dependencies.

cloud/aws_key.yml

@@ -0,0 +1,25 @@
+---
+- name: Create AWS keypair
+  hosts: localhost
+  vars:
+    aws_key_name: aws-test-key
+    aws_keypair_owner: undef
+
+  tasks:
+    - name: Fail if variables not defined
+      ansible.builtin.assert:
+        that:
+          - aws_key_name is defined
+          - create_vm_aws_region is defined
+          - aws_public_key is defined
+          - aws_keypair_owner is defined
+        fail_msg: "Required variables not set"
+
+    - name: Create AWS keypair
+      amazon.aws.ec2_key:
+        name: "{{ aws_key_name }}"
+        region: "{{ create_vm_aws_region }}"
+        key_material: "{{ aws_public_key }}"
+        state: present
+        tags:
+          owner: "{{ aws_keypair_owner }}"

cloud/blueprints/al2023.yml

@@ -0,0 +1,6 @@
+---
+vm_providers:
+  - aws
+aws_instance_size: t3.micro
+aws_image_architecture: x86_64
+aws_image_filter: 'al2023-ami-2023*'

cloud/blueprints/rhel7.yml

@@ -0,0 +1,7 @@
+---
+vm_providers:
+  - aws
+aws_image_owners: 309956199498
+aws_instance_size: t2.medium
+aws_image_architecture: x86_64
+aws_image_filter: 'RHEL-7.9_HVM*'

cloud/blueprints/rhel8.yml

@@ -0,0 +1,7 @@
+---
+vm_providers:
+  - aws
+aws_image_owners: 309956199498
+aws_instance_size: t3.micro
+aws_image_architecture: x86_64
+aws_image_filter: 'RHEL-8*HVM-*Hourly*'

cloud/blueprints/rhel9.yml

@@ -0,0 +1,7 @@
+---
+vm_providers:
+  - aws
+aws_image_owners: 309956199498
+aws_instance_size: t3.micro
+aws_image_architecture: x86_64
+aws_image_filter: 'RHEL-9*HVM-*Hourly*'

cloud/blueprints/windows.yml

@@ -0,0 +1,14 @@
+---
+vm_blueprint_providers:
+  - aws
+  - azure
+aws_image_filter: 'Windows_Server-2019-English-Core-Base*'
+aws_instance_size: t3.medium
+aws_userdata_template: aws_windows_userdata
+az_vm_os_type: Windows
+az_vm_size: Standard_DS1_v2
+az_vm_image:
+  offer: WindowsServer
+  publisher: MicrosoftWindowsServer
+  sku: 2022-Datacenter
+  version: latest

cloud/blueprints/windows_core.yml

@@ -0,0 +1,6 @@
+---
+vm_blueprint_providers:
+ - aws
+aws_image_filter: 'Windows_Server-2019-English-Core-Base*'
+aws_instance_size: t3.medium
+aws_userdata_template: aws_windows_userdata

cloud/blueprints/windows_full.yml

@@ -0,0 +1,6 @@
+---
+vm_blueprint_providers:
+ - aws
+aws_image_filter: 'Windows_Server-2019-English-Full-Base*'
+aws_instance_size: t3.medium
+aws_userdata_template: aws_windows_userdata

cloud/create_vpc.yml

@@ -0,0 +1,124 @@
+---
+- name: Create Cloud Infra
+  hosts: localhost
+  gather_facts: false
+  vars:
+    aws_vpc_name: aws-test-vpc
+    aws_owner_tag: default
+    aws_purpose_tag: ansible_demo
+    aws_tenancy: default
+    aws_vpc_cidr_block: 10.0.0.0/16
+    aws_subnet_cidr: 10.0.1.0/24
+    aws_sg_name: aws-test-sg
+    aws_subnet_name: aws-test-subnet
+    aws_rt_name: aws-test-rt
+
+  tasks:
+    - name: Create VPC
+      amazon.aws.ec2_vpc_net:
+        state: present
+        name: "{{ aws_vpc_name }}"
+        cidr_block: "{{ aws_vpc_cidr_block }}"
+        tenancy: "{{ aws_tenancy }}"
+        region: "{{ create_vm_aws_region }}"
+        tags:
+          owner: "{{ aws_owner_tag }}"
+          purpose: "{{ aws_purpose_tag }}"
+      register: aws_vpc
+
+    - name: Create internet gateway
+      amazon.aws.ec2_vpc_igw:
+        state: present
+        vpc_id: "{{ aws_vpc.vpc.id }}"
+        region: "{{ create_vm_aws_region }}"
+        tags:
+          Name: "{{ aws_vpc_name }}"
+          owner: "{{ aws_owner_tag }}"
+          purpose: "{{ aws_purpose_tag }}"
+      register: aws_gateway
+
+    - name: Create security group internal
+      amazon.aws.ec2_security_group:
+        state: present
+        name: "{{ aws_sg_name }}"
+        region: "{{ create_vm_aws_region }}"
+        description: Inbound WinRM and RDP, http for demo servers and internal AD ports
+        rules:
+          - proto: tcp
+            ports:
+              - 80  # HTTP
+              - 443  # HTTPS
+              - 22  # SSH
+              - 5986  # WinRM
+              - 3389  # RDP
+              - 9090  # Cockpit
+            cidr_ip: 0.0.0.0/0
+          - proto: icmp
+            to_port: -1
+            from_port: -1
+            cidr_ip: 0.0.0.0/0
+          - proto: tcp
+            ports:
+              - 80  # HTTP
+              - 5986  # WinRM
+              - 3389  # RDP
+              - 53  # DNS
+              - 88  # Kerberos Authentication
+              - 135  # RPC
+              - 139  # Netlogon
+              - 389  # LDAP
+              - 445  # SMB
+              - 464  # Kerberos Authentication
+              - 5432  # PostgreSQL
+              - 636  # LDAPS (LDAP over TLS)
+              - 873  # Rsync
+              - 3268-3269  # Global Catalog
+              - 1024-65535  # Ephemeral RPC ports
+            cidr_ip: "{{ aws_vpc_cidr_block }}"
+          - proto: udp
+            ports:
+              - 53  # DNS
+              - 88  # Kerberos Authentication
+              - 123  # NTP
+              - 137-138  # Netlogon
+              - 389  # LDAP
+              - 445  # SMB
+              - 464  # Kerberos Authentication
+              - 1024-65535  # Ephemeral RPC ports
+            cidr_ip: "{{ aws_vpc_cidr_block }}"
+        rules_egress:
+          - proto: -1
+            cidr_ip: 0.0.0.0/0
+        vpc_id: "{{ aws_vpc.vpc.id }}"
+        tags:
+          Name: "{{ aws_sg_name }}"
+          owner: "{{ aws_owner_tag }}"
+          purpose: "{{ aws_purpose_tag }}"
+
+    - name: Create a subnet on the VPC
+      amazon.aws.ec2_vpc_subnet:
+        state: present
+        vpc_id: "{{ aws_vpc.vpc.id }}"
+        cidr: "{{ aws_subnet_cidr }}"
+        region: "{{ create_vm_aws_region }}"
+        map_public: true
+        tags:
+          Name: "{{ aws_subnet_name }}"
+          owner: "{{ aws_owner_tag }}"
+          purpose: "{{ aws_purpose_tag }}"
+      register: aws_subnet
+
+    - name: Create a subnet route table
+      amazon.aws.ec2_vpc_route_table:
+        state: present
+        vpc_id: "{{ aws_vpc.vpc.id }}"
+        region: "{{ create_vm_aws_region }}"
+        subnets:
+          - "{{ aws_subnet.subnet.id }}"
+        routes:
+          - dest: 0.0.0.0/0
+            gateway_id: "{{ aws_gateway.gateway_id }}"
+        tags:
+          Name: "{{ aws_rt_name }}"
+          owner: "{{ aws_owner_tag }}"
+          purpose: "{{ aws_purpose_tag }}"

cloud/restore_ec2.yml

@@ -0,0 +1,10 @@
+---
+- name: Restore ec2 instance from snapshot
+  hosts: "{{ _hosts | default(omit) }}"
+  gather_facts: false
+
+  tasks:
+    - name: Include restore from snapshot role
+      ansible.builtin.include_role:
+        name: "demo.cloud.aws"
+        tasks_from: restore_vm

cloud/setup.yml

@@ -0,0 +1,629 @@
+---
+_deployment_id: "{{ lookup('file', playbook_dir + '/.deployment_id') }}"
+
+user_message:
+
+controller_execution_environments:
+  - name: Cloud Services Execution Environment
+    image: quay.io/scottharwell/cloud-ee:latest
+
+controller_projects:
+  - name: Ansible Cloud Content Lab - AWS
+    organization: Default
+    scm_type: git
+    wait: true
+    scm_url: https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git
+    default_environment: Cloud Services Execution Environment
+
+controller_credentials:
+  - name: AWS
+    credential_type: Amazon Web Services
+    organization: Default
+    update_secrets: false
+    state: exists
+    inputs:
+      username: REPLACEME
+      password: REPLACEME
+
+#  - name: Azure
+#    credential_type: Microsoft Azure Resource Manager
+#    organization: Default
+#    update_secrets: false
+#    inputs:
+#      subscription: REPLACEME
+
+controller_inventory_sources:
+  - name: AWS Inventory
+    organization: Default
+    source: ec2
+    inventory: Demo Inventory
+    credential: AWS
+    overwrite: true
+    source_vars:
+      hostnames:
+        - tag:Name
+      compose:
+        ansible_host: public_ip_address
+        ansible_user: 'ec2-user'
+      groups:
+        cloud_aws: true
+        os_linux: tags.blueprint.startswith('rhel')
+      keyed_groups:
+        - key: platform
+          prefix: os
+        - key: tags.blueprint
+          prefix: blueprint
+        - key: tags.owner
+          prefix: owner
+
+#  - name: Azure Inventory
+#    organization: Default
+#    source: azure_rm
+#   inventory: Demo Inventory
+#    credential: Azure
+#    execution_environment: Ansible Engine 2.9 execution environment
+#    overwrite: true
+#    source_vars:
+#      hostnames:
+#        - tags.Name
+#        - default
+#      keyed_groups:
+#        - key: os_profile.system
+#          prefix: os
+#      conditional_groups:
+#        cloud_azure: true
+
+controller_groups:
+  - name: cloud_aws
+    inventory: Demo Inventory
+    variables:
+      ansible_user: ec2-user
+
+controller_templates:
+  - name: Cloud / AWS / Create Peer Infrastructure
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/create_peer_network.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      aws_region: us-east-1
+      dmz_ssh_key_name: aws-test-key
+      priv_network_ssh_key_name: aws-test-key
+
+  - name: Cloud / AWS / Delete Peer Infrastructure
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/delete_peer_network.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      aws_region: us-east-1
+
+  - name: Cloud / AWS / Create Transit Infrastructure
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/create_transit_network.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      aws_region: us-east-1
+      dmz_ssh_key_name: aws-test-key
+      priv_network_ssh_key_name: aws-test-key
+
+  - name: Cloud / AWS / Delete Transit Infrastructure
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/delete_transit_network.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      aws_region: us-east-1
+
+  - name: Cloud / AWS / Create VPC
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible official demo project
+    playbook: cloud/create_vpc.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: create_vm_aws_region
+          required: true
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Owner
+          type: text
+          variable: aws_owner_tag
+          required: true
+
+  - name: Cloud / AWS / Create VM
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+      - Demo Credential
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/create_vm.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    allow_simultaneous: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: create_vm_aws_region
+          required: true
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Name
+          type: text
+          variable: create_vm_vm_name
+          required: true
+        - question_name: Owner
+          type: text
+          variable: create_vm_vm_owner
+          required: true
+        - question_name: Deployment
+          type: text
+          variable: create_vm_vm_deployment
+          required: true
+        - question_name: Environment
+          type: multiplechoice
+          variable: create_vm_vm_environment
+          required: true
+          choices:
+            - Dev
+            - QA
+            - Prod
+        - question_name: Blueprint
+          type: multiplechoice
+          variable: vm_blueprint
+          required: true
+          choices:
+            - windows_core
+            - windows_full
+            - rhel9
+            - rhel8
+            - rhel7
+            - al2023
+        - question_name: Subnet
+          type: text
+          variable: create_vm_aws_vpc_subnet_name
+          required: true
+          default: aws-test-subnet
+        - question_name: Security Group
+          type: text
+          variable: create_vm_aws_securitygroup_name
+          required: true
+          default: aws-test-sg
+        - question_name: SSH Keypair
+          type: text
+          variable: create_vm_aws_keypair_name
+          required: true
+          default: aws-test-key
+        - question_name: AWS Instance Type (defaults to blueprint value)
+          type: text
+          variable: create_vm_aws_instance_size
+          required: false
+        - question_name: AWS Image Filter (defaults to blueprint value)
+          type: text
+          variable: create_vm_aws_image_filter
+          required: false
+
+  - name: Cloud / AWS / Delete VM
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+      - Demo Credential
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/delete_inventory_vm.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Name or Pattern
+          type: text
+          variable: _hosts
+          required: true
+
+  - name: Cloud / AWS / VPC Report
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/create_reports.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      aws_report: vpc
+      reports_aws_bucket_name: reports-pd-{{ _deployment_id }}
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: create_vm_aws_region
+          required: true
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+
+  - name: Cloud / AWS / Tags Report
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible Cloud Content Lab - AWS
+    playbook: playbooks/create_reports.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      aws_report: tags
+      reports_aws_bucket_name: reports-pd-{{ _deployment_id }}
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: create_vm_aws_region
+          required: true
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+
+  - name: Cloud / AWS / Create Keypair
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible official demo project
+    playbook: cloud/aws_key.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: create_vm_aws_region
+          required: true
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Keypair Name
+          type: text
+          variable: aws_key_name
+          required: true
+          default: aws-test-key
+        - question_name: Keypair Public Key
+          type: textarea
+          variable: aws_public_key
+          required: true
+        - question_name: Owner
+          type: text
+          variable: aws_keypair_owner
+          required: true
+
+  - name: Cloud / AWS / Snapshot EC2
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible official demo project
+    playbook: cloud/snapshot_ec2.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: aws_region
+          required: true
+          default: us-east-1
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Specify target hosts
+          type: text
+          variable: _hosts
+          required: false
+
+  - name: Cloud / AWS / Restore EC2 from Snapshot
+    job_type: run
+    organization: Default
+    credentials:
+      - AWS
+    project: Ansible official demo project
+    playbook: cloud/restore_ec2.yml
+    inventory: Demo Inventory
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: aws_region
+          required: true
+          default: us-east-1
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Specify target hosts
+          type: text
+          variable: _hosts
+          required: false
+
+  - name: "LINUX / Patching"
+    job_type: check
+    inventory: "Demo Inventory"
+    project: "Ansible official demo project"
+    playbook: "linux/patching.yml"
+    execution_environment: Default execution environment
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    use_fact_cache: true
+    ask_job_type_on_launch: true
+    credentials:
+      - "Demo Credential"
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: Server Name or Pattern
+          type: text
+          variable: _hosts
+          required: true
+
+controller_workflows:
+  - name: Deploy Cloud Stack in AWS
+    description: A workflow to deploy a cloud stack
+    organization: Default
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    extra_vars:
+      vm_deployment: cloud_stack
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: create_vm_aws_region
+          required: true
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Owner
+          type: text
+          variable: create_vm_aws_owner_tag
+          required: true
+        - question_name: Environment
+          type: multiplechoice
+          variable: vm_environment
+          required: true
+          choices:
+            - Dev
+            - QA
+            - Prod
+        - question_name: Keypair Public Key
+          type: textarea
+          variable: aws_public_key
+          required: true
+        - question_name: Email
+          type: text
+          variable: email
+          required: true
+    simplified_workflow_nodes:
+      - identifier: Create Keypair
+        unified_job_template: Cloud / AWS / Create Keypair
+        success_nodes:
+          - VPC Report
+        failure_nodes:
+          - Ticket - Keypair Failed
+      - identifier: Create VPC
+        unified_job_template: Cloud / AWS / Create VPC
+        success_nodes:
+          - VPC Report
+        failure_nodes:
+          - Ticket - VPC Failed
+      - identifier: Ticket - Keypair Failed
+        unified_job_template: 'SUBMIT FEEDBACK'
+        extra_data:
+          feedback: Failed to create AWS keypair
+      - identifier: VPC Report
+        unified_job_template: Cloud / AWS / VPC Report
+        all_parents_must_converge: true
+        always_nodes:
+          - Deploy Windows GUI Blueprint
+          - Deploy RHEL8 Blueprint
+          - Deploy RHEL9 Blueprint
+          - Deploy Windows Core Blueprint
+      - identifier: Deploy Windows GUI Blueprint
+        unified_job_template: Cloud / AWS / Create VM
+        extra_data:
+          create_vm_vm_name: aws_dc
+          vm_blueprint: windows_full
+        success_nodes:
+          - Update Inventory
+        failure_nodes:
+          - Ticket - Instance Failed
+      - identifier: Deploy Windows Core Blueprint
+        unified_job_template: Cloud / AWS / Create VM
+        extra_data:
+          create_vm_vm_name: aws_win1
+          vm_blueprint: windows_core
+        success_nodes:
+          - Update Inventory
+        failure_nodes:
+          - Ticket - Instance Failed
+      - identifier: Deploy RHEL8 Blueprint
+        unified_job_template: Cloud / AWS / Create VM
+        extra_data:
+          create_vm_vm_name: aws_rhel8
+          vm_blueprint: rhel8
+        success_nodes:
+          - Update Inventory
+        failure_nodes:
+          - Ticket - Instance Failed
+      - identifier: Deploy RHEL9 Blueprint
+        unified_job_template: Cloud / AWS / Create VM
+        extra_data:
+          create_vm_vm_name: aws_rhel9
+          vm_blueprint: rhel9
+        success_nodes:
+          - Update Inventory
+        failure_nodes:
+          - Ticket - Instance Failed
+      - identifier: Ticket - VPC Failed
+        unified_job_template: 'SUBMIT FEEDBACK'
+        extra_data:
+          feedback: Failed to create AWS VPC
+      - identifier: Update Inventory
+        unified_job_template: AWS Inventory
+        success_nodes:
+          - Tag Report
+      - identifier: Ticket - Instance Failed
+        unified_job_template: 'SUBMIT FEEDBACK'
+        extra_data:
+          feedback: Failed to create AWS instance
+      - identifier: Tag Report
+        unified_job_template: Cloud / AWS / Tags Report
+
+  - name: Cloud / AWS / Patch EC2 Workflow
+    description: A workflow to patch ec2 instances with snapshot and restore on failure.
+    organization: Default
+    notification_templates_started: Telemetry
+    notification_templates_success: Telemetry
+    notification_templates_error: Telemetry
+    survey_enabled: true
+    survey:
+      name: ''
+      description: ''
+      spec:
+        - question_name: AWS Region
+          type: multiplechoice
+          variable: aws_region
+          required: true
+          default: us-east-1
+          choices:
+            - us-east-1
+            - us-east-2
+            - us-west-1
+            - us-west-2
+        - question_name: Specify target hosts
+          type: text
+          variable: _hosts
+          required: true
+          default: os_linux
+    simplified_workflow_nodes:
+      - identifier: Project Sync
+        unified_job_template: Ansible official demo project
+        success_nodes:
+          - Take Snapshot
+      - identifier: Inventory Sync
+        unified_job_template: AWS Inventory
+        success_nodes:
+          - Take Snapshot
+      - identifier: Take Snapshot
+        unified_job_template: Cloud / AWS / Snapshot EC2
+        success_nodes:
+          - Patch Instance
+      - identifier: Patch Instance
+        unified_job_template: LINUX / Patching
+        job_type: run
+        failure_nodes:
+          - Restore from Snapshot
+      - identifier: Restore from Snapshot
+        unified_job_template: Cloud / AWS / Restore EC2 from Snapshot
+        failure_nodes:
+          - Ticket - Restore Failed
+      - identifier: Ticket - Restore Failed
+        unified_job_template: 'SUBMIT FEEDBACK'
+        extra_data:
+          feedback: Cloud / AWS / Patch EC2 Workflow | Failed to restore ec2 from snapshot

cloud/snapshot_ec2.yml

@@ -0,0 +1,10 @@
+---
+- name: Snapshot ec2 instance
+  hosts: "{{ _hosts | default(omit) }}"
+  gather_facts: false
+
+  tasks:
+    - name: Include snapshot role
+      ansible.builtin.include_role:
+        name: "demo.cloud.aws"
+        tasks_from: snapshot_vm

collections/ansible_collections/demo/cloud/roles/aws/defaults/main.yml

@@ -0,0 +1,24 @@
+---
+#######
+# AWS VARS
+#######
+aws_vpc_name: ansible
+aws_vpc_prefix: demo
+aws_vpc_cidr_block: 10.0.0.0/16
+aws_subnet_cidr: 10.0.1.0/24
+aws_region: us-east-1
+aws_vm_name: "{{ vm_name }}"
+aws_vm_owner: "{{ vm_owner }}"
+aws_blueprint: "{{ vm_blueprint }}"
+# aws_image_filter: "{{ omit }}"
+# aws_instance_size: "{{ omit }}"
+# aws_image_architecture: "{{ omit }}"
+# aws_image_owners: "{{ omit }} "
+aws_userdata_template: default
+aws_keypair_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
+aws_securitygroup_name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
+aws_env_tag: prod
+aws_purpose_tag: ansible_demo
+aws_ansiblegroup_tag: cloud
+aws_ec2_wait: true
+aws_snapshots: {}

collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml

@@ -0,0 +1,118 @@
+---
+- name: AWS | CREATE INFRA | vpc
+  amazon.aws.ec2_vpc_net:
+    state: present
+    name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc"
+    cidr_block: "{{ aws_vpc_cidr_block }}"
+    tenancy: default
+    region: "{{ aws_region }}"
+    tags:
+      owner: "{{ aws_vpc_name }}"
+      purpose: "{{ aws_purpose_tag }}"
+  register: aws_vpc
+
+- name: AWS | CREATE INFRA | internet gateway
+  amazon.aws.ec2_vpc_igw:
+    state: present
+    vpc_id: "{{ aws_vpc.vpc.id }}"
+    region: "{{ aws_region }}"
+    tags:
+      Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc-igw"
+      owner: "{{ aws_vpc_name }}"
+      purpose: "{{ aws_purpose_tag }}"
+  register: aws_gateway
+
+- name: Create security group internal
+  amazon.aws.ec2_security_group:
+    state: present
+    name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
+    region: "{{ aws_region }}"
+    description: Inbound WinRM and RDP, http for demo servers and internal AD ports
+    rules:
+      - proto: tcp
+        ports:
+          - 80  # HTTP
+          - 443  # HTTPS
+          - 22  # SSH
+          - 5986  # WinRM
+          - 3389  # RDP
+        cidr_ip: 0.0.0.0/0
+      - proto: icmp
+        to_port: -1
+        from_port: -1
+        cidr_ip: 0.0.0.0/0
+      - proto: tcp
+        ports:
+          - 80  # HTTP
+          - 5986  # WinRM
+          - 3389  # RDP
+          - 53  # DNS
+          - 88  # Kerberos Authentication
+          - 135  # RPC
+          - 139  # Netlogon
+          - 389  # LDAP
+          - 445  # SMB
+          - 464  # Kerberos Authentication
+          - 5432  # PostgreSQL
+          - 636  # LDAPS (LDAP over TLS)
+          - 873  # Rsync
+          - 3268-3269  # Global Catalog
+          - 1024-65535  # Ephemeral RPC ports
+        cidr_ip: 10.0.0.0/16
+      - proto: udp
+        ports:
+          - 53  # DNS
+          - 88  # Kerberos Authentication
+          - 123  # NTP
+          - 137-138  # Netlogon
+          - 389  # LDAP
+          - 445  # SMB
+          - 464  # Kerberos Authentication
+          - 1024-65535  # Ephemeral RPC ports
+        cidr_ip: 10.0.0.0/16
+    rules_egress:
+      - proto: -1
+        cidr_ip: 0.0.0.0/0
+    vpc_id: "{{ aws_vpc.vpc.id }}"
+    tags:
+      Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-sec-group"
+      owner: "{{ aws_vpc_name }}"
+      purpose: "{{ aws_purpose_tag }}"
+
+- name: Create a subnet on the VPC
+  amazon.aws.ec2_vpc_subnet:
+    state: present
+    vpc_id: "{{ aws_vpc.vpc.id }}"
+    cidr: "{{ aws_subnet_cidr }}"
+    region: "{{ aws_region }}"
+    map_public: true
+    tags:
+      Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-subnet"
+      owner: "{{ aws_vpc_name }}"
+      purpose: "{{ aws_purpose_tag }}"
+  register: aws_subnet
+
+- name: Create a subnet route table
+  amazon.aws.ec2_vpc_route_table:
+    state: present
+    vpc_id: "{{ aws_vpc.vpc.id }}"
+    region: "{{ aws_region }}"
+    subnets:
+      - "{{ aws_subnet.subnet.id }}"
+    routes:
+      - dest: 0.0.0.0/0
+        gateway_id: "{{ aws_gateway.gateway_id }}"
+    tags:
+      Name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-vpc-rtbl"
+      owner: "{{ aws_vpc_name }}"
+      purpose: "{{ aws_purpose_tag }}"
+
+- name: Create AWS keypair
+  amazon.aws.ec2_key:
+    name: "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-demo-key"
+    region: "{{ aws_region }}"
+    key_material: "{{ aws_public_key }}"
+    state: present
+    tags:
+      owner: "{{ aws_vpc_name }}"
+      purpose: "{{ aws_purpose_tag }}"

collections/ansible_collections/demo/cloud/roles/aws/tasks/create_vm.yml

@@ -0,0 +1,47 @@
+---
+- name: AWS | CREATE VM | get subnet info
+  amazon.aws.ec2_vpc_subnet_info:
+    region: "{{ aws_region }}"
+    filters:
+      "tag:Name": "{{ aws_vpc_name }}-{{ aws_vpc_prefix }}-subnet"
+  register: aws_subnet
+
+- name: AWS | CREATE VM | save subnet id
+  ansible.builtin.set_fact:
+    aws_subnet_id: "{{ aws_subnet.subnets | map(attribute='id') | list | last }}"
+
+- name: AWS| CREATE VM | find ami
+  amazon.aws.ec2_ami_info:
+    region: "{{ aws_region }}"
+    owners: "{{ aws_image_owners | default(omit) }}"
+    filters:
+      name: "{{ aws_image_filter }}"
+      architecture: "{{ aws_image_architecture | default(omit) }}"
+  register: amis
+
+- name: AWS| CREATE VM | save ami
+  ansible.builtin.set_fact:
+    aws_instance_ami: >
+      {{ (amis.images | selectattr('name', 'defined') | sort(attribute='creation_date'))[-2] }}
+
+- name: AWS| CREATE VM | create instance
+  amazon.aws.ec2_instance:
+    network:
+      assign_public_ip: true
+    key_name: "{{ aws_keypair_name }}"
+    instance_type: "{{ aws_instance_size }}"
+    image_id: "{{ aws_instance_ami.image_id }}"
+    region: "{{ aws_region }}"
+    security_group: "{{ aws_securitygroup_name }}"
+    tags:
+      blueprint: "{{ aws_blueprint }}"
+      purpose: "{{ aws_purpose_tag }}"
+      env: "{{ aws_env_tag }}"
+      ansible_group: "{{ aws_ansiblegroup_tag }}"
+      owner: "{{ aws_vm_owner }}"
+      info: "This instance was built by Red Hat Product Demos"
+      Name: "{{ aws_vm_name }}"
+    wait: "{{ aws_ec2_wait }}"
+    vpc_subnet_id: "{{ aws_subnet_id }}"
+    user_data: "{{ lookup('template', aws_userdata_template + '.j2', template_vars=dict(aws_vm_name=vm_name)) }}"
+  register: aws_vm_output

collections/ansible_collections/demo/cloud/roles/aws/tasks/destroy_vm.yml

@@ -0,0 +1,7 @@
+---
+- name: Destroy VM
+  amazon.aws.ec2_instance:
+    state: absent
+    instance_ids: "{{ instance_id }}"
+    region: "{{ placement.region }}"
+  delegate_to: localhost

collections/ansible_collections/demo/cloud/roles/aws/tasks/restore_vm.yml

@@ -0,0 +1,62 @@
+---
+- name: AWS | RESTORE VM
+  delegate_to: localhost
+  block:
+    - name: AWS | RESTORE VM | stop vm
+      amazon.aws.ec2_instance:
+        region: "{{ aws_region }}"
+        instance_ids: "{{ instance_id }}"
+        state: stopped
+        wait: true
+
+    - name: AWS | RESTORE VM | get volumes
+      register: r_vol_info
+      amazon.aws.ec2_vol_info:
+        region: "{{ aws_region }}"
+        filters:
+          attachment.instance-id: "{{ instance_id }}"
+
+    - name: AWS | RESTORE VM | detach volumes
+      loop: "{{ r_vol_info.volumes }}"
+      loop_control:
+        loop_var: volume
+        label: "{{ volume.id }}"
+      amazon.aws.ec2_vol:
+        region: "{{ aws_region }}"
+        id: "{{ volume.id }}"
+        instance: None
+
+    - name: AWS | RESTORE VM | attach snapshots from stat
+      when: inventory_hostname in aws_snapshots
+      loop: "{{ aws_snapshots[inventory_hostname] }}"
+      loop_control:
+        loop_var: snap
+        label: "{{ snap.snapshot_id }}"
+      amazon.aws.ec2_vol:
+        region: "{{ aws_region }}"
+        instance: "{{ instance_id }}"
+        snapshot: "{{ snap.snapshot_id }}"
+        device_name: "{{ snap.device }}"
+
+    - name: AWS | RESTORE VM | get all snapshots
+      when: inventory_hostname not in aws_snapshots
+      register: r_snapshots
+      amazon.aws.ec2_snapshot_info:
+        region: "{{ aws_region }}"
+        filters:
+          "tag:Name": "{{ inventory_hostname }}"
+
+    - name: AWS | RESTORE VM | create volume from latest snapshot
+      when: inventory_hostname not in aws_snapshots
+      amazon.aws.ec2_vol:
+        region: "{{ aws_region }}"
+        instance: "{{ instance_id }}"
+        snapshot: "{{ r_snapshots.snapshots[0].snapshot_id }}"
+        device_name: "/dev/sda1"
+
+    - name: AWS | RESTORE VM | start vm
+      amazon.aws.ec2_instance:
+        region: "{{ aws_region }}"
+        instance_ids: "{{ instance_id }}"
+        state: started
+        wait: true

collections/ansible_collections/demo/cloud/roles/aws/tasks/snapshot_vm.yml

@@ -0,0 +1,42 @@
+---
+- name: AWS | SNAPSHOT VM
+  delegate_to: localhost
+  block:
+    - name: AWS | SNAPSHOT VM | assert id
+      ansible.builtin.assert:
+        that: instance_id is defined
+        fail_msg: "instance_id is required for snapshot operations"
+
+    - name: AWS | SNAPSHOT VM | include vars
+      ansible.builtin.include_vars:
+        file: snapshot_vm.yml
+
+    - name: AWS | SNAPSHOT VM | get volumes
+      register: r_vol_info
+      amazon.aws.ec2_vol_info:
+        region: "{{ aws_region }}"
+        filters:
+          attachment.instance-id: "{{ instance_id }}"
+
+    - name: AWS | SNAPSHOT VM | take snapshots
+      loop: "{{ r_vol_info.volumes }}"
+      loop_control:
+        loop_var: volume
+        label: "{{ volume.id }}"
+      register: r_snapshots
+      amazon.aws.ec2_snapshot:
+        region: "{{ aws_region }}"
+        volume_id: "{{ volume.id }}"
+        description: "Snapshot taken by Red Hat Product demos"
+        snapshot_tags: "{{ tags }}"
+
+- name: AWS | SNAPSHOT VM | format snapshot stat
+  ansible.builtin.set_fact:
+    snapshot_stat:
+      - key: "{{ inventory_hostname }}"
+        value: "{{ r_snapshots.results | json_query(aws_ec2_snapshot_query) }}"
+
+- name: AWS | SNAPSHOT VM | record snapshot with host key
+  ansible.builtin.set_stats:
+    data:
+      aws_snapshots: "{{ snapshot_stat | items2dict }}"

collections/ansible_collections/demo/cloud/roles/aws/templates/aws_windows_userdata.j2

@@ -0,0 +1,29 @@
+<powershell>
+# Disable .Net Optimization Service
+Get-ScheduledTask *ngen* | Disable-ScheduledTask
+
+# Disable Windows Auto Updates
+# https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshooting-windows-instances.html#high-cpu-issue
+reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
+net stop wuauserv
+net start wuauserv
+
+# Remove policies stopping us from enabling WinRM
+reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v AllowBasic /f
+reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v AllowUnencryptedTraffic /f
+reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service" /v DisableRunAs /f
+
+# Disable Windows Defender Monitoring
+Set-MpPreference -DisableRealtimeMonitoring $true
+
+# Enable WinRM
+Invoke-WebRequest -Uri https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile C:\ConfigureRemotingForAnsible.ps1
+C:\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -EnableCredSSP
+
+# add ec2-user
+$Password = ConvertTo-SecureString {{ ansible_password }} -AsPlainText -Force
+New-LocalUser -Name "ec2-user" -Description "Ansible Service Account" -Password $Password
+Add-LocalGroupMember -Group "Administrators" -Member "ec2-user"
+
+Rename-Computer -NewName {{ aws_vm_name }} -Force -Restart
+</powershell>

collections/ansible_collections/demo/cloud/roles/aws/vars/snapshot_vm.yml

@@ -0,0 +1,11 @@
+---
+# Set stat_snapshots with model:
+# [
+#   {
+#     "snapshot_id": "snap-0e981f05704e19ffd",
+#     "vol_id": "vol-0bd55f313bb7bcdd8",
+#     "device": "/dev/sda1"
+#   },
+#   ...
+# ]
+aws_ec2_snapshot_query: "[].{snapshot_id: snapshot_id, vol_id: volume.id, device: volume.attachment_set[?instance_id=='{{ instance_id }}'].device | [0]}"

collections/ansible_collections/demo/compliance/roles/iosxeSTIG/callback_plugins/stig_xml.py

@@ -0,0 +1,105 @@
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible.plugins.callback import CallbackBase
+from time import gmtime, strftime
+import platform
+import tempfile
+import re
+import sys
+import os
+import json
+import xml.etree.ElementTree as ET
+import xml.dom.minidom
+
+role = "iosxeSTIG"
+
+
+class CallbackModule(CallbackBase):
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = "xml"
+    CALLBACK_NAME = "stig_xml"
+
+    CALLBACK_NEEDS_WHITELIST = True
+
+    def __init__(self):
+        super(CallbackModule, self).__init__()
+        self.rules = {}
+        self.stig_path = os.environ.get("STIG_PATH")
+        self.XML_path = os.environ.get("XML_PATH")
+        if self.stig_path is None:
+            self.stig_path = os.path.join(os.getcwd(), "roles", role, "files")
+            self._display.display("Using STIG_PATH: {}".format(self.stig_path))
+        if self.XML_path is None:
+            self.XML_path = os.getcwd()
+            self._display.display("Using XML_PATH: {}".format(self.XML_path))
+
+        print("Writing: {}".format(self.XML_path))
+        STIG_name = os.path.basename(self.stig_path)
+        ET.register_namespace("cdf", "http://checklists.nist.gov/xccdf/1.2")
+        self.tr = ET.Element("{http://checklists.nist.gov/xccdf/1.2}TestResult")
+        self.tr.set(
+            "id",
+            "xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}".format(STIG_name),
+        )
+        endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
+        self.tr.set("end-time", endtime)
+        tg = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}target")
+        tg.text = platform.node()
+
+    def __get_rev(self, nid):
+        rev = "0"
+        # Check all files for the rule number.
+        for file in os.listdir(self.stig_path):
+            with open(os.path.join(self.stig_path, file), "r") as f:
+                r = "SV-{}r(?P<rev>\d)_rule".format(nid)
+                m = re.search(r, f.read())
+            if m:
+                rev = m.group("rev")
+                break
+        return rev
+
+    def v2_runner_on_ok(self, result):
+        name = result._task.get_name()
+        m = re.search("stigrule_(?P<id>\d+)", name)
+        if m:
+            nid = m.group("id")
+        else:
+            return
+        rev = self.__get_rev(nid)
+        key = "{}r{}".format(nid, rev)
+        if self.rules.get(key, "Unknown") != False:
+            self.rules[key] = result.is_changed()
+
+    def __set_duplicates(self):
+        with open(os.path.join(self.stig_path, "duplicates.json")) as f:
+            dups = json.load(f)
+        for d in dups:
+            dup_of = str(dups[d][0])
+            rev = self.__get_rev(d)
+            key = "{}r{}".format(d, rev)
+            dup_of_rev = self.__get_rev(dup_of)
+            dup_of_key = "{}r{}".format(dup_of, dup_of_rev)
+            if dup_of_key in self.rules:
+                self.rules[key] = self.rules[dup_of_key]
+
+    def v2_playbook_on_stats(self, stats):
+        self.__set_duplicates()
+        for rule, changed in self.rules.items():
+            state = "fail" if changed else "pass"
+            rr = ET.SubElement(
+                self.tr, "{http://checklists.nist.gov/xccdf/1.2}rule-result"
+            )
+            rr.set("idref", "xccdf_mil.disa.stig_rule_SV-{}_rule".format(rule))
+            rs = ET.SubElement(rr, "{http://checklists.nist.gov/xccdf/1.2}result")
+            rs.text = state
+        passing = len(self.rules) - sum(self.rules.values())
+        sc = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}score")
+        sc.set("maximum", str(len(self.rules)))
+        sc.set("system", "urn:xccdf:scoring:flat-unweighted")
+        sc.text = str(passing)
+        with open(os.path.join(self.XML_path, "xccdf-results.xml"), "w") as f:
+            out = ET.tostring(self.tr)
+            pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding="utf-8")
+            f.write(pretty)

collections/ansible_collections/demo/compliance/roles/iosxeSTIG/defaults/main.yml

@@ -0,0 +1,280 @@
+# R-215807 CISC-ND-000010
+iosxeSTIG_stigrule_215807_Manage: True
+iosxeSTIG_stigrule_215807_ip_http_max_connections_2_Lines:
+  - ip http max-connections 2
+iosxeSTIG_stigrule_215807_session_limit_for_all_line_vty_sections_Lines:
+  - session-limit 2
+# R-215808 CISC-ND-000090
+# A partial of 215815
+# duplicate of 215815
+# R-215809 CISC-ND-000100
+# A partial of 215815
+# duplicate of 215815
+# R-215810 CISC-ND-000110
+# A partial of 215815
+# duplicate of 215815
+# R-215811 CISC-ND-000120
+# A partial of 215815
+# duplicate of 215815
+# R-215813 CISC-ND-000150
+iosxeSTIG_stigrule_215813_Manage: True
+iosxeSTIG_stigrule_215813_login_block_for_900_attempts_3_within_120_Lines:
+  - login block-for 900 attempts 3 within 120
+# R-215814 CISC-ND-000160
+iosxeSTIG_stigrule_215814_Manage: True
+iosxeSTIG_stigrule_215814_login_Text: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and
+
+counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE, or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys,
+
+psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
+# R-215815 CISC-ND-000210
+iosxeSTIG_stigrule_215815_Manage: True
+iosxeSTIG_stigrule_215815_login_logging_Lines:
+  - logging userinfo
+iosxeSTIG_stigrule_215815_logging_enable_Lines:
+  - logging enable
+iosxeSTIG_stigrule_215815_logging_enable_Parents:
+  - archive
+  - log config
+# R-215816 CISC-ND-000250
+iosxeSTIG_stigrule_215816_Manage: True
+iosxeSTIG_stigrule_215816_login_logging_Lines:
+  - login on-failure log
+  - login on-success log
+# R-215817 CISC-ND-000280
+iosxeSTIG_stigrule_215817_Manage: True
+iosxeSTIG_stigrule_215817_service_timestamps_log_datetime_localtime_Lines:
+  - service timestamps log datetime localtime
+# R-215819 CISC-ND-000330
+# A partial of 215815
+# duplicate of 215815
+# R-215820 CISC-ND-000380
+iosxeSTIG_stigrule_215820_Manage: True
+iosxeSTIG_stigrule_215820_file_privilege_Lines:
+  - file privilege 15
+# R-215821 CISC-ND-000390
+# A duplicate of 215820
+# duplicate of 215820
+# R-215822 CISC-ND-000460
+# A duplicate of 215820
+# duplicate of 215820
+# R-215823 CISC-ND-000470
+iosxeSTIG_stigrule_215823_Manage: True
+iosxeSTIG_stigrule_215823_disable_boot_network_Lines:
+  - no boot network
+iosxeSTIG_stigrule_215823_disable_boot_server_Lines:
+  - no ip boot server
+iosxeSTIG_stigrule_215823_disable_bootp_server_Lines:
+  - no ip bootp server
+iosxeSTIG_stigrule_215823_disable_dns_server_Lines:
+  - no ip dns server
+iosxeSTIG_stigrule_215823_disable_identd_Lines:
+  - no ip identd
+iosxeSTIG_stigrule_215823_disable_finger_Lines:
+  - no ip finger
+iosxeSTIG_stigrule_215823_disable_http_server_Lines:
+  - no ip http server
+iosxeSTIG_stigrule_215823_disable_rcmd_rcp_enable_Lines:
+  - no ip rcmd rcp-enable
+iosxeSTIG_stigrule_215823_disable_rcmd_rsh_enable_Lines:
+  - no ip rcmd rsh-enable
+iosxeSTIG_stigrule_215823_disable_tcp_small_servers_Lines:
+  - no service tcp-small-servers
+iosxeSTIG_stigrule_215823_disable_udp_small_servers_Lines:
+  - no service udp-small-servers
+iosxeSTIG_stigrule_215823_disable_service_finger_Lines:
+  - no service finger
+iosxeSTIG_stigrule_215823_disable_service_config_Lines:
+  - no service config
+iosxeSTIG_stigrule_215823_disable_service_pad_Lines:
+  - no service pad
+# R-215825 CISC-ND-000530
+# ip ssh server algorithm encryption is set in 215845.
+iosxeSTIG_stigrule_215825_Manage: True
+iosxeSTIG_stigrule_215825_ip_ssh_version_2_Lines:
+  - ip ssh version 2
+# R-215826 CISC-ND-000550
+iosxeSTIG_stigrule_215826_Manage: False
+iosxeSTIG_stigrule_215826_password_min_len_Lines:
+  - min-length 15
+iosxeSTIG_stigrule_215826_password_min_len_Parents:
+  - aaa common-criteria policy PASSWORD_POLICY
+# R-215827 CISC-ND-000570
+iosxeSTIG_stigrule_215827_Manage: False
+iosxeSTIG_stigrule_215827_password_upper_case_Lines:
+  - upper-case 1
+iosxeSTIG_stigrule_215827_password_upper_case_Parents:
+  - aaa common-criteria policy PASSWORD_POLICY
+# R-215828 CISC-ND-000580
+iosxeSTIG_stigrule_215828_Manage: False
+iosxeSTIG_stigrule_215828_password_lower_case_Lines:
+  - lower-case 1
+iosxeSTIG_stigrule_215828_password_lower_case_Parents:
+  - aaa common-criteria policy PASSWORD_POLICY
+# R-215829 CISC-ND-000590
+iosxeSTIG_stigrule_215829_Manage: False
+iosxeSTIG_stigrule_215829_password_numeric_count_Lines:
+  - numeric-count 1
+iosxeSTIG_stigrule_215829_password_numeric_count_Parents:
+  - aaa common-criteria policy PASSWORD_POLICY
+# R-215830 CISC-ND-000600
+iosxeSTIG_stigrule_215830_Manage: False
+iosxeSTIG_stigrule_215830_password_special_case_Lines:
+  - special-case 1
+iosxeSTIG_stigrule_215830_password_special_case_Parents:
+  - aaa common-criteria policy PASSWORD_POLICY
+# R-215831 CISC-ND-000610
+iosxeSTIG_stigrule_215831_Manage: False
+iosxeSTIG_stigrule_215831_password_upper_case_Lines:
+  - char-changes 8
+iosxeSTIG_stigrule_215831_password_upper_case_Parents:
+  - aaa common-criteria policy PASSWORD_POLICY
+# R-215832 CISC-ND-000620
+iosxeSTIG_stigrule_215832_Manage: True
+iosxeSTIG_stigrule_215832_service_password_encryption_Lines:
+  - service password-encryption
+# R-215833 CISC-ND-000720
+iosxeSTIG_stigrule_215833_Manage: True
+iosxeSTIG_stigrule_215833_exec_timeout_for_console_Lines:
+  - exec-timeout 10 0
+iosxeSTIG_stigrule_215833_exec_timeout_for_console_Parents:
+  - line con 0
+iosxeSTIG_stigrule_215833_exec_timeout_for_all_line_vty_sections_Lines:
+  - exec-timeout 10 0
+iosxeSTIG_stigrule_215833_ip_http_timeout_policy_idle_600_life_3600_requests_10_Lines:
+  - ip http timeout-policy idle 600 life 3600 requests 10
+# R-215834 CISC-ND-000880
+# A partial of 215815
+# duplicate of 215815
+# R-215835 CISC-ND-000940
+# A duplicate of 215815
+# duplicate of 215815
+# R-215836 CISC-ND-000980
+iosxeSTIG_stigrule_215836_Manage: True
+iosxeSTIG_stigrule_215836_logging_buffered_4096_informational_Lines:
+  - logging buffered 4096 informational
+# R-215837 CISC-ND-001000
+# Please configure name IP address to a valid one.
+iosxeSTIG_stigrule_215837_Manage: False
+iosxeSTIG_stigrule_215837_host_Name: '192.0.2.128'
+iosxeSTIG_stigrule_215837_logging_trap_critical_Lines:
+  - logging trap critical
+# R-215838 CISC-ND-001030
+# Replace ntp servers' IP address before enabling.
+iosxeSTIG_stigrule_215838_Manage: False
+iosxeSTIG_stigrule_215838_ntp_server_1_Server: '192.0.2.0'
+iosxeSTIG_stigrule_215838_ntp_server_2_Server: '192.0.2.1'
+# R-215839 CISC-ND-001040
+# A duplicate of 215817
+# duplicate of 215817
+# R-215840 CISC-ND-001050
+# service timestamps log datetime localtime is set in 215817.
+iosxeSTIG_stigrule_215840_Manage: True
+iosxeSTIG_stigrule_215840_service_timestamps_log_datetime_localtime_Lines:
+  - clock timezone EST -5 0
+# R-215844 CISC-ND-001200
+iosxeSTIG_stigrule_215844_Manage: True
+iosxeSTIG_stigrule_215844_ip_ssh_server_algorithm_mac_hmac_sha1_Lines:
+  - ip ssh server algorithm mac hmac-sha1
+iosxeSTIG_stigrule_215844_ip_http_secure_ciphersuite_aes_128_cbc_sha_Lines:
+  - ip http secure-ciphersuite aes-128-cbc-sha
+# R-215845 CISC-ND-001210
+# Option ip http secure-ciphersuite is set in 215844
+iosxeSTIG_stigrule_215845_Manage: True
+iosxeSTIG_stigrule_215845_ip_ssh_server_algorithm_encryption_aes128_cbc_aes128_ctr_aes192_cbc_aes192_ctr_Lines:
+  - ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
+# R-215847 CISC-ND-001240
+# A duplicate of 215815
+# duplicate of 215815
+# R-215848 CISC-ND-001250
+# A partial of 215815
+# duplicate of 215815
+# R-215849 CISC-ND-001260
+# A subset of 215816
+# duplicate of 215816
+# R-215850 CISC-ND-001270
+# A partial of 215815
+# duplicate of 215815
+# R-215852 CISC-ND-001290
+# A subset of 215816
+# duplicate of 215816
+# R-215853 CISC-ND-001310
+# A duplicate of 215837
+# duplicate of 215837
+# R-215854 CISC-ND-001370
+# Configure the authentication server key before enabling.
+iosxeSTIG_stigrule_215854_Manage: False
+iosxeSTIG_stigrule_215854_radius_host_10_1_48_2_key_xxxxxx_Lines:
+  - radius host 10.1.48.2 key xxxxxx
+iosxeSTIG_stigrule_215854_aaa_authentication_login_LOGIN_AUTHENTICATION_group_radius_local_Lines:
+  - aaa authentication login LOGIN_AUTHENTICATION group radius local
+iosxeSTIG_stigrule_215854_ip_http_authentication_aaa_login_authentication_LOGIN_AUTHENTICATION_Lines:
+  - ip http authentication aaa login-authentication LOGIN_AUTHENTICATION
+iosxeSTIG_stigrule_215854_login_authentication_for_console_Lines:
+  - login authentication LOGIN_AUTHENTICATION
+iosxeSTIG_stigrule_215854_login_authentication_for_console_Parents:
+  - line con 0
+iosxeSTIG_stigrule_215854_login_authentication_for_all_line_vty_sections_Lines:
+  - login authentication LOGIN_AUTHENTICATION
+# R-215856 CISC-ND-001440
+# Insert an appropriate URL (including protocol and port)
+iosxeSTIG_stigrule_215856_Manage: False
+iosxeSTIG_stigrule_215856_enrollment_url_Lines:
+  - enrollment url http://trustpoint1.example.com:80
+iosxeSTIG_stigrule_215856_enrollment_url_Parents:
+  - crypto pki trustpoint CA_X
+# R-216647 CISC-RT-000070
+# A duplicate of 215823
+# duplicate of 215823
+# R-216661 CISC-RT-000230
+iosxeSTIG_stigrule_216661_Manage: False
+iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Lines:
+  - no exec
+  - transport input none
+iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Parents:
+  - line aux 0
+# R-216675 CISC-RT-000370
+iosxeSTIG_stigrule_216675_Manage: True
+iosxeSTIG_stigrule_216675_no_cdp_run_Lines:
+  - no cdp run
+# R-216700 CISC-RT-000620
+iosxeSTIG_stigrule_216700_Manage: True
+iosxeSTIG_stigrule_216700_no_mpls_ip_propagate_ttl_Lines:
+  - no mpls ip propagate-ttl
+# R-216723 CISC-RT-000850
+iosxeSTIG_stigrule_216723_Manage: False
+iosxeSTIG_stigrule_216723_ip_pim_register_rate_limit_10_Lines:
+  - ip pim register-rate-limit 10
+# R-216726 CISC-RT-000880
+iosxeSTIG_stigrule_216726_Manage: True
+iosxeSTIG_stigrule_216726_ip_igmp_limit_Lines:
+  - ip igmp limit 2
+# R-216727 CISC-RT-000890
+iosxeSTIG_stigrule_216727_Manage: True
+iosxeSTIG_stigrule_216727_ip_pim_spt_threshold_infinity_Lines:
+  - ip pim spt-threshold infinity
+# R-216996 CISC-RT-000080
+iosxeSTIG_stigrule_216996_Manage: True
+iosxeSTIG_stigrule_216996_no_call_home_Lines:
+  - no call-home
+# R-217001 CISC-RT-000750
+# Options drop or ignore are allowed.
+iosxeSTIG_stigrule_217001_Manage: True
+iosxeSTIG_stigrule_217001_ip_options_drop_Lines:
+  - ip options drop
+# R-220139 CISC-ND-001450
+# A duplicate of 215837
+# duplicate of 215837
+iosxeSTIG_save_configuration_Manage: False

collections/ansible_collections/demo/compliance/roles/iosxeSTIG/files/duplicates.json

@@ -0,0 +1,20 @@
+{
+  "215808":[ "215815" ],
+  "215809":[ "215815" ],
+  "215810":[ "215815" ],
+  "215811":[ "215815" ],
+  "215819":[ "215815" ],
+  "215821":[ "215820" ],
+  "215822":[ "215820" ],
+  "215834":[ "215815" ],
+  "215835":[ "215815" ],
+  "215839":[ "215817" ],
+  "215847":[ "215815" ],
+  "215848":[ "215815" ],
+  "215849":[ "215816" ],
+  "215850":[ "215815" ],
+  "215852":[ "215816" ],
+  "215853":[ "215837" ],
+  "216647":[ "215823" ],
+  "220139":[ "215837" ]
+}

collections/ansible_collections/demo/compliance/roles/iosxeSTIG/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: save configuration
+  ios_command:
+    commands: write memory
+  when: iosxeSTIG_save_configuration_Manage

collections/ansible_collections/demo/compliance/roles/iosxeSTIG/tasks/main.yml

@@ -0,0 +1,595 @@
+# R-215807 CISC-ND-000010
+- name : stigrule_215807_ip_http_max_connections_2
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215807_ip_http_max_connections_2_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215807_Manage
+# R-215807 CISC-ND-000010
+- name: get line vty sections
+  ios_command:
+    commands: show running-config all | include ^line vty
+  register: cmd_result
+- name : stigrule_215807_session_limit_for_all_line_vty_sections
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215807_session_limit_for_all_line_vty_sections_Lines }}"
+    parents: "{{ item }}"
+  loop: "{{ cmd_result.stdout_lines|flatten(levels=1) }}"
+  when:
+    - iosxeSTIG_stigrule_215807_Manage
+# R-215813 CISC-ND-000150
+- name : stigrule_215813_login_block_for_900_attempts_3_within_120
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215813_login_block_for_900_attempts_3_within_120_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215813_Manage
+# R-215814 CISC-ND-000160
+- name : stigrule_215814_login
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_banner:
+    banner: login
+    text: "{{ iosxeSTIG_stigrule_215814_login_Text }}"
+  when: iosxeSTIG_stigrule_215814_Manage
+# R-215815 CISC-ND-000210
+- name : stigrule_215815_login_logging
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215815_login_logging_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215815_Manage
+# R-215815 CISC-ND-000210
+- name : stigrule_215815_logging_enable
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215815_logging_enable_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215815_logging_enable_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215815_Manage
+# R-215816 CISC-ND-000250
+- name : stigrule_215816_login_logging
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215816_login_logging_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215816_Manage
+# R-215817 CISC-ND-000280
+- name : stigrule_215817_service_timestamps_log_datetime_localtime
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215817_service_timestamps_log_datetime_localtime_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215817_Manage
+# R-215820 CISC-ND-000380
+- name : stigrule_215820_file_privilege
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215820_file_privilege_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215820_Manage
+# R-215823 CISC-ND-000470
+- name: check for boot network
+  ios_command:
+    commands: show running-config all | include ^boot network
+  register: cmd_result
+- name : stigrule_215823_disable_boot_network
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_boot_network_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('boot network') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for ip boot server
+  ios_command:
+    commands: show running-config all | include ^ip boot server
+  register: cmd_result
+- name : stigrule_215823_disable_boot_server
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_boot_server_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('ip boot server') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name : stigrule_215823_disable_bootp_server
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_bootp_server_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for DNS server configuration
+  ios_command:
+    commands: show running-config all | include ^ip dns server
+  register: cmd_result
+- name : stigrule_215823_disable_dns_server
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_dns_server_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('ip dns server') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name : stigrule_215823_disable_identd
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_identd_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name : stigrule_215823_disable_finger
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_finger_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name : stigrule_215823_disable_http_server
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_http_server_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for ip rcmd rcp-enable
+  ios_command:
+    commands: show running-config all | include ^ip rcmd rcp-enable
+  register: cmd_result
+- name : stigrule_215823_disable_rcmd_rcp_enable
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_rcmd_rcp_enable_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('ip rcmd rcp-enable') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for ip rcmd rsh-enable
+  ios_command:
+    commands: show running-config all | include ^ip rcmd rsh-enable
+  register: cmd_result
+- name : stigrule_215823_disable_rcmd_rsh_enable
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_rcmd_rsh_enable_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('ip rcmd rsh-enable') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for tcp-small-servers
+  ios_command:
+    commands: show running-config all | include ^service tcp-small-servers
+  register: cmd_result
+- name : stigrule_215823_disable_tcp_small_servers
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_tcp_small_servers_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('service tcp-small-servers') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for udp-small-servers
+  ios_command:
+    commands: show running-config all | include ^service udp-small-servers
+  register: cmd_result
+- name : stigrule_215823_disable_udp_small_servers
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_udp_small_servers_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('service udp-small-servers') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name: check for service finger
+  ios_command:
+    commands: show running-config all | include ^service finger
+  register: cmd_result
+- name : stigrule_215823_disable_service_finger
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_service_finger_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('service finger') != -1
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name : stigrule_215823_disable_service_config
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_service_config_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215823 CISC-ND-000470
+- name : stigrule_215823_disable_service_pad
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215823_disable_service_pad_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215823_Manage
+# R-215825 CISC-ND-000530
+# ip ssh server algorithm encryption is set in 215845.
+- name : stigrule_215825_ip_ssh_version_2
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215825_ip_ssh_version_2_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215825_Manage
+# R-215826 CISC-ND-000550
+- name : stigrule_215826_password_min_len
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215826_password_min_len_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215826_password_min_len_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215826_Manage
+# R-215827 CISC-ND-000570
+- name : stigrule_215827_password_upper_case
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215827_password_upper_case_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215827_password_upper_case_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215827_Manage
+# R-215828 CISC-ND-000580
+- name : stigrule_215828_password_lower_case
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215828_password_lower_case_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215828_password_lower_case_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215828_Manage
+# R-215829 CISC-ND-000590
+- name : stigrule_215829_password_numeric_count
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215829_password_numeric_count_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215829_password_numeric_count_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215829_Manage
+# R-215830 CISC-ND-000600
+- name : stigrule_215830_password_special_case
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215830_password_special_case_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215830_password_special_case_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215830_Manage
+# R-215831 CISC-ND-000610
+- name : stigrule_215831_password_upper_case
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215831_password_upper_case_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215831_password_upper_case_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215831_Manage
+# R-215832 CISC-ND-000620
+- name : stigrule_215832_service_password_encryption
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215832_service_password_encryption_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215832_Manage
+# R-215833 CISC-ND-000720
+- name : stigrule_215833_exec_timeout_for_console
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215833_exec_timeout_for_console_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215833_exec_timeout_for_console_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215833_Manage
+# R-215833 CISC-ND-000720
+- name: get line vty sections
+  ios_command:
+    commands: show running-config all | include ^line vty
+  register: cmd_result
+- name : stigrule_215833_exec_timeout_for_all_line_vty_sections
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215833_exec_timeout_for_all_line_vty_sections_Lines }}"
+    parents: "{{ item }}"
+  loop: "{{ cmd_result.stdout_lines|flatten(levels=1) }}"
+  when:
+    - iosxeSTIG_stigrule_215833_Manage
+# R-215833 CISC-ND-000720
+- name : stigrule_215833_ip_http_timeout_policy_idle_600_life_3600_requests_10
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215833_ip_http_timeout_policy_idle_600_life_3600_requests_10_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215833_Manage
+# R-215836 CISC-ND-000980
+- name : stigrule_215836_logging_buffered_4096_informational
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215836_logging_buffered_4096_informational_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215836_Manage
+# R-215837 CISC-ND-001000
+# Please configure name IP address to a valid one.
+- name : stigrule_215837_host
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_logging:
+    dest: host
+    name: "{{ iosxeSTIG_stigrule_215837_host_Name }}"
+  when: iosxeSTIG_stigrule_215837_Manage
+# R-215837 CISC-ND-001000
+# Please configure name IP address to a valid one.
+- name : stigrule_215837_logging_trap_critical
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215837_logging_trap_critical_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215837_Manage
+# R-215838 CISC-ND-001030
+# Replace ntp servers' IP address before enabling.
+- name : stigrule_215838_ntp_server_1
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_ntp:
+    server: "{{ iosxeSTIG_stigrule_215838_ntp_server_1_Server }}"
+  when: iosxeSTIG_stigrule_215838_Manage
+# R-215838 CISC-ND-001030
+# Replace ntp servers' IP address before enabling.
+- name : stigrule_215838_ntp_server_2
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_ntp:
+    server: "{{ iosxeSTIG_stigrule_215838_ntp_server_2_Server }}"
+  when: iosxeSTIG_stigrule_215838_Manage
+# R-215840 CISC-ND-001050
+# service timestamps log datetime localtime is set in 215817.
+- name : stigrule_215840_service_timestamps_log_datetime_localtime
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215840_service_timestamps_log_datetime_localtime_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215840_Manage
+# R-215844 CISC-ND-001200
+- name : stigrule_215844_ip_ssh_server_algorithm_mac_hmac_sha1
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215844_ip_ssh_server_algorithm_mac_hmac_sha1_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215844_Manage
+# R-215844 CISC-ND-001200
+- name : stigrule_215844_ip_http_secure_ciphersuite_aes_128_cbc_sha
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215844_ip_http_secure_ciphersuite_aes_128_cbc_sha_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215844_Manage
+# R-215845 CISC-ND-001210
+# Option ip http secure-ciphersuite is set in 215844
+- name : stigrule_215845_ip_ssh_server_algorithm_encryption_aes128_cbc_aes128_ctr_aes192_cbc_aes192_ctr
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215845_ip_ssh_server_algorithm_encryption_aes128_cbc_aes128_ctr_aes192_cbc_aes192_ctr_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215845_Manage
+# R-215854 CISC-ND-001370
+# Configure the authentication server key before enabling.
+- name : stigrule_215854_radius_host_10_1_48_2_key_xxxxxx
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215854_radius_host_10_1_48_2_key_xxxxxx_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215854_Manage
+# R-215854 CISC-ND-001370
+# Configure the authentication server key before enabling.
+- name : stigrule_215854_aaa_authentication_login_LOGIN_AUTHENTICATION_group_radius_local
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215854_aaa_authentication_login_LOGIN_AUTHENTICATION_group_radius_local_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215854_Manage
+# R-215854 CISC-ND-001370
+# Configure the authentication server key before enabling.
+- name : stigrule_215854_ip_http_authentication_aaa_login_authentication_LOGIN_AUTHENTICATION
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215854_ip_http_authentication_aaa_login_authentication_LOGIN_AUTHENTICATION_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_215854_Manage
+# R-215854 CISC-ND-001370
+# Configure the authentication server key before enabling.
+- name : stigrule_215854_login_authentication_for_console
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215854_login_authentication_for_console_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215854_login_authentication_for_console_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215854_Manage
+# R-215854 CISC-ND-001370
+# Configure the authentication server key before enabling.
+- name: get line vty sections
+  ios_command:
+    commands: show running-config all | include ^line vty
+  register: cmd_result
+- name : stigrule_215854_login_authentication_for_all_line_vty_sections
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215854_login_authentication_for_all_line_vty_sections_Lines }}"
+    parents: "{{ item }}"
+  loop: "{{ cmd_result.stdout_lines|flatten(levels=1) }}"
+  when:
+    - iosxeSTIG_stigrule_215854_Manage
+# R-215856 CISC-ND-001440
+# Insert an appropriate URL (including protocol and port)
+- name : stigrule_215856_enrollment_url
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_215856_enrollment_url_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_215856_enrollment_url_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_215856_Manage
+# R-216661 CISC-RT-000230
+- name : stigrule_216661_Disable_the_auxiliary_port
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Lines }}"
+    parents: "{{ iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Parents }}"
+  when:
+    - iosxeSTIG_stigrule_216661_Manage
+# R-216675 CISC-RT-000370
+- name : stigrule_216675_no_cdp_run
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216675_no_cdp_run_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_216675_Manage
+# R-216700 CISC-RT-000620
+- name : stigrule_216700_no_mpls_ip_propagate_ttl
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216700_no_mpls_ip_propagate_ttl_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_216700_Manage
+# R-216723 CISC-RT-000850
+- name : stigrule_216723_ip_pim_register_rate_limit_10
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216723_ip_pim_register_rate_limit_10_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_216723_Manage
+# R-216726 CISC-RT-000880
+- name : stigrule_216726_ip_igmp_limit
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216726_ip_igmp_limit_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_216726_Manage
+# R-216727 CISC-RT-000890
+- name : stigrule_216727_ip_pim_spt_threshold_infinity
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216727_ip_pim_spt_threshold_infinity_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_216727_Manage
+# R-216996 CISC-RT-000080
+- name: check for call-home
+  ios_command:
+    commands: show running-config | include ^call-home
+  register: cmd_result
+- name : stigrule_216996_no_call_home
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_216996_no_call_home_Lines }}"
+  when:
+    - (cmd_result.stdout|join('\n')).find('call-home') != -1
+    - iosxeSTIG_stigrule_216996_Manage
+# R-217001 CISC-RT-000750
+# Options drop or ignore are allowed.
+- name : stigrule_217001_ip_options_drop
+  ignore_errors: "{{ ignore_all_errors }}"
+  notify: "save configuration"
+  ios_config:
+    defaults: yes
+    lines: "{{ iosxeSTIG_stigrule_217001_ip_options_drop_Lines }}"
+  when:
+    - iosxeSTIG_stigrule_217001_Manage

collections/ansible_collections/demo/compliance/roles/rhel7STIG/callback_plugins/stig_xml.py

@@ -0,0 +1,93 @@
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible.plugins.callback import CallbackBase
+from time import gmtime, strftime
+import platform
+import tempfile
+import re
+import sys
+import os
+import xml.etree.ElementTree as ET
+import xml.dom.minidom
+
+
+class CallbackModule(CallbackBase):
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = "xml"
+    CALLBACK_NAME = "stig_xml"
+
+    CALLBACK_NEEDS_WHITELIST = True
+
+    def _get_STIG_path(self):
+        cwd = os.path.abspath(".")
+        for dirpath, dirs, files in os.walk(cwd):
+            if os.path.sep + "files" in dirpath and ".xml" in files[0]:
+                return os.path.join(cwd, dirpath, files[0])
+
+    def __init__(self):
+        super(CallbackModule, self).__init__()
+        self.rules = {}
+        self.stig_path = os.environ.get("STIG_PATH")
+        self.XML_path = os.environ.get("XML_PATH")
+        if self.stig_path is None:
+            self.stig_path = self._get_STIG_path()
+        self._display.display("Using STIG_PATH: {}".format(self.stig_path))
+        if self.XML_path is None:
+            self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
+        self._display.display("Using XML_PATH: {}".format(self.XML_path))
+
+        print("Writing: {}".format(self.XML_path))
+        STIG_name = os.path.basename(self.stig_path)
+        ET.register_namespace("cdf", "http://checklists.nist.gov/xccdf/1.2")
+        self.tr = ET.Element("{http://checklists.nist.gov/xccdf/1.2}TestResult")
+        self.tr.set(
+            "id",
+            "xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}".format(STIG_name),
+        )
+        endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
+        self.tr.set("end-time", endtime)
+        tg = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}target")
+        tg.text = platform.node()
+
+    def _get_rev(self, nid):
+        with open(self.stig_path, "r") as f:
+            r = "SV-{}r(?P<rev>\d+)_rule".format(nid)
+            m = re.search(r, f.read())
+        if m:
+            rev = m.group("rev")
+        else:
+            rev = "0"
+        return rev
+
+    def v2_runner_on_ok(self, result):
+        name = result._task.get_name()
+        m = re.search("stigrule_(?P<id>\d+)", name)
+        if m:
+            nid = m.group("id")
+        else:
+            return
+        rev = self._get_rev(nid)
+        key = "{}r{}".format(nid, rev)
+        if self.rules.get(key, "Unknown") != False:
+            self.rules[key] = result.is_changed()
+
+    def v2_playbook_on_stats(self, stats):
+        for rule, changed in self.rules.items():
+            state = "fail" if changed else "pass"
+            rr = ET.SubElement(
+                self.tr, "{http://checklists.nist.gov/xccdf/1.2}rule-result"
+            )
+            rr.set("idref", "xccdf_mil.disa.stig_rule_SV-{}_rule".format(rule))
+            rs = ET.SubElement(rr, "{http://checklists.nist.gov/xccdf/1.2}result")
+            rs.text = state
+        passing = len(self.rules) - sum(self.rules.values())
+        sc = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}score")
+        sc.set("maximum", str(len(self.rules)))
+        sc.set("system", "urn:xccdf:scoring:flat-unweighted")
+        sc.text = str(passing)
+        with open(self.XML_path, "wb") as f:
+            out = ET.tostring(self.tr)
+            pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding="utf-8")
+            f.write(pretty)

collections/ansible_collections/demo/compliance/roles/rhel7STIG/defaults/main.yml

@@ -0,0 +1,503 @@
+# R-204393 RHEL-07-010030
+rhel7STIG_stigrule_204393_Manage: True
+rhel7STIG_stigrule_204393__etc_dconf_db_local_d_01_banner_message_Value: 'true'
+# R-204394 RHEL-07-010040
+rhel7STIG_stigrule_204394_Manage: True
+rhel7STIG_stigrule_204394__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
+# R-204395 RHEL-07-010050
+rhel7STIG_stigrule_204395_Manage: True
+rhel7STIG_stigrule_204395__etc_issue_Dest: /etc/issue
+rhel7STIG_stigrule_204395__etc_issue_Content: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
+
+'
+# R-204396 RHEL-07-010060
+rhel7STIG_stigrule_204396_Manage: True
+rhel7STIG_stigrule_204396__etc_dconf_db_local_d_00_screensaver_Value: 'true'
+# R-204397 RHEL-07-010061
+rhel7STIG_stigrule_204397_Manage: True
+rhel7STIG_stigrule_204397__etc_dconf_db_local_d_00_defaults_Value: 'true'
+# R-204398 RHEL-07-010070
+rhel7STIG_stigrule_204398_Manage: True
+rhel7STIG_stigrule_204398__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
+# R-204399 RHEL-07-010081
+rhel7STIG_stigrule_204399_Manage: True
+rhel7STIG_stigrule_204399__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
+# R-204400 RHEL-07-010082
+rhel7STIG_stigrule_204400_Manage: True
+rhel7STIG_stigrule_204400__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/session/idle-delay'
+# R-204402 RHEL-07-010100
+rhel7STIG_stigrule_204402_Manage: True
+rhel7STIG_stigrule_204402__etc_dconf_db_local_d_00_screensaver_Value: 'true'
+# R-204403 RHEL-07-010101
+rhel7STIG_stigrule_204403_Manage: True
+rhel7STIG_stigrule_204403__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/idle-activation-enabled'
+# R-204404 RHEL-07-010110
+rhel7STIG_stigrule_204404_Manage: True
+rhel7STIG_stigrule_204404__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
+# R-204407 RHEL-07-010120
+rhel7STIG_stigrule_204407_Manage: True
+rhel7STIG_stigrule_204407__etc_security_pwquality_conf_Line: 'ucredit = -1'
+# R-204408 RHEL-07-010130
+rhel7STIG_stigrule_204408_Manage: True
+rhel7STIG_stigrule_204408__etc_security_pwquality_conf_Line: 'lcredit = -1'
+# R-204409 RHEL-07-010140
+rhel7STIG_stigrule_204409_Manage: True
+rhel7STIG_stigrule_204409__etc_security_pwquality_conf_Line: 'dcredit = -1'
+# R-204410 RHEL-07-010150
+rhel7STIG_stigrule_204410_Manage: True
+rhel7STIG_stigrule_204410__etc_security_pwquality_conf_Line: 'ocredit = -1'
+# R-204411 RHEL-07-010160
+rhel7STIG_stigrule_204411_Manage: True
+rhel7STIG_stigrule_204411__etc_security_pwquality_conf_Line: 'difok = 8'
+# R-204412 RHEL-07-010170
+rhel7STIG_stigrule_204412_Manage: True
+rhel7STIG_stigrule_204412__etc_security_pwquality_conf_Line: 'minclass = 4'
+# R-204413 RHEL-07-010180
+rhel7STIG_stigrule_204413_Manage: True
+rhel7STIG_stigrule_204413__etc_security_pwquality_conf_Line: 'maxrepeat = 3'
+# R-204414 RHEL-07-010190
+rhel7STIG_stigrule_204414_Manage: True
+rhel7STIG_stigrule_204414__etc_security_pwquality_conf_Line: 'maxclassrepeat = 4'
+# R-204416 RHEL-07-010210
+rhel7STIG_stigrule_204416_Manage: True
+rhel7STIG_stigrule_204416__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
+# R-204417 RHEL-07-010220
+rhel7STIG_stigrule_204417_Manage: True
+rhel7STIG_stigrule_204417__etc_libuser_conf_Value: 'sha512'
+# R-204418 RHEL-07-010230
+rhel7STIG_stigrule_204418_Manage: True
+rhel7STIG_stigrule_204418__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
+# R-204419 RHEL-07-010240
+rhel7STIG_stigrule_204419_Manage: True
+rhel7STIG_stigrule_204419_chage__m_1_user_Command: chage -m 1
+# R-204420 RHEL-07-010250
+rhel7STIG_stigrule_204420_Manage: True
+rhel7STIG_stigrule_204420__etc_login_defs_Line: 'PASS_MAX_DAYS 60'
+# R-204421 RHEL-07-010260
+rhel7STIG_stigrule_204421_Manage: True
+rhel7STIG_stigrule_204421_chage__M_60_user_Command: chage -M 60
+# R-204423 RHEL-07-010280
+rhel7STIG_stigrule_204423_Manage: True
+rhel7STIG_stigrule_204423__etc_security_pwquality_conf_Line: 'minlen = 15'
+# R-204425 RHEL-07-010300
+rhel7STIG_stigrule_204425_Manage: True
+rhel7STIG_stigrule_204425_PermitEmptyPasswords_Line: PermitEmptyPasswords no
+# R-204426 RHEL-07-010310
+rhel7STIG_stigrule_204426_Manage: True
+rhel7STIG_stigrule_204426__etc_default_useradd_Line: 'INACTIVE=0'
+# R-204431 RHEL-07-010430
+rhel7STIG_stigrule_204431_Manage: True
+rhel7STIG_stigrule_204431__etc_login_defs_Line: 'FAIL_DELAY 4'
+# R-204432 RHEL-07-010440
+rhel7STIG_stigrule_204432_Manage: True
+rhel7STIG_stigrule_204432__etc_gdm_custom_conf_Value: 'false'
+# R-204433 RHEL-07-010450
+rhel7STIG_stigrule_204433_Manage: True
+rhel7STIG_stigrule_204433__etc_gdm_custom_conf_Value: 'false'
+# R-204434 RHEL-07-010460
+rhel7STIG_stigrule_204434_Manage: True
+rhel7STIG_stigrule_204434_PermitUserEnvironment_Line: PermitUserEnvironment no
+# R-204435 RHEL-07-010470
+rhel7STIG_stigrule_204435_Manage: True
+rhel7STIG_stigrule_204435_HostbasedAuthentication_Line: HostbasedAuthentication no
+# R-204442 RHEL-07-020000
+rhel7STIG_stigrule_204442_Manage: True
+rhel7STIG_stigrule_204442_rsh_server_State: removed
+# R-204443 RHEL-07-020010
+rhel7STIG_stigrule_204443_Manage: True
+rhel7STIG_stigrule_204443_ypserv_State: removed
+# R-204445 RHEL-07-020030
+# Edit email address.
+rhel7STIG_stigrule_204445_Manage: True
+rhel7STIG_stigrule_204445__etc_cron_daily_aide_Dest: /etc/cron.daily/aide
+rhel7STIG_stigrule_204445__etc_cron_daily_aide_Content: '#!/bin/bash
+
+
+
+/usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root'
+rhel7STIG_stigrule_204445__etc_cron_daily_aide_Mode: '700'
+rhel7STIG_stigrule_204445_aide_State: installed
+# R-204446 RHEL-07-020040
+# Edit email address.
+rhel7STIG_stigrule_204446_Manage: True
+rhel7STIG_stigrule_204446__etc_cron_daily_aide_notify_Dest: /etc/cron.daily/aide
+rhel7STIG_stigrule_204446__etc_cron_daily_aide_notify_Content: '#!/bin/bash
+
+
+
+/usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root'
+rhel7STIG_stigrule_204446__etc_cron_daily_aide_notify_Mode: '700'
+rhel7STIG_stigrule_204446_aide_notify_State: installed
+# R-204447 RHEL-07-020050
+rhel7STIG_stigrule_204447_Manage: True
+rhel7STIG_stigrule_204447__etc_yum_conf_Value: '1'
+# R-204448 RHEL-07-020060
+rhel7STIG_stigrule_204448_Manage: True
+rhel7STIG_stigrule_204448__etc_yum_conf_Value: '1'
+# R-204449 RHEL-07-020100
+rhel7STIG_stigrule_204449_Manage: True
+rhel7STIG_stigrule_204449__etc_modprobe_d_blacklist_conf_Line: 'blacklist usb-storage'
+rhel7STIG_stigrule_204449__etc_modprobe_d_usb_storage_conf_Line: 'install usb-storage /bin/true'
+# R-204450 RHEL-07-020101
+rhel7STIG_stigrule_204450_Manage: True
+rhel7STIG_stigrule_204450__etc_modprobe_d_dccp_conf_Dest: /etc/modprobe.d/dccp.conf
+rhel7STIG_stigrule_204450__etc_modprobe_d_dccp_conf_Content: 'install dccp /bin/true'
+rhel7STIG_stigrule_204450__etc_modprobe_d_blacklist_conf_Line: 'blacklist dccp'
+# R-204451 RHEL-07-020110
+rhel7STIG_stigrule_204451_Manage: True
+rhel7STIG_stigrule_204451_autofs_disable_Enabled: no
+rhel7STIG_stigrule_204451_autofs_stop_State: stopped
+# R-204452 RHEL-07-020200
+rhel7STIG_stigrule_204452_Manage: True
+rhel7STIG_stigrule_204452__etc_yum_conf_Value: '1'
+# R-204453 RHEL-07-020210
+rhel7STIG_stigrule_204453_Manage: True
+rhel7STIG_stigrule_204453__etc_selinux_config_Line: 'SELINUX=enforcing'
+# R-204454 RHEL-07-020220
+rhel7STIG_stigrule_204454_Manage: True
+rhel7STIG_stigrule_204454__etc_selinux_config_Line: 'SELINUXTYPE=targeted'
+# R-204455 RHEL-07-020230
+rhel7STIG_stigrule_204455_Manage: True
+rhel7STIG_stigrule_204455_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
+# R-204457 RHEL-07-020240
+rhel7STIG_stigrule_204457_Manage: True
+rhel7STIG_stigrule_204457__etc_login_defs_Line: 'UMASK 077'
+# R-204466 RHEL-07-020610
+rhel7STIG_stigrule_204466_Manage: True
+rhel7STIG_stigrule_204466__etc_login_defs_Line: 'CREATE_HOME yes'
+# R-204489 RHEL-07-021100
+rhel7STIG_stigrule_204489_Manage: True
+rhel7STIG_stigrule_204489__etc_rsyslog_conf_Line: 'cron.* /var/log/cron.log'
+# R-204490 RHEL-07-021110
+rhel7STIG_stigrule_204490_Manage: True
+rhel7STIG_stigrule_204490__etc_cron_allow_Dest: /etc/cron.allow
+rhel7STIG_stigrule_204490__etc_cron_allow_Owner: root
+# R-204491 RHEL-07-021120
+rhel7STIG_stigrule_204491_Manage: True
+rhel7STIG_stigrule_204491__etc_cron_allow_Dest: /etc/cron.allow
+rhel7STIG_stigrule_204491__etc_cron_allow_Group: root
+# R-204492 RHEL-07-021300
+# If kernel core dumps are required, document the need with the ISSO.
+rhel7STIG_stigrule_204492_Manage: True
+rhel7STIG_stigrule_204492_kdump_disable_Enabled: no
+rhel7STIG_stigrule_204492_kdump_stop_State: stopped
+# R-204496 RHEL-07-021340
+rhel7STIG_stigrule_204496_Manage: True
+rhel7STIG_stigrule_204496_tmp_mount_Enabled: yes
+# R-204502 RHEL-07-021710
+rhel7STIG_stigrule_204502_Manage: True
+rhel7STIG_stigrule_204502_telnet_server_State: removed
+# R-204503 RHEL-07-030000
+rhel7STIG_stigrule_204503_Manage: True
+rhel7STIG_stigrule_204503_auditd_enable_Enabled: yes
+rhel7STIG_stigrule_204503_auditd_start_State: started
+# R-204504 RHEL-07-030010
+rhel7STIG_stigrule_204504_Manage: True
+rhel7STIG_stigrule_204504__etc_audit_rules_d_audit_rules_critical_error_Line: '-f 2'
+# R-204506 RHEL-07-030201
+rhel7STIG_stigrule_204506_Manage: True
+rhel7STIG_stigrule_204506__etc_audisp_plugins_d_au_remote_conf_direction_Line: 'direction = out'
+rhel7STIG_stigrule_204506__etc_audisp_plugins_d_au_remote_conf_path_Line: 'path = /sbin/audisp-remote'
+rhel7STIG_stigrule_204506__etc_audisp_plugins_d_au_remote_conf_type_Line: 'type = always'
+# R-204507 RHEL-07-030210
+rhel7STIG_stigrule_204507_Manage: True
+rhel7STIG_stigrule_204507__etc_audisp_audispd_conf_Line: 'overflow_action = syslog'
+# R-204508 RHEL-07-030211
+rhel7STIG_stigrule_204508_Manage: True
+rhel7STIG_stigrule_204508__etc_audisp_audispd_conf_Line: 'name_format = hostname'
+# R-204509 RHEL-07-030300
+# Ensure to set the IP address of the log aggregation server.
+rhel7STIG_stigrule_204509_Manage: False
+rhel7STIG_stigrule_204509__etc_audisp_audisp_remote_conf_Line: 'remote_server = 192.0.2.255'
+# R-204510 RHEL-07-030310
+# Ensure to set the IP address of the log aggregation server.
+rhel7STIG_stigrule_204510_Manage: True
+rhel7STIG_stigrule_204510__etc_audisp_audisp_remote_conf_Line: 'enable_krb5 = yes'
+# R-204511 RHEL-07-030320
+rhel7STIG_stigrule_204511_Manage: True
+rhel7STIG_stigrule_204511__etc_audisp_audisp_remote_conf_Line: 'disk_full_action = single'
+# R-204512 RHEL-07-030321
+rhel7STIG_stigrule_204512_Manage: True
+rhel7STIG_stigrule_204512__etc_audisp_audisp_remote_conf_Line: 'network_failure_action = syslog'
+# R-204514 RHEL-07-030340
+rhel7STIG_stigrule_204514_Manage: True
+rhel7STIG_stigrule_204514__etc_audit_auditd_conf_Line: 'space_left_action = email'
+# R-204515 RHEL-07-030350
+rhel7STIG_stigrule_204515_Manage: True
+rhel7STIG_stigrule_204515__etc_audit_auditd_conf_Line: 'action_mail_acct = root'
+# R-204516 RHEL-07-030360
+rhel7STIG_stigrule_204516_Manage: True
+rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_euid_b32_Line: '-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid'
+rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_euid_b64_Line: '-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid'
+rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_egid_b32_Line: '-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid'
+rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_egid_b64_Line: '-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid'
+# R-204517 RHEL-07-030370
+rhel7STIG_stigrule_204517_Manage: True
+rhel7STIG_stigrule_204517__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel7STIG_stigrule_204517__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-204521 RHEL-07-030410
+rhel7STIG_stigrule_204521_Manage: True
+rhel7STIG_stigrule_204521__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel7STIG_stigrule_204521__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-204524 RHEL-07-030440
+rhel7STIG_stigrule_204524_Manage: True
+rhel7STIG_stigrule_204524__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel7STIG_stigrule_204524__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-204531 RHEL-07-030510
+rhel7STIG_stigrule_204531_Manage: True
+rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EPERM_b32_Line: '-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -k access'
+rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EPERM_b64_Line: '-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -k access'
+rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EACCES_b32_Line: '-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -k access'
+rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EACCES_b64_Line: '-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -k access'
+# R-204536 RHEL-07-030560
+rhel7STIG_stigrule_204536_Manage: True
+rhel7STIG_stigrule_204536__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/semanage -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204537 RHEL-07-030570
+rhel7STIG_stigrule_204537_Manage: True
+rhel7STIG_stigrule_204537__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/setsebool -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204538 RHEL-07-030580
+rhel7STIG_stigrule_204538_Manage: True
+rhel7STIG_stigrule_204538__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/chcon -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204539 RHEL-07-030590
+rhel7STIG_stigrule_204539_Manage: True
+rhel7STIG_stigrule_204539__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/setfiles -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204540 RHEL-07-030610
+rhel7STIG_stigrule_204540_Manage: True
+rhel7STIG_stigrule_204540__etc_audit_rules_d_audit_rules_Line: '-w /var/run/faillock -p wa -k logins'
+# R-204541 RHEL-07-030620
+rhel7STIG_stigrule_204541_Manage: True
+rhel7STIG_stigrule_204541__etc_audit_rules_d_audit_rules_Line: '-w /var/log/lastlog -p wa -k logins'
+# R-204542 RHEL-07-030630
+rhel7STIG_stigrule_204542_Manage: True
+rhel7STIG_stigrule_204542__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/passwd -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
+# R-204543 RHEL-07-030640
+rhel7STIG_stigrule_204543_Manage: True
+rhel7STIG_stigrule_204543__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
+# R-204544 RHEL-07-030650
+rhel7STIG_stigrule_204544_Manage: True
+rhel7STIG_stigrule_204544__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/gpasswd -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
+# R-204545 RHEL-07-030660
+rhel7STIG_stigrule_204545_Manage: True
+rhel7STIG_stigrule_204545__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/chage -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
+# R-204546 RHEL-07-030670
+rhel7STIG_stigrule_204546_Manage: True
+rhel7STIG_stigrule_204546__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/userhelper -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
+# R-204547 RHEL-07-030680
+rhel7STIG_stigrule_204547_Manage: True
+rhel7STIG_stigrule_204547__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/su -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204548 RHEL-07-030690
+rhel7STIG_stigrule_204548_Manage: True
+rhel7STIG_stigrule_204548__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204549 RHEL-07-030700
+rhel7STIG_stigrule_204549_Manage: True
+rhel7STIG_stigrule_204549__etc_audit_rules_d_audit_rules_sudoers_Line: '-w /etc/sudoers -p wa -k privileged-actions'
+rhel7STIG_stigrule_204549__etc_audit_rules_d_audit_rules_sudoers_d_Line: '-w /etc/sudoers.d/ -p wa -k privileged-actions'
+# R-204550 RHEL-07-030710
+rhel7STIG_stigrule_204550_Manage: True
+rhel7STIG_stigrule_204550__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204551 RHEL-07-030720
+rhel7STIG_stigrule_204551_Manage: True
+rhel7STIG_stigrule_204551__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/chsh -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
+# R-204552 RHEL-07-030740
+rhel7STIG_stigrule_204552_Manage: True
+rhel7STIG_stigrule_204552__etc_audit_rules_d_audit_rules_mount_b32_Line: '-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
+rhel7STIG_stigrule_204552__etc_audit_rules_d_audit_rules_mount_b64_Line: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
+rhel7STIG_stigrule_204552__etc_audit_rules_d_audit_rules__usr_bin_mount_Line: '-a always,exit -F path=/usr/bin/mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
+# R-204553 RHEL-07-030750
+rhel7STIG_stigrule_204553_Manage: True
+rhel7STIG_stigrule_204553__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/bin/umount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
+# R-204554 RHEL-07-030760
+rhel7STIG_stigrule_204554_Manage: True
+rhel7STIG_stigrule_204554__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/postdrop -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
+# R-204555 RHEL-07-030770
+rhel7STIG_stigrule_204555_Manage: True
+rhel7STIG_stigrule_204555__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/postqueue -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
+# R-204556 RHEL-07-030780
+rhel7STIG_stigrule_204556_Manage: True
+rhel7STIG_stigrule_204556__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid>=1000 -F auid!=4294967295 -k privileged-ssh'
+# R-204557 RHEL-07-030800
+rhel7STIG_stigrule_204557_Manage: True
+rhel7STIG_stigrule_204557__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/crontab -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
+# R-204558 RHEL-07-030810
+rhel7STIG_stigrule_204558_Manage: True
+rhel7STIG_stigrule_204558__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
+# R-204559 RHEL-07-030819
+rhel7STIG_stigrule_204559_Manage: True
+rhel7STIG_stigrule_204559__etc_audit_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S create_module -k module-change'
+rhel7STIG_stigrule_204559__etc_audit_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S create_module -k module-change'
+# R-204560 RHEL-07-030820
+rhel7STIG_stigrule_204560_Manage: True
+rhel7STIG_stigrule_204560__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S init_module,finit_module -k modulechange'
+rhel7STIG_stigrule_204560__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -k modulechange'
+# R-204562 RHEL-07-030830
+rhel7STIG_stigrule_204562_Manage: True
+rhel7STIG_stigrule_204562__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S delete_module -k module-change'
+rhel7STIG_stigrule_204562__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S delete_module -k module-change'
+# R-204563 RHEL-07-030840
+rhel7STIG_stigrule_204563_Manage: True
+rhel7STIG_stigrule_204563__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules'
+# R-204564 RHEL-07-030870
+rhel7STIG_stigrule_204564_Manage: True
+rhel7STIG_stigrule_204564__etc_audit_rules_d_audit_rules_Line: '-w /etc/passwd -p wa -k identity'
+# R-204565 RHEL-07-030871
+rhel7STIG_stigrule_204565_Manage: True
+rhel7STIG_stigrule_204565__etc_audit_audit_rules_Line: '-w /etc/group -p wa -k identity'
+# R-204566 RHEL-07-030872
+rhel7STIG_stigrule_204566_Manage: True
+rhel7STIG_stigrule_204566__etc_audit_audit_rules_Line: '-w /etc/gshadow -p wa -k identity'
+# R-204567 RHEL-07-030873
+rhel7STIG_stigrule_204567_Manage: True
+rhel7STIG_stigrule_204567__etc_audit_audit_rules_Line: '-w /etc/shadow -p wa -k identity'
+# R-204568 RHEL-07-030874
+rhel7STIG_stigrule_204568_Manage: True
+rhel7STIG_stigrule_204568__etc_audit_audit_rules_Line: '-w /etc/security/opasswd -p wa -k identity'
+# R-204572 RHEL-07-030910
+rhel7STIG_stigrule_204572_Manage: True
+rhel7STIG_stigrule_204572__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat,rmdir -F auid>=1000 -F auid!=unset -k delete'
+rhel7STIG_stigrule_204572__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat,rmdir -F auid>=1000 -F auid!=unset -k delete'
+# R-204576 RHEL-07-040000
+rhel7STIG_stigrule_204576_Manage: True
+rhel7STIG_stigrule_204576__etc_security_limits_conf_Line: '* hard maxlogins 10'
+# R-204578 RHEL-07-040110
+rhel7STIG_stigrule_204578_Manage: True
+rhel7STIG_stigrule_204578_Ciphers_Line: Ciphers aes256-ctr,aes192-ctr,aes128-ctr
+# R-204579 RHEL-07-040160
+rhel7STIG_stigrule_204579_Manage: True
+rhel7STIG_stigrule_204579__etc_profile_d_tmout_sh_Dest: /etc/profile.d/tmout.sh
+rhel7STIG_stigrule_204579__etc_profile_d_tmout_sh_Content: '#!/bin/bash
+
+
+
+declare -xr TMOUT=900'
+# R-204580 RHEL-07-040170
+rhel7STIG_stigrule_204580_Manage: True
+rhel7STIG_stigrule_204580_banner_Line: banner /etc/issue
+# R-204584 RHEL-07-040201
+rhel7STIG_stigrule_204584_Manage: True
+rhel7STIG_stigrule_204584_kernel_randomize_va_space_Value: 2
+# R-204585 RHEL-07-040300
+rhel7STIG_stigrule_204585_Manage: True
+rhel7STIG_stigrule_204585_openssh_clients_x86_64_State: installed
+rhel7STIG_stigrule_204585_openssh_server_x86_64_State: installed
+# R-204586 RHEL-07-040310
+rhel7STIG_stigrule_204586_Manage: True
+rhel7STIG_stigrule_204586_sshd_enable_Enabled: yes
+rhel7STIG_stigrule_204586_sshd_start_State: started
+# R-204587 RHEL-07-040320
+rhel7STIG_stigrule_204587_Manage: True
+rhel7STIG_stigrule_204587_ClientAliveInterval_Line: ClientAliveInterval 600
+# R-204588 RHEL-07-040330
+rhel7STIG_stigrule_204588_Manage: True
+rhel7STIG_stigrule_204588_RhostsRSAAuthentication_Line: RhostsRSAAuthentication no
+# R-204589 RHEL-07-040340
+rhel7STIG_stigrule_204589_Manage: True
+rhel7STIG_stigrule_204589_ClientAliveCountMax_Line: ClientAliveCountMax 0
+# R-204590 RHEL-07-040350
+rhel7STIG_stigrule_204590_Manage: True
+rhel7STIG_stigrule_204590_IgnoreRhosts_Line: IgnoreRhosts yes
+# R-204591 RHEL-07-040360
+rhel7STIG_stigrule_204591_Manage: True
+rhel7STIG_stigrule_204591_PrintLastLog_Line: PrintLastLog yes
+# R-204592 RHEL-07-040370
+rhel7STIG_stigrule_204592_Manage: True
+rhel7STIG_stigrule_204592_PermitRootLogin_Line: PermitRootLogin no
+# R-204593 RHEL-07-040380
+rhel7STIG_stigrule_204593_Manage: True
+rhel7STIG_stigrule_204593_IgnoreUserKnownHosts_Line: IgnoreUserKnownHosts yes
+# R-204594 RHEL-07-040390
+rhel7STIG_stigrule_204594_Manage: True
+rhel7STIG_stigrule_204594_Protocol_Line: Protocol 2
+# R-204595 RHEL-07-040400
+rhel7STIG_stigrule_204595_Manage: True
+rhel7STIG_stigrule_204595_MACs_Line: MACs hmac-sha2-512,hmac-sha2-256
+# R-204598 RHEL-07-040430
+rhel7STIG_stigrule_204598_Manage: True
+rhel7STIG_stigrule_204598_GSSAPIAuthentication_Line: GSSAPIAuthentication no
+# R-204599 RHEL-07-040440
+rhel7STIG_stigrule_204599_Manage: True
+rhel7STIG_stigrule_204599_KerberosAuthentication_Line: KerberosAuthentication no
+# R-204600 RHEL-07-040450
+rhel7STIG_stigrule_204600_Manage: True
+rhel7STIG_stigrule_204600_StrictModes_Line: StrictModes yes
+# R-204601 RHEL-07-040460
+rhel7STIG_stigrule_204601_Manage: True
+rhel7STIG_stigrule_204601_UsePrivilegeSeparation_Line: UsePrivilegeSeparation sandbox
+# R-204602 RHEL-07-040470
+rhel7STIG_stigrule_204602_Manage: True
+rhel7STIG_stigrule_204602_Compression_Line: Compression no
+# R-204604 RHEL-07-040520
+rhel7STIG_stigrule_204604_Manage: True
+rhel7STIG_stigrule_204604_firewalld_service_State: installed
+rhel7STIG_stigrule_204604_firewalld_active_Enabled: yes
+rhel7STIG_stigrule_204604_firewalld_start_State: started
+# R-204609 RHEL-07-040610
+rhel7STIG_stigrule_204609_Manage: True
+rhel7STIG_stigrule_204609_net_ipv4_conf_all_accept_source_route_Value: 0
+# R-204610 RHEL-07-040611
+rhel7STIG_stigrule_204610_Manage: True
+rhel7STIG_stigrule_204610_net_ipv4_conf_all_rp_filter_Value: 1
+rhel7STIG_stigrule_204610_net_ipv4_conf_default_rp_filter_Value: 1
+# R-204612 RHEL-07-040620
+rhel7STIG_stigrule_204612_Manage: True
+rhel7STIG_stigrule_204612_net_ipv4_conf_default_accept_source_route_Value: 0
+# R-204613 RHEL-07-040630
+rhel7STIG_stigrule_204613_Manage: True
+rhel7STIG_stigrule_204613_net_ipv4_icmp_echo_ignore_broadcasts_Value: 1
+# R-204614 RHEL-07-040640
+rhel7STIG_stigrule_204614_Manage: True
+rhel7STIG_stigrule_204614_net_ipv4_conf_default_accept_redirects_Value: 0
+# R-204615 RHEL-07-040641
+rhel7STIG_stigrule_204615_Manage: True
+rhel7STIG_stigrule_204615_net_ipv4_conf_all_accept_redirects_Value: 0
+# R-204616 RHEL-07-040650
+rhel7STIG_stigrule_204616_Manage: True
+rhel7STIG_stigrule_204616_net_ipv4_conf_default_send_redirects_Value: 0
+# R-204617 RHEL-07-040660
+rhel7STIG_stigrule_204617_Manage: True
+rhel7STIG_stigrule_204617_net_ipv4_conf_all_send_redirects_Value: 0
+# R-204619 RHEL-07-040680
+rhel7STIG_stigrule_204619_Manage: True
+rhel7STIG_stigrule_204619_postconf__e__smtpd_client_restrictions___permit_mynetworks_reject__Command: postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'
+# R-204620 RHEL-07-040690
+rhel7STIG_stigrule_204620_Manage: True
+rhel7STIG_stigrule_204620_vsftpd_State: removed
+# R-204621 RHEL-07-040700
+rhel7STIG_stigrule_204621_Manage: True
+rhel7STIG_stigrule_204621_tftp_server_State: removed
+# R-204622 RHEL-07-040710
+rhel7STIG_stigrule_204622_Manage: True
+rhel7STIG_stigrule_204622_X11Forwarding_Line: X11Forwarding no
+# R-204624 RHEL-07-040730
+# Document the requirement for an X Windows server with the ISSO or remove.
+rhel7STIG_stigrule_204624_Manage: False
+rhel7STIG_stigrule_204624_xorg_x11_server_common_State: removed
+# R-204625 RHEL-07-040740
+rhel7STIG_stigrule_204625_Manage: True
+rhel7STIG_stigrule_204625_net_ipv4_ip_forward_Value: 0
+# R-204630 RHEL-07-040830
+rhel7STIG_stigrule_204630_Manage: True
+rhel7STIG_stigrule_204630_net_ipv6_conf_all_accept_source_route_Value: 0
+# R-204631 RHEL-07-041001
+rhel7STIG_stigrule_204631_Manage: True
+rhel7STIG_stigrule_204631_pam_pkcs11_State: installed
+# R-204634 RHEL-07-041010
+rhel7STIG_stigrule_204634_Manage: True
+rhel7STIG_stigrule_204634_nmcli_radio_wifi_off_Command: nmcli radio wifi off
+# R-214937 RHEL-07-010062
+rhel7STIG_stigrule_214937_Manage: True
+rhel7STIG_stigrule_214937__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-enabled'
+# R-233307 RHEL-07-040711
+rhel7STIG_stigrule_233307_Manage: True
+rhel7STIG_stigrule_233307_X11UseLocalhost_Line: X11UseLocalhost yes

collections/ansible_collections/demo/compliance/roles/rhel7STIG/handlers/main.yml

@@ -0,0 +1,11 @@
+- name: dconf_update
+  command: dconf update
+- name: auditd_restart
+  command: /usr/sbin/service auditd restart
+- name: ssh_restart
+  service:
+    name: sshd
+    state: restarted
+- name: do_reboot
+  reboot:
+    pre_reboot_delay: 60

collections/ansible_collections/demo/compliance/roles/rhel8STIG/callback_plugins/stig_xml.py

@@ -0,0 +1,93 @@
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible.plugins.callback import CallbackBase
+from time import gmtime, strftime
+import platform
+import tempfile
+import re
+import sys
+import os
+import xml.etree.ElementTree as ET
+import xml.dom.minidom
+
+
+class CallbackModule(CallbackBase):
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = "xml"
+    CALLBACK_NAME = "stig_xml"
+
+    CALLBACK_NEEDS_WHITELIST = True
+
+    def _get_STIG_path(self):
+        cwd = os.path.abspath(".")
+        for dirpath, dirs, files in os.walk(cwd):
+            if os.path.sep + "files" in dirpath and ".xml" in files[0]:
+                return os.path.join(cwd, dirpath, files[0])
+
+    def __init__(self):
+        super(CallbackModule, self).__init__()
+        self.rules = {}
+        self.stig_path = os.environ.get("STIG_PATH")
+        self.XML_path = os.environ.get("XML_PATH")
+        if self.stig_path is None:
+            self.stig_path = self._get_STIG_path()
+        self._display.display("Using STIG_PATH: {}".format(self.stig_path))
+        if self.XML_path is None:
+            self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
+        self._display.display("Using XML_PATH: {}".format(self.XML_path))
+
+        print("Writing: {}".format(self.XML_path))
+        STIG_name = os.path.basename(self.stig_path)
+        ET.register_namespace("cdf", "http://checklists.nist.gov/xccdf/1.2")
+        self.tr = ET.Element("{http://checklists.nist.gov/xccdf/1.2}TestResult")
+        self.tr.set(
+            "id",
+            "xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}".format(STIG_name),
+        )
+        endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
+        self.tr.set("end-time", endtime)
+        tg = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}target")
+        tg.text = platform.node()
+
+    def _get_rev(self, nid):
+        with open(self.stig_path, "r") as f:
+            r = "SV-{}r(?P<rev>\d+)_rule".format(nid)
+            m = re.search(r, f.read())
+        if m:
+            rev = m.group("rev")
+        else:
+            rev = "0"
+        return rev
+
+    def v2_runner_on_ok(self, result):
+        name = result._task.get_name()
+        m = re.search("stigrule_(?P<id>\d+)", name)
+        if m:
+            nid = m.group("id")
+        else:
+            return
+        rev = self._get_rev(nid)
+        key = "{}r{}".format(nid, rev)
+        if self.rules.get(key, "Unknown") != False:
+            self.rules[key] = result.is_changed()
+
+    def v2_playbook_on_stats(self, stats):
+        for rule, changed in self.rules.items():
+            state = "fail" if changed else "pass"
+            rr = ET.SubElement(
+                self.tr, "{http://checklists.nist.gov/xccdf/1.2}rule-result"
+            )
+            rr.set("idref", "xccdf_mil.disa.stig_rule_SV-{}_rule".format(rule))
+            rs = ET.SubElement(rr, "{http://checklists.nist.gov/xccdf/1.2}result")
+            rs.text = state
+        passing = len(self.rules) - sum(self.rules.values())
+        sc = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}score")
+        sc.set("maximum", str(len(self.rules)))
+        sc.set("system", "urn:xccdf:scoring:flat-unweighted")
+        sc.text = str(passing)
+        with open(self.XML_path, "wb") as f:
+            out = ET.tostring(self.tr)
+            pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding="utf-8")
+            f.write(pretty)

collections/ansible_collections/demo/compliance/roles/rhel8STIG/defaults/main.yml

@@ -0,0 +1,571 @@
+# R-230225 RHEL-08-010040
+rhel8STIG_stigrule_230225_Manage: True
+rhel8STIG_stigrule_230225_banner_Line: banner /etc/issue
+# R-230226 RHEL-08-010050
+rhel8STIG_stigrule_230226_Manage: True
+rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
+# R-230227 RHEL-08-010060
+rhel8STIG_stigrule_230227_Manage: True
+rhel8STIG_stigrule_230227__etc_issue_Dest: /etc/issue
+rhel8STIG_stigrule_230227__etc_issue_Content: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
+
+'
+# R-230228 RHEL-08-010070
+rhel8STIG_stigrule_230228_Manage: True
+rhel8STIG_stigrule_230228__etc_rsyslog_conf_Line: 'auth.*;authpriv.*;daemon.* /var/log/secure'
+# R-230231 RHEL-08-010110
+rhel8STIG_stigrule_230231_Manage: True
+rhel8STIG_stigrule_230231__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
+# R-230236 RHEL-08-010151
+rhel8STIG_stigrule_230236_Manage: True
+rhel8STIG_stigrule_230236__usr_lib_systemd_system_rescue_service_Value: '-/usr/lib/systemd/systemd-sulogin-shell rescue'
+# R-230239 RHEL-08-010162
+rhel8STIG_stigrule_230239_Manage: True
+rhel8STIG_stigrule_230239_krb5_workstation_State: removed
+# R-230240 RHEL-08-010170
+rhel8STIG_stigrule_230240_Manage: True
+rhel8STIG_stigrule_230240__etc_selinux_config_Line: 'SELINUX=enforcing'
+# R-230241 RHEL-08-010171
+rhel8STIG_stigrule_230241_Manage: True
+rhel8STIG_stigrule_230241_policycoreutils_State: installed
+# R-230244 RHEL-08-010200
+rhel8STIG_stigrule_230244_Manage: True
+rhel8STIG_stigrule_230244_ClientAliveCountMax_Line: ClientAliveCountMax 1
+# R-230252 RHEL-08-010291
+rhel8STIG_stigrule_230252_Manage: True
+rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
+# R-230255 RHEL-08-010294
+rhel8STIG_stigrule_230255_Manage: True
+rhel8STIG_stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'MinProtocol = TLSv1.2'
+# R-230256 RHEL-08-010295
+rhel8STIG_stigrule_230256_Manage: True
+rhel8STIG_stigrule_230256__etc_crypto_policies_back_ends_gnutls_config_Line: '+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0'
+# R-230265 RHEL-08-010371
+rhel8STIG_stigrule_230265_Manage: True
+rhel8STIG_stigrule_230265__etc_dnf_dnf_conf_Value: '1'
+# R-230266 RHEL-08-010372
+rhel8STIG_stigrule_230266_Manage: True
+rhel8STIG_stigrule_230266__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.kexec_load_disabled = 1'
+# R-230267 RHEL-08-010373
+rhel8STIG_stigrule_230267_Manage: True
+rhel8STIG_stigrule_230267__etc_sysctl_d_99_sysctl_conf_Line: 'fs.protected_symlinks = 1'
+# R-230268 RHEL-08-010374
+rhel8STIG_stigrule_230268_Manage: True
+rhel8STIG_stigrule_230268__etc_sysctl_d_99_sysctl_conf_Line: 'fs.protected_hardlinks = 1'
+# R-230269 RHEL-08-010375
+rhel8STIG_stigrule_230269_Manage: True
+rhel8STIG_stigrule_230269__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.dmesg_restrict = 1'
+# R-230270 RHEL-08-010376
+rhel8STIG_stigrule_230270_Manage: True
+rhel8STIG_stigrule_230270__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.perf_event_paranoid = 2'
+# R-230273 RHEL-08-010390
+rhel8STIG_stigrule_230273_Manage: True
+rhel8STIG_stigrule_230273_esc_State: installed
+rhel8STIG_stigrule_230273_openssl_pkcs11_State: installed
+# R-230275 RHEL-08-010410
+rhel8STIG_stigrule_230275_Manage: True
+rhel8STIG_stigrule_230275_opensc_State: installed
+# R-230280 RHEL-08-010430
+rhel8STIG_stigrule_230280_Manage: True
+rhel8STIG_stigrule_230280__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.randomize_va_space = 2'
+# R-230281 RHEL-08-010440
+rhel8STIG_stigrule_230281_Manage: True
+rhel8STIG_stigrule_230281__etc_dnf_dnf_conf_Value: 'True'
+# R-230282 RHEL-08-010450
+rhel8STIG_stigrule_230282_Manage: True
+rhel8STIG_stigrule_230282__etc_selinux_config_Line: 'SELINUXTYPE=targeted'
+# R-230285 RHEL-08-010471
+rhel8STIG_stigrule_230285_Manage: True
+rhel8STIG_stigrule_230285_rngd_enable_Enabled: yes
+rhel8STIG_stigrule_230285_rngd_start_State: started
+# R-230288 RHEL-08-010500
+rhel8STIG_stigrule_230288_Manage: True
+rhel8STIG_stigrule_230288_StrictModes_Line: StrictModes yes
+# R-230290 RHEL-08-010520
+rhel8STIG_stigrule_230290_Manage: True
+rhel8STIG_stigrule_230290_IgnoreUserKnownHosts_Line: IgnoreUserKnownHosts yes
+# R-230291 RHEL-08-010521
+rhel8STIG_stigrule_230291_Manage: True
+rhel8STIG_stigrule_230291_KerberosAuthentication_Line: KerberosAuthentication no
+# R-230296 RHEL-08-010550
+rhel8STIG_stigrule_230296_Manage: True
+rhel8STIG_stigrule_230296_PermitRootLogin_Line: PermitRootLogin no
+# R-230298 RHEL-08-010561
+rhel8STIG_stigrule_230298_Manage: True
+rhel8STIG_stigrule_230298_rsyslog_enable_Enabled: yes
+rhel8STIG_stigrule_230298_rsyslog_start_State: started
+# R-230310 RHEL-08-010670
+# If kernel core dumps are required, document the need with the ISSO.
+rhel8STIG_stigrule_230310_Manage: True
+rhel8STIG_stigrule_230310_kdump_disable_Enabled: no
+# R-230311 RHEL-08-010671
+rhel8STIG_stigrule_230311_Manage: True
+rhel8STIG_stigrule_230311__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.core_pattern=|/bin/false'
+rhel8STIG_stigrule_230311_kernel_core_pattern_Value: '|/bin/false'
+# R-230313 RHEL-08-010673
+rhel8STIG_stigrule_230313_Manage: True
+rhel8STIG_stigrule_230313__etc_security_limits_conf_Line: '* hard core 0'
+# R-230314 RHEL-08-010674
+rhel8STIG_stigrule_230314_Manage: True
+rhel8STIG_stigrule_230314__etc_systemd_coredump_conf_Line: 'Storage=none'
+# R-230315 RHEL-08-010675
+rhel8STIG_stigrule_230315_Manage: True
+rhel8STIG_stigrule_230315__etc_systemd_coredump_conf_Line: 'ProcessSizeMax=0'
+# R-230324 RHEL-08-010760
+rhel8STIG_stigrule_230324_Manage: True
+rhel8STIG_stigrule_230324__etc_login_defs_Line: 'CREATE_HOME yes'
+# R-230329 RHEL-08-010820
+rhel8STIG_stigrule_230329_Manage: True
+rhel8STIG_stigrule_230329__etc_gdm_custom_conf_Value: 'false'
+# R-230330 RHEL-08-010830
+rhel8STIG_stigrule_230330_Manage: True
+rhel8STIG_stigrule_230330_PermitUserEnvironment_Line: PermitUserEnvironment no
+# R-230346 RHEL-08-020024
+rhel8STIG_stigrule_230346_Manage: True
+rhel8STIG_stigrule_230346__etc_security_limits_conf_Line: '* hard maxlogins 10'
+# R-230347 RHEL-08-020030
+rhel8STIG_stigrule_230347_Manage: True
+rhel8STIG_stigrule_230347__etc_dconf_db_local_d_00_screensaver_Value: 'true'
+# R-230348 RHEL-08-020040
+rhel8STIG_stigrule_230348_Manage: True
+rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State: installed
+rhel8STIG_stigrule_230348__etc_tmux_conf_Line: 'set -g lock-command vlock'
+# R-230349 RHEL-08-020041
+rhel8STIG_stigrule_230349_Manage: True
+rhel8STIG_stigrule_230349__etc_bashrc_Line: '[ -n "$PS1" -a -z "$TMUX" ] && exec tmux'
+# R-230352 RHEL-08-020060
+rhel8STIG_stigrule_230352_Manage: True
+rhel8STIG_stigrule_230352__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
+# R-230353 RHEL-08-020070
+rhel8STIG_stigrule_230353_Manage: True
+rhel8STIG_stigrule_230353__etc_tmux_conf_Line: 'set -g lock-after-time 900'
+# R-230354 RHEL-08-020080
+rhel8STIG_stigrule_230354_Manage: True
+rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
+# R-230357 RHEL-08-020110
+rhel8STIG_stigrule_230357_Manage: True
+rhel8STIG_stigrule_230357__etc_security_pwquality_conf_Line: 'ucredit = -1'
+# R-230358 RHEL-08-020120
+rhel8STIG_stigrule_230358_Manage: True
+rhel8STIG_stigrule_230358__etc_security_pwquality_conf_Line: 'lcredit = -1'
+# R-230359 RHEL-08-020130
+rhel8STIG_stigrule_230359_Manage: True
+rhel8STIG_stigrule_230359__etc_security_pwquality_conf_Line: 'dcredit = -1'
+# R-230360 RHEL-08-020140
+rhel8STIG_stigrule_230360_Manage: True
+rhel8STIG_stigrule_230360__etc_security_pwquality_conf_Line: 'maxclassrepeat = 4'
+# R-230361 RHEL-08-020150
+rhel8STIG_stigrule_230361_Manage: True
+rhel8STIG_stigrule_230361__etc_security_pwquality_conf_Line: 'maxrepeat = 3'
+# R-230362 RHEL-08-020160
+rhel8STIG_stigrule_230362_Manage: True
+rhel8STIG_stigrule_230362__etc_security_pwquality_conf_Line: 'minclass = 4'
+# R-230363 RHEL-08-020170
+rhel8STIG_stigrule_230363_Manage: True
+rhel8STIG_stigrule_230363__etc_security_pwquality_conf_Line: 'difok = 8'
+# R-230365 RHEL-08-020190
+rhel8STIG_stigrule_230365_Manage: True
+rhel8STIG_stigrule_230365__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
+# R-230366 RHEL-08-020200
+rhel8STIG_stigrule_230366_Manage: True
+rhel8STIG_stigrule_230366__etc_login_defs_Line: 'PASS_MAX_DAYS 60'
+# R-230369 RHEL-08-020230
+rhel8STIG_stigrule_230369_Manage: True
+rhel8STIG_stigrule_230369__etc_security_pwquality_conf_Line: 'minlen = 15'
+# R-230370 RHEL-08-020231
+rhel8STIG_stigrule_230370_Manage: True
+rhel8STIG_stigrule_230370__etc_login_defs_Line: 'PASS_MIN_LEN 15'
+# R-230375 RHEL-08-020280
+rhel8STIG_stigrule_230375_Manage: True
+rhel8STIG_stigrule_230375__etc_security_pwquality_conf_Line: 'ocredit = -1'
+# R-230377 RHEL-08-020300
+rhel8STIG_stigrule_230377_Manage: True
+rhel8STIG_stigrule_230377__etc_security_pwquality_conf_Line: 'dictcheck = 1'
+# R-230378 RHEL-08-020310
+rhel8STIG_stigrule_230378_Manage: True
+rhel8STIG_stigrule_230378__etc_login_defs_Line: 'FAIL_DELAY 4'
+# R-230382 RHEL-08-020350
+rhel8STIG_stigrule_230382_Manage: True
+rhel8STIG_stigrule_230382_PrintLastLog_Line: PrintLastLog yes
+# R-230383 RHEL-08-020351
+rhel8STIG_stigrule_230383_Manage: True
+rhel8STIG_stigrule_230383__etc_login_defs_Line: 'UMASK 077'
+# R-230386 RHEL-08-030000
+rhel8STIG_stigrule_230386_Manage: True
+rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32_Line: '-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv'
+rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64_Line: '-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv'
+rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32_Line: '-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv'
+rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64_Line: '-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv'
+# R-230387 RHEL-08-030010
+rhel8STIG_stigrule_230387_Manage: True
+rhel8STIG_stigrule_230387__etc_rsyslog_conf_Line: 'cron.* /var/log/cron'
+# R-230388 RHEL-08-030020
+rhel8STIG_stigrule_230388_Manage: True
+rhel8STIG_stigrule_230388__etc_audit_auditd_conf_Line: 'action_mail_acct = root'
+# R-230389 RHEL-08-030030
+rhel8STIG_stigrule_230389_Manage: True
+rhel8STIG_stigrule_230389__etc_aliases_Line: 'postmaster: root'
+# R-230390 RHEL-08-030040
+rhel8STIG_stigrule_230390_Manage: True
+rhel8STIG_stigrule_230390__etc_audit_auditd_conf_Line: 'disk_error_action = HALT'
+# R-230392 RHEL-08-030060
+rhel8STIG_stigrule_230392_Manage: True
+rhel8STIG_stigrule_230392__etc_audit_auditd_conf_Line: 'disk_full_action = HALT'
+# R-230393 RHEL-08-030061
+rhel8STIG_stigrule_230393_Manage: True
+rhel8STIG_stigrule_230393__etc_audit_auditd_conf_Line: 'local_events = yes'
+# R-230394 RHEL-08-030062
+rhel8STIG_stigrule_230394_Manage: True
+rhel8STIG_stigrule_230394__etc_audit_auditd_conf_Line: 'name_format = hostname'
+# R-230395 RHEL-08-030063
+rhel8STIG_stigrule_230395_Manage: True
+rhel8STIG_stigrule_230395__etc_audit_auditd_conf_Line: 'log_format = ENRICHED'
+# R-230396 RHEL-08-030070
+rhel8STIG_stigrule_230396_Manage: True
+rhel8STIG_stigrule_230396__etc_audit_auditd_conf_Line: 'log_group = root'
+# R-230398 RHEL-08-030090
+# A duplicate of 230396
+# duplicate of 230396
+# R-230402 RHEL-08-030121
+rhel8STIG_stigrule_230402_Manage: True
+rhel8STIG_stigrule_230402__etc_audit_rules_d_audit_rules_e2_Line: '-e 2'
+# R-230403 RHEL-08-030122
+rhel8STIG_stigrule_230403_Manage: True
+rhel8STIG_stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable_Line: '--loginuid-immutable'
+# R-230404 RHEL-08-030130
+rhel8STIG_stigrule_230404_Manage: True
+rhel8STIG_stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow_Line: '-w /etc/shadow -p wa -k identity'
+# R-230405 RHEL-08-030140
+rhel8STIG_stigrule_230405_Manage: True
+rhel8STIG_stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd_Line: '-w /etc/security/opasswd -p wa -k identity'
+# R-230406 RHEL-08-030150
+rhel8STIG_stigrule_230406_Manage: True
+rhel8STIG_stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd_Line: '-w /etc/passwd -p wa -k identity'
+# R-230407 RHEL-08-030160
+rhel8STIG_stigrule_230407_Manage: True
+rhel8STIG_stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow_Line: '-w /etc/gshadow -p wa -k identity'
+# R-230408 RHEL-08-030170
+rhel8STIG_stigrule_230408_Manage: True
+rhel8STIG_stigrule_230408__etc_audit_rules_d_audit_rules__etc_group_Line: '-w /etc/group -p wa -k identity'
+# R-230409 RHEL-08-030171
+rhel8STIG_stigrule_230409_Manage: True
+rhel8STIG_stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers_Line: '-w /etc/sudoers -p wa -k identity'
+# R-230410 RHEL-08-030172
+rhel8STIG_stigrule_230410_Manage: True
+rhel8STIG_stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d__Line: '-w /etc/sudoers.d/ -p wa -k identity'
+# R-230411 RHEL-08-030180
+rhel8STIG_stigrule_230411_Manage: True
+rhel8STIG_stigrule_230411_audit_State: installed
+# R-230412 RHEL-08-030190
+rhel8STIG_stigrule_230412_Manage: True
+rhel8STIG_stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su_Line: '-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change'
+# R-230413 RHEL-08-030200
+rhel8STIG_stigrule_230413_Manage: True
+rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod'
+rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod'
+# R-230418 RHEL-08-030250
+rhel8STIG_stigrule_230418_Manage: True
+rhel8STIG_stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage_Line: '-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage'
+# R-230419 RHEL-08-030260
+rhel8STIG_stigrule_230419_Manage: True
+rhel8STIG_stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon_Line: '-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-230421 RHEL-08-030280
+rhel8STIG_stigrule_230421_Manage: True
+rhel8STIG_stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent_Line: '-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh'
+# R-230422 RHEL-08-030290
+rhel8STIG_stigrule_230422_Manage: True
+rhel8STIG_stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd_Line: '-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd'
+# R-230423 RHEL-08-030300
+rhel8STIG_stigrule_230423_Manage: True
+rhel8STIG_stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount_Line: '-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount'
+# R-230424 RHEL-08-030301
+rhel8STIG_stigrule_230424_Manage: True
+rhel8STIG_stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount_Line: '-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount'
+# R-230425 RHEL-08-030302
+rhel8STIG_stigrule_230425_Manage: True
+rhel8STIG_stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32_Line: '-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount'
+rhel8STIG_stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64_Line: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount'
+# R-230426 RHEL-08-030310
+rhel8STIG_stigrule_230426_Manage: True
+rhel8STIG_stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update_Line: '-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230427 RHEL-08-030311
+rhel8STIG_stigrule_230427_Manage: True
+rhel8STIG_stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop_Line: '-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230428 RHEL-08-030312
+rhel8STIG_stigrule_230428_Manage: True
+rhel8STIG_stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue_Line: '-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230429 RHEL-08-030313
+rhel8STIG_stigrule_230429_Manage: True
+rhel8STIG_stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage_Line: '-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230430 RHEL-08-030314
+rhel8STIG_stigrule_230430_Manage: True
+rhel8STIG_stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles_Line: '-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230431 RHEL-08-030315
+rhel8STIG_stigrule_230431_Manage: True
+rhel8STIG_stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper_Line: '-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230432 RHEL-08-030316
+rhel8STIG_stigrule_230432_Manage: True
+rhel8STIG_stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool_Line: '-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230433 RHEL-08-030317
+rhel8STIG_stigrule_230433_Manage: True
+rhel8STIG_stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd_Line: '-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
+# R-230434 RHEL-08-030320
+rhel8STIG_stigrule_230434_Manage: True
+rhel8STIG_stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign_Line: '-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh'
+# R-230435 RHEL-08-030330
+rhel8STIG_stigrule_230435_Manage: True
+rhel8STIG_stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl_Line: '-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-230436 RHEL-08-030340
+rhel8STIG_stigrule_230436_Manage: True
+rhel8STIG_stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check_Line: '-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check'
+# R-230437 RHEL-08-030350
+rhel8STIG_stigrule_230437_Manage: True
+rhel8STIG_stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp_Line: '-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
+# R-230438 RHEL-08-030360
+rhel8STIG_stigrule_230438_Manage: True
+rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32_Line: '-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
+rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
+# R-230439 RHEL-08-030361
+rhel8STIG_stigrule_230439_Manage: True
+rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
+rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
+# R-230444 RHEL-08-030370
+rhel8STIG_stigrule_230444_Manage: True
+rhel8STIG_stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd_Line: '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd'
+# R-230446 RHEL-08-030390
+rhel8STIG_stigrule_230446_Manage: True
+rhel8STIG_stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32_Line: '-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng'
+rhel8STIG_stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64_Line: '-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng'
+# R-230447 RHEL-08-030400
+rhel8STIG_stigrule_230447_Manage: True
+rhel8STIG_stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab_Line: '-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab'
+# R-230448 RHEL-08-030410
+rhel8STIG_stigrule_230448_Manage: True
+rhel8STIG_stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh_Line: '-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
+# R-230449 RHEL-08-030420
+rhel8STIG_stigrule_230449_Manage: True
+rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32_Line: '-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access'
+rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64_Line: '-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access'
+rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32_Line: '-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access'
+rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64_Line: '-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access'
+# R-230455 RHEL-08-030480
+rhel8STIG_stigrule_230455_Manage: True
+rhel8STIG_stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32_Line: '-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel8STIG_stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64_Line: '-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-230456 RHEL-08-030490
+rhel8STIG_stigrule_230456_Manage: True
+rhel8STIG_stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32_Line: '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
+rhel8STIG_stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64_Line: '-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-230462 RHEL-08-030550
+rhel8STIG_stigrule_230462_Manage: True
+rhel8STIG_stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo_Line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
+# R-230463 RHEL-08-030560
+rhel8STIG_stigrule_230463_Manage: True
+rhel8STIG_stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod_Line: '-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod'
+# R-230464 RHEL-08-030570
+rhel8STIG_stigrule_230464_Manage: True
+rhel8STIG_stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl_Line: '-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
+# R-230465 RHEL-08-030580
+rhel8STIG_stigrule_230465_Manage: True
+rhel8STIG_stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod_Line: '-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules'
+# R-230466 RHEL-08-030590
+rhel8STIG_stigrule_230466_Manage: True
+rhel8STIG_stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock_Line: '-w /var/log/faillock -p wa -k logins'
+# R-230467 RHEL-08-030600
+rhel8STIG_stigrule_230467_Manage: True
+rhel8STIG_stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog_Line: '-w /var/log/lastlog -p wa -k logins'
+# R-230477 RHEL-08-030670
+rhel8STIG_stigrule_230477_Manage: True
+rhel8STIG_stigrule_230477_rsyslog_State: installed
+# R-230478 RHEL-08-030680
+rhel8STIG_stigrule_230478_Manage: True
+rhel8STIG_stigrule_230478_rsyslog_gnutls_State: installed
+# R-230480 RHEL-08-030700
+rhel8STIG_stigrule_230480_Manage: True
+rhel8STIG_stigrule_230480__etc_audit_auditd_conf_Line: 'overflow_action = syslog'
+# R-230481 RHEL-08-030710
+rhel8STIG_stigrule_230481_Manage: True
+rhel8STIG_stigrule_230481__etc_rsyslog_conf_DefaultNetstreamDriver_Line: '$DefaultNetstreamDriver gtls'
+rhel8STIG_stigrule_230481__etc_rsyslog_conf_ActionSendStreamDriverMode_Line: '$ActionSendStreamDriverMode 1'
+# R-230482 RHEL-08-030720
+rhel8STIG_stigrule_230482_Manage: True
+rhel8STIG_stigrule_230482__etc_rsyslog_conf_DefaultNetstreamDriver_Line: '$ActionSendStreamDriverAuthMode x509/name'
+# R-230483 RHEL-08-030730
+rhel8STIG_stigrule_230483_Manage: True
+rhel8STIG_stigrule_230483__etc_audit_auditd_conf_space_left_Line: 'space_left = 25%'
+# R-230487 RHEL-08-040000
+rhel8STIG_stigrule_230487_Manage: True
+rhel8STIG_stigrule_230487_telnet_server_State: removed
+# R-230488 RHEL-08-040001
+rhel8STIG_stigrule_230488_Manage: True
+rhel8STIG_stigrule_230488_abrt__State: removed
+# R-230489 RHEL-08-040002
+rhel8STIG_stigrule_230489_Manage: True
+rhel8STIG_stigrule_230489_sendmail_State: removed
+# R-230492 RHEL-08-040010
+rhel8STIG_stigrule_230492_Manage: True
+rhel8STIG_stigrule_230492_rsh_server_State: removed
+# R-230502 RHEL-08-040070
+rhel8STIG_stigrule_230502_Manage: True
+rhel8STIG_stigrule_230502_autofs_stop_State: stopped
+rhel8STIG_stigrule_230502_autofs_disable_Enabled: no
+# R-230505 RHEL-08-040100
+rhel8STIG_stigrule_230505_Manage: True
+rhel8STIG_stigrule_230505_firewalld_noarch_State: installed
+# R-230506 RHEL-08-040110
+rhel8STIG_stigrule_230506_Manage: True
+rhel8STIG_stigrule_230506_nmcli_radio_wifi_off_Command: nmcli radio wifi off
+# R-230526 RHEL-08-040160
+rhel8STIG_stigrule_230526_Manage: True
+rhel8STIG_stigrule_230526_ensure_openssh_server_x86_64_is_installed_State: installed
+rhel8STIG_stigrule_230526_sshd_enable_Enabled: yes
+# R-230527 RHEL-08-040161
+rhel8STIG_stigrule_230527_Manage: True
+rhel8STIG_stigrule_230527_RekeyLimit_Line: RekeyLimit 1G 1h
+# R-230529 RHEL-08-040170
+rhel8STIG_stigrule_230529_Manage: True
+rhel8STIG_stigrule_230529_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
+# R-230531 RHEL-08-040172
+rhel8STIG_stigrule_230531_Manage: True
+rhel8STIG_stigrule_230531__etc_systemd_system_conf_Value: 'none'
+# R-230533 RHEL-08-040190
+rhel8STIG_stigrule_230533_Manage: True
+rhel8STIG_stigrule_230533_tftp_server_State: removed
+# R-230535 RHEL-08-040210
+rhel8STIG_stigrule_230535_Manage: True
+rhel8STIG_stigrule_230535_net_ipv6_conf_default_accept_redirects_Value: 0
+# R-230536 RHEL-08-040220
+rhel8STIG_stigrule_230536_Manage: True
+rhel8STIG_stigrule_230536_net_ipv4_conf_all_send_redirects_Value: 0
+# R-230537 RHEL-08-040230
+rhel8STIG_stigrule_230537_Manage: True
+rhel8STIG_stigrule_230537_net_ipv4_icmp_echo_ignore_broadcasts_Value: 1
+# R-230538 RHEL-08-040240
+rhel8STIG_stigrule_230538_Manage: True
+rhel8STIG_stigrule_230538_net_ipv6_conf_all_accept_source_route_Value: 0
+# R-230539 RHEL-08-040250
+rhel8STIG_stigrule_230539_Manage: True
+rhel8STIG_stigrule_230539_net_ipv6_conf_default_accept_source_route_Value: 0
+# R-230540 RHEL-08-040260
+rhel8STIG_stigrule_230540_Manage: True
+rhel8STIG_stigrule_230540_net_ipv4_ip_forward_Value: 0
+rhel8STIG_stigrule_230540_net_ipv6_conf_all_forwarding_Value: 0
+# R-230541 RHEL-08-040261
+rhel8STIG_stigrule_230541_Manage: True
+rhel8STIG_stigrule_230541_net_ipv6_conf_all_accept_ra_Value: 0
+# R-230542 RHEL-08-040262
+rhel8STIG_stigrule_230542_Manage: True
+rhel8STIG_stigrule_230542_net_ipv6_conf_default_accept_ra_Value: 0
+# R-230543 RHEL-08-040270
+rhel8STIG_stigrule_230543_Manage: True
+rhel8STIG_stigrule_230543_net_ipv4_conf_default_send_redirects_Value: 0
+# R-230544 RHEL-08-040280
+rhel8STIG_stigrule_230544_Manage: True
+rhel8STIG_stigrule_230544_net_ipv6_conf_all_accept_redirects_Value: 0
+# R-230545 RHEL-08-040281
+rhel8STIG_stigrule_230545_Manage: True
+rhel8STIG_stigrule_230545__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.unprivileged_bpf_disabled = 1'
+# R-230546 RHEL-08-040282
+rhel8STIG_stigrule_230546_Manage: True
+rhel8STIG_stigrule_230546__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.yama.ptrace_scope = 1'
+rhel8STIG_stigrule_230546_kernel_yama_ptrace_scope_Value: 1
+# R-230547 RHEL-08-040283
+rhel8STIG_stigrule_230547_Manage: True
+rhel8STIG_stigrule_230547__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.kptr_restrict = 1'
+# R-230548 RHEL-08-040284
+rhel8STIG_stigrule_230548_Manage: True
+rhel8STIG_stigrule_230548__etc_sysctl_d_99_sysctl_conf_Line: 'user.max_user_namespaces = 0'
+rhel8STIG_stigrule_230548_user_max_user_namespaces_Value: 0
+# R-230549 RHEL-08-040285
+rhel8STIG_stigrule_230549_Manage: True
+rhel8STIG_stigrule_230549__etc_sysctl_d_99_sysctl_conf_Line: 'net.ipv4.conf.all.rp_filter = 1'
+# R-230555 RHEL-08-040340
+rhel8STIG_stigrule_230555_Manage: True
+rhel8STIG_stigrule_230555_X11Forwarding_Line: X11Forwarding no
+# R-230556 RHEL-08-040341
+rhel8STIG_stigrule_230556_Manage: True
+rhel8STIG_stigrule_230556_X11UseLocalhost_Line: X11UseLocalhost yes
+# R-230558 RHEL-08-040360
+rhel8STIG_stigrule_230558_Manage: True
+rhel8STIG_stigrule_230558_vsftpd_State: removed
+# R-230559 RHEL-08-040370
+rhel8STIG_stigrule_230559_Manage: True
+rhel8STIG_stigrule_230559_gssproxy_State: removed
+# R-230560 RHEL-08-040380
+rhel8STIG_stigrule_230560_Manage: True
+rhel8STIG_stigrule_230560_iprutils_State: removed
+# R-230561 RHEL-08-040390
+rhel8STIG_stigrule_230561_Manage: True
+rhel8STIG_stigrule_230561_tuned_State: removed
+# R-244519 RHEL-08-010049
+rhel8STIG_stigrule_244519_Manage: True
+rhel8STIG_stigrule_244519__etc_dconf_db_local_d_01_banner_message_Value: 'true'
+# R-244523 RHEL-08-010152
+rhel8STIG_stigrule_244523_Manage: True
+rhel8STIG_stigrule_244523__usr_lib_systemd_system_emergency_service_Value: '-/usr/lib/systemd/systemd-sulogin-shell emergency'
+# R-244525 RHEL-08-010201
+rhel8STIG_stigrule_244525_Manage: True
+rhel8STIG_stigrule_244525_ClientAliveInterval_Line: ClientAliveInterval 600
+# R-244527 RHEL-08-010472
+rhel8STIG_stigrule_244527_Manage: True
+rhel8STIG_stigrule_244527_rng_tools_State: installed
+# R-244528 RHEL-08-010522
+rhel8STIG_stigrule_244528_Manage: True
+rhel8STIG_stigrule_244528_GSSAPIAuthentication_Line: GSSAPIAuthentication no
+# R-244535 RHEL-08-020031
+rhel8STIG_stigrule_244535_Manage: True
+rhel8STIG_stigrule_244535__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
+# R-244536 RHEL-08-020032
+rhel8STIG_stigrule_244536_Manage: True
+rhel8STIG_stigrule_244536__etc_dconf_db_local_d_02_login_screen_Value: 'true'
+# R-244537 RHEL-08-020039
+rhel8STIG_stigrule_244537_Manage: True
+rhel8STIG_stigrule_244537_tmux_State: installed
+# R-244538 RHEL-08-020081
+rhel8STIG_stigrule_244538_Manage: True
+rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line: '/org/gnome/desktop/session/idle-delay'
+# R-244539 RHEL-08-020082
+rhel8STIG_stigrule_244539_Manage: True
+rhel8STIG_stigrule_244539__etc_dconf_db_local_d_locks_session_lock_enabled_Line: '/org/gnome/desktop/screensaver/lock-enabled'
+# R-244542 RHEL-08-030181
+rhel8STIG_stigrule_244542_Manage: True
+rhel8STIG_stigrule_244542_auditd_enable_Enabled: yes
+rhel8STIG_stigrule_244542_auditd_start_State: started
+# R-244543 RHEL-08-030731
+rhel8STIG_stigrule_244543_Manage: True
+rhel8STIG_stigrule_244543__etc_audit_auditd_conf_space_left_action_Line: 'space_left_action = email'
+# R-244544 RHEL-08-040101
+rhel8STIG_stigrule_244544_Manage: True
+rhel8STIG_stigrule_244544_firewalld_enable_Enabled: yes
+# R-244549 RHEL-08-040159
+rhel8STIG_stigrule_244549_Manage: True
+rhel8STIG_stigrule_244549_openssh_server_x86_64_State: installed
+# R-244550 RHEL-08-040209
+rhel8STIG_stigrule_244550_Manage: True
+rhel8STIG_stigrule_244550_net_ipv4_conf_default_accept_redirects_Value: 0
+# R-244551 RHEL-08-040239
+rhel8STIG_stigrule_244551_Manage: True
+rhel8STIG_stigrule_244551_net_ipv4_conf_all_accept_source_route_Value: 0
+# R-244552 RHEL-08-040249
+rhel8STIG_stigrule_244552_Manage: True
+rhel8STIG_stigrule_244552_net_ipv4_conf_default_accept_source_route_Value: 0
+# R-244553 RHEL-08-040279
+rhel8STIG_stigrule_244553_Manage: True
+rhel8STIG_stigrule_244553_net_ipv4_conf_all_accept_redirects_Value: 0
+# R-244554 RHEL-08-040286
+rhel8STIG_stigrule_244554_Manage: True
+rhel8STIG_stigrule_244554__etc_sysctl_d_99_sysctl_conf_Line: 'net.core.bpf_jit_harden = 2'

collections/ansible_collections/demo/compliance/roles/rhel8STIG/handlers/main.yml

@@ -0,0 +1,11 @@
+- name: dconf_update
+  command: dconf update
+- name: auditd_restart
+  command: /usr/sbin/service auditd restart
+- name: ssh_restart
+  service:
+    name: sshd
+    state: restarted
+- name: do_reboot
+  reboot:
+    pre_reboot_delay: 60

collections/ansible_collections/demo/compliance/roles/win2022STIG/callback_plugins/stig_xml.py

@@ -0,0 +1,93 @@
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible.plugins.callback import CallbackBase
+from time import gmtime, strftime
+import platform
+import tempfile
+import re
+import sys
+import os
+import xml.etree.ElementTree as ET
+import xml.dom.minidom
+
+
+class CallbackModule(CallbackBase):
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = "xml"
+    CALLBACK_NAME = "stig_xml"
+
+    CALLBACK_NEEDS_WHITELIST = True
+
+    def _get_STIG_path(self):
+        cwd = os.path.abspath(".")
+        for dirpath, dirs, files in os.walk(cwd):
+            if os.path.sep + "files" in dirpath and ".xml" in files[0]:
+                return os.path.join(cwd, dirpath, files[0])
+
+    def __init__(self):
+        super(CallbackModule, self).__init__()
+        self.rules = {}
+        self.stig_path = os.environ.get("STIG_PATH")
+        self.XML_path = os.environ.get("XML_PATH")
+        if self.stig_path is None:
+            self.stig_path = self._get_STIG_path()
+        self._display.display("Using STIG_PATH: {}".format(self.stig_path))
+        if self.XML_path is None:
+            self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
+        self._display.display("Using XML_PATH: {}".format(self.XML_path))
+
+        print("Writing: {}".format(self.XML_path))
+        STIG_name = os.path.basename(self.stig_path)
+        ET.register_namespace("cdf", "http://checklists.nist.gov/xccdf/1.2")
+        self.tr = ET.Element("{http://checklists.nist.gov/xccdf/1.2}TestResult")
+        self.tr.set(
+            "id",
+            "xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}".format(STIG_name),
+        )
+        endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
+        self.tr.set("end-time", endtime)
+        tg = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}target")
+        tg.text = platform.node()
+
+    def _get_rev(self, nid):
+        with open(self.stig_path, "r") as f:
+            r = "SV-{}r(?P<rev>\d+)_rule".format(nid)
+            m = re.search(r, f.read())
+        if m:
+            rev = m.group("rev")
+        else:
+            rev = "0"
+        return rev
+
+    def v2_runner_on_ok(self, result):
+        name = result._task.get_name()
+        m = re.search("stigrule_(?P<id>\d+)", name)
+        if m:
+            nid = m.group("id")
+        else:
+            return
+        rev = self._get_rev(nid)
+        key = "{}r{}".format(nid, rev)
+        if self.rules.get(key, "Unknown") != False:
+            self.rules[key] = result.is_changed()
+
+    def v2_playbook_on_stats(self, stats):
+        for rule, changed in self.rules.items():
+            state = "fail" if changed else "pass"
+            rr = ET.SubElement(
+                self.tr, "{http://checklists.nist.gov/xccdf/1.2}rule-result"
+            )
+            rr.set("idref", "xccdf_mil.disa.stig_rule_SV-{}_rule".format(rule))
+            rs = ET.SubElement(rr, "{http://checklists.nist.gov/xccdf/1.2}result")
+            rs.text = state
+        passing = len(self.rules) - sum(self.rules.values())
+        sc = ET.SubElement(self.tr, "{http://checklists.nist.gov/xccdf/1.2}score")
+        sc.set("maximum", str(len(self.rules)))
+        sc.set("system", "urn:xccdf:scoring:flat-unweighted")
+        sc.text = str(passing)
+        with open(self.XML_path, "wb") as f:
+            out = ET.tostring(self.tr)
+            pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding="utf-8")
+            f.write(pretty)

collections/ansible_collections/demo/compliance/roles/win2022STIG/defaults/main.yml

@@ -0,0 +1,939 @@
+# R-254269 WN22-00-000320
+win2022STIG_stigrule_254269_Manage: True
+win2022STIG_stigrule_254269_Fax_State: absent
+# R-254270 WN22-00-000330
+win2022STIG_stigrule_254270_Manage: True
+win2022STIG_stigrule_254270_Web_Ftp_Service_State: absent
+# R-254271 WN22-00-000340
+win2022STIG_stigrule_254271_Manage: True
+win2022STIG_stigrule_254271_PNRP_State: absent
+# R-254272 WN22-00-000350
+win2022STIG_stigrule_254272_Manage: True
+win2022STIG_stigrule_254272_Simple_TCPIP_State: absent
+# R-254273 WN22-00-000360
+win2022STIG_stigrule_254273_Manage: True
+win2022STIG_stigrule_254273_Telnet_Client_State: absent
+# R-254275 WN22-00-000380
+win2022STIG_stigrule_254275_Manage: True
+win2022STIG_stigrule_254275_FS_SMB1_State: absent
+# R-254276 WN22-00-000390
+win2022STIG_stigrule_254276_Manage: True
+win2022STIG_stigrule_254276_SMB1_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\'
+win2022STIG_stigrule_254276_SMB1_State: 'Present'
+win2022STIG_stigrule_254276_SMB1_ValueData: '0'
+win2022STIG_stigrule_254276_SMB1_ValueType: 'Dword'
+win2022STIG_stigrule_254276_TFTP_Client_State: absent
+# R-254277 WN22-00-000400
+win2022STIG_stigrule_254277_Manage: True
+win2022STIG_stigrule_254277_Start_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10\'
+win2022STIG_stigrule_254277_Start_State: 'Present'
+win2022STIG_stigrule_254277_Start_ValueData: '4'
+win2022STIG_stigrule_254277_Start_ValueType: 'Dword'
+# R-254278 WN22-00-000410
+win2022STIG_stigrule_254278_Manage: True
+win2022STIG_stigrule_254278_PowerShell_v2_State: absent
+# R-254281 WN22-00-000440
+# Please choose an appropriate DoD time source from http://tycho.usno.navy.mil/ntp.html
+win2022STIG_stigrule_254281_Manage: False
+win2022STIG_stigrule_254281_NtpServer_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
+win2022STIG_stigrule_254281_NtpServer_State: 'Present'
+win2022STIG_stigrule_254281_NtpServer_ValueData: 'your|DoD|time|server|url|here'
+win2022STIG_stigrule_254281_NtpServer_ValueType: 'String'
+win2022STIG_stigrule_254281_Type_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
+win2022STIG_stigrule_254281_Type_State: 'Present'
+win2022STIG_stigrule_254281_Type_ValueData: 'NTP'
+win2022STIG_stigrule_254281_Type_ValueType: 'String'
+win2022STIG_stigrule_254281_CrossSiteSyncFlags_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
+win2022STIG_stigrule_254281_CrossSiteSyncFlags_State: 'Present'
+win2022STIG_stigrule_254281_CrossSiteSyncFlags_ValueData: '2'
+win2022STIG_stigrule_254281_CrossSiteSyncFlags_ValueType: 'Dword'
+win2022STIG_stigrule_254281_EventLogFlags_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
+win2022STIG_stigrule_254281_EventLogFlags_State: 'Present'
+win2022STIG_stigrule_254281_EventLogFlags_ValueData: '0'
+win2022STIG_stigrule_254281_EventLogFlags_ValueType: 'Dword'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_State: 'Present'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_ValueData: '7'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_ValueType: 'Dword'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_State: 'Present'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_ValueData: '15'
+win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_ValueType: 'Dword'
+win2022STIG_stigrule_254281_SpecialPollInterval_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
+win2022STIG_stigrule_254281_SpecialPollInterval_State: 'Present'
+win2022STIG_stigrule_254281_SpecialPollInterval_ValueData: '3600'
+win2022STIG_stigrule_254281_SpecialPollInterval_ValueType: 'Dword'
+# R-254285 WN22-AC-000010
+win2022STIG_stigrule_254285_Manage: False
+win2022STIG_stigrule_254285_Account_lockout_duration_Value: 15
+# R-254286 WN22-AC-000020
+win2022STIG_stigrule_254286_Manage: False
+win2022STIG_stigrule_254286_Account_lockout_threshold_Value: 3
+# R-254287 WN22-AC-000030
+win2022STIG_stigrule_254287_Manage: False
+win2022STIG_stigrule_254287_Reset_account_lockout_counter_after_Value: 15
+# R-254288 WN22-AC-000040
+win2022STIG_stigrule_254288_Manage: True
+win2022STIG_stigrule_254288_Enforce_password_history_Value: 24
+# R-254289 WN22-AC-000050
+win2022STIG_stigrule_254289_Manage: True
+win2022STIG_stigrule_254289_Maximum_Password_Age_Value: 60
+# R-254290 WN22-AC-000060
+win2022STIG_stigrule_254290_Manage: True
+win2022STIG_stigrule_254290_Minimum_Password_Age_Value: 1
+# R-254291 WN22-AC-000070
+win2022STIG_stigrule_254291_Manage: True
+win2022STIG_stigrule_254291_Minimum_Password_Length_Value: 14
+# R-254292 WN22-AC-000080
+win2022STIG_stigrule_254292_Manage: True
+win2022STIG_stigrule_254292_Password_must_meet_complexity_requirements_Value: 1
+# R-254293 WN22-AC-000090
+win2022STIG_stigrule_254293_Manage: True
+win2022STIG_stigrule_254293_Store_passwords_using_reversible_encryption_Value: 0
+# R-254296 WN22-AU-000030
+win2022STIG_stigrule_254296_Manage: True
+# R-254297 WN22-AU-000040
+win2022STIG_stigrule_254297_Manage: True
+# R-254298 WN22-AU-000050
+win2022STIG_stigrule_254298_Manage: True
+# R-254300 WN22-AU-000070
+win2022STIG_stigrule_254300_Manage: True
+win2022STIG_stigrule_254300_Credential_Validation_AuditType: success,failure
+# R-254301 WN22-AU-000080
+win2022STIG_stigrule_254301_Manage: True
+win2022STIG_stigrule_254301_Credential_Validation_AuditType: success,failure
+# R-254302 WN22-AU-000090
+win2022STIG_stigrule_254302_Manage: True
+win2022STIG_stigrule_254302_Other_Account_Management_Events_AuditType: success
+# R-254303 WN22-AU-000100
+win2022STIG_stigrule_254303_Manage: True
+win2022STIG_stigrule_254303_Security_Group_Management_AuditType: success
+# R-254304 WN22-AU-000110
+win2022STIG_stigrule_254304_Manage: True
+win2022STIG_stigrule_254304_User_Account_Management_AuditType: success,failure
+# R-254305 WN22-AU-000120
+win2022STIG_stigrule_254305_Manage: True
+win2022STIG_stigrule_254305_User_Account_Management_AuditType: success,failure
+# R-254306 WN22-AU-000130
+win2022STIG_stigrule_254306_Manage: True
+win2022STIG_stigrule_254306_PNP_Activity_AuditType: success
+# R-254307 WN22-AU-000140
+win2022STIG_stigrule_254307_Manage: True
+win2022STIG_stigrule_254307_Process_Creation_AuditType: success
+# R-254308 WN22-AU-000150
+win2022STIG_stigrule_254308_Manage: True
+win2022STIG_stigrule_254308_Account_Lockout_AuditType: success,failure
+# R-254309 WN22-AU-000160
+win2022STIG_stigrule_254309_Manage: True
+win2022STIG_stigrule_254309_Account_Lockout_AuditType: success,failure
+# R-254310 WN22-AU-000170
+win2022STIG_stigrule_254310_Manage: True
+win2022STIG_stigrule_254310_Group_Membership_AuditType: success
+# R-254311 WN22-AU-000180
+win2022STIG_stigrule_254311_Manage: True
+win2022STIG_stigrule_254311_Logoff_AuditType: success
+# R-254312 WN22-AU-000190
+win2022STIG_stigrule_254312_Manage: True
+win2022STIG_stigrule_254312_Logon_AuditType: success,failure
+# R-254313 WN22-AU-000200
+win2022STIG_stigrule_254313_Manage: True
+win2022STIG_stigrule_254313_Logon_AuditType: success,failure
+# R-254314 WN22-AU-000210
+win2022STIG_stigrule_254314_Manage: True
+win2022STIG_stigrule_254314_Special_Logon_AuditType: success
+# R-254315 WN22-AU-000220
+win2022STIG_stigrule_254315_Manage: True
+win2022STIG_stigrule_254315_Other_Object_Access_Events_AuditType: success,failure
+# R-254316 WN22-AU-000230
+win2022STIG_stigrule_254316_Manage: True
+win2022STIG_stigrule_254316_Other_Object_Access_Events_AuditType: success,failure
+# R-254317 WN22-AU-000240
+win2022STIG_stigrule_254317_Manage: True
+win2022STIG_stigrule_254317_Removable_Storage_AuditType: success,failure
+# R-254318 WN22-AU-000250
+win2022STIG_stigrule_254318_Manage: True
+win2022STIG_stigrule_254318_Removable_Storage_AuditType: success,failure
+# R-254319 WN22-AU-000260
+win2022STIG_stigrule_254319_Manage: True
+win2022STIG_stigrule_254319_Policy_Change_AuditType: success,failure
+# R-254320 WN22-AU-000270
+win2022STIG_stigrule_254320_Manage: True
+win2022STIG_stigrule_254320_Policy_Change_AuditType: success,failure
+# R-254321 WN22-AU-000280
+win2022STIG_stigrule_254321_Manage: True
+win2022STIG_stigrule_254321_Authentication_Policy_Change_AuditType: success
+# R-254322 WN22-AU-000290
+win2022STIG_stigrule_254322_Manage: True
+win2022STIG_stigrule_254322_Authorization_Policy_Change_AuditType: success
+# R-254323 WN22-AU-000300
+win2022STIG_stigrule_254323_Manage: True
+win2022STIG_stigrule_254323_Sensitive_Privilege_Use_AuditType: success,failure
+# R-254324 WN22-AU-000310
+win2022STIG_stigrule_254324_Manage: True
+win2022STIG_stigrule_254324_Sensitive_Privilege_Use_AuditType: success,failure
+# R-254325 WN22-AU-000320
+win2022STIG_stigrule_254325_Manage: True
+win2022STIG_stigrule_254325_IPsec_Driver_AuditType: success,failure
+# R-254326 WN22-AU-000330
+win2022STIG_stigrule_254326_Manage: True
+win2022STIG_stigrule_254326_IPsec_Driver_AuditType: success,failure
+# R-254327 WN22-AU-000340
+win2022STIG_stigrule_254327_Manage: True
+win2022STIG_stigrule_254327_Other_System_Events_AuditType: success,failure
+# R-254328 WN22-AU-000350
+win2022STIG_stigrule_254328_Manage: True
+win2022STIG_stigrule_254328_Other_System_Events_AuditType: success,failure
+# R-254329 WN22-AU-000360
+win2022STIG_stigrule_254329_Manage: True
+win2022STIG_stigrule_254329_Security_State_Change_AuditType: success
+# R-254330 WN22-AU-000370
+win2022STIG_stigrule_254330_Manage: True
+win2022STIG_stigrule_254330_Security_System_Extension_AuditType: success
+# R-254331 WN22-AU-000380
+win2022STIG_stigrule_254331_Manage: True
+win2022STIG_stigrule_254331_System_Integrity_AuditType: success,failure
+# R-254332 WN22-AU-000390
+win2022STIG_stigrule_254332_Manage: True
+win2022STIG_stigrule_254332_System_Integrity_AuditType: success,failure
+# R-254333 WN22-CC-000010
+win2022STIG_stigrule_254333_Manage: True
+win2022STIG_stigrule_254333_NoLockScreenSlideshow_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization\'
+win2022STIG_stigrule_254333_NoLockScreenSlideshow_State: 'Present'
+win2022STIG_stigrule_254333_NoLockScreenSlideshow_ValueData: '1'
+win2022STIG_stigrule_254333_NoLockScreenSlideshow_ValueType: 'Dword'
+# R-254334 WN22-CC-000020
+win2022STIG_stigrule_254334_Manage: True
+win2022STIG_stigrule_254334_UseLogonCredential_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\'
+win2022STIG_stigrule_254334_UseLogonCredential_State: 'Present'
+win2022STIG_stigrule_254334_UseLogonCredential_ValueData: '0'
+win2022STIG_stigrule_254334_UseLogonCredential_ValueType: 'Dword'
+# R-254335 WN22-CC-000030
+win2022STIG_stigrule_254335_Manage: True
+win2022STIG_stigrule_254335_DisableIPSourceRouting_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\'
+win2022STIG_stigrule_254335_DisableIPSourceRouting_State: 'Present'
+win2022STIG_stigrule_254335_DisableIPSourceRouting_ValueData: '2'
+win2022STIG_stigrule_254335_DisableIPSourceRouting_ValueType: 'Dword'
+# R-254336 WN22-CC-000040
+win2022STIG_stigrule_254336_Manage: True
+win2022STIG_stigrule_254336_DisableIPSourceRouting_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\'
+win2022STIG_stigrule_254336_DisableIPSourceRouting_State: 'Present'
+win2022STIG_stigrule_254336_DisableIPSourceRouting_ValueData: '2'
+win2022STIG_stigrule_254336_DisableIPSourceRouting_ValueType: 'Dword'
+# R-254337 WN22-CC-000050
+win2022STIG_stigrule_254337_Manage: True
+win2022STIG_stigrule_254337_EnableICMPRedirect_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\'
+win2022STIG_stigrule_254337_EnableICMPRedirect_State: 'Present'
+win2022STIG_stigrule_254337_EnableICMPRedirect_ValueData: '0'
+win2022STIG_stigrule_254337_EnableICMPRedirect_ValueType: 'Dword'
+# R-254338 WN22-CC-000060
+win2022STIG_stigrule_254338_Manage: True
+win2022STIG_stigrule_254338_NoNameReleaseOnDemand_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\'
+win2022STIG_stigrule_254338_NoNameReleaseOnDemand_State: 'Present'
+win2022STIG_stigrule_254338_NoNameReleaseOnDemand_ValueData: '1'
+win2022STIG_stigrule_254338_NoNameReleaseOnDemand_ValueType: 'Dword'
+# R-254339 WN22-CC-000070
+win2022STIG_stigrule_254339_Manage: True
+win2022STIG_stigrule_254339_AllowInsecureGuestAuth_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\'
+win2022STIG_stigrule_254339_AllowInsecureGuestAuth_State: 'Present'
+win2022STIG_stigrule_254339_AllowInsecureGuestAuth_ValueData: '0'
+win2022STIG_stigrule_254339_AllowInsecureGuestAuth_ValueType: 'Dword'
+# R-254340 WN22-CC-000080
+win2022STIG_stigrule_254340_Manage: True
+win2022STIG_stigrule_254340_____NETLOGON_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\'
+win2022STIG_stigrule_254340_____NETLOGON_State: 'Present'
+win2022STIG_stigrule_254340_____NETLOGON_ValueData: 'RequireMutualAuthentication=1, RequireIntegrity=1'
+win2022STIG_stigrule_254340_____NETLOGON_ValueType: 'String'
+win2022STIG_stigrule_254340_____SYSVOL_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\'
+win2022STIG_stigrule_254340_____SYSVOL_State: 'Present'
+win2022STIG_stigrule_254340_____SYSVOL_ValueData: 'RequireMutualAuthentication=1, RequireIntegrity=1'
+win2022STIG_stigrule_254340_____SYSVOL_ValueType: 'String'
+# R-254341 WN22-CC-000090
+win2022STIG_stigrule_254341_Manage: True
+win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit\'
+win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_State: 'Present'
+win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_ValueData: '1'
+win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_ValueType: 'Dword'
+# R-254342 WN22-CC-000100
+win2022STIG_stigrule_254342_Manage: True
+win2022STIG_stigrule_254342_AllowProtectedCreds_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\'
+win2022STIG_stigrule_254342_AllowProtectedCreds_State: 'Present'
+win2022STIG_stigrule_254342_AllowProtectedCreds_ValueData: '1'
+win2022STIG_stigrule_254342_AllowProtectedCreds_ValueType: 'Dword'
+# R-254343 WN22-CC-000110
+# Please ensure the hardware requirements are met. See https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
+win2022STIG_stigrule_254343_Manage: False
+win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\'
+win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_State: 'Present'
+win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_ValueData: '1'
+win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_ValueType: 'Dword'
+win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\'
+win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_State: 'Present'
+win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_ValueData: '1'
+win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_ValueType: 'Dword'
+# R-254344 WN22-CC-000130
+win2022STIG_stigrule_254344_Manage: True
+win2022STIG_stigrule_254344_DriverLoadPolicy_Key: 'HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\'
+win2022STIG_stigrule_254344_DriverLoadPolicy_State: 'Present'
+win2022STIG_stigrule_254344_DriverLoadPolicy_ValueData: '1'
+win2022STIG_stigrule_254344_DriverLoadPolicy_ValueType: 'Dword'
+# R-254345 WN22-CC-000140
+win2022STIG_stigrule_254345_Manage: True
+win2022STIG_stigrule_254345_NoGPOListChanges_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\'
+win2022STIG_stigrule_254345_NoGPOListChanges_State: 'Present'
+win2022STIG_stigrule_254345_NoGPOListChanges_ValueData: '0'
+win2022STIG_stigrule_254345_NoGPOListChanges_ValueType: 'Dword'
+# R-254346 WN22-CC-000150
+win2022STIG_stigrule_254346_Manage: True
+win2022STIG_stigrule_254346_DisableWebPnPDownload_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\'
+win2022STIG_stigrule_254346_DisableWebPnPDownload_State: 'Present'
+win2022STIG_stigrule_254346_DisableWebPnPDownload_ValueData: '1'
+win2022STIG_stigrule_254346_DisableWebPnPDownload_ValueType: 'Dword'
+# R-254347 WN22-CC-000160
+win2022STIG_stigrule_254347_Manage: True
+win2022STIG_stigrule_254347_DisableHTTPPrinting_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\'
+win2022STIG_stigrule_254347_DisableHTTPPrinting_State: 'Present'
+win2022STIG_stigrule_254347_DisableHTTPPrinting_ValueData: '1'
+win2022STIG_stigrule_254347_DisableHTTPPrinting_ValueType: 'Dword'
+# R-254348 WN22-CC-000170
+win2022STIG_stigrule_254348_Manage: True
+win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\'
+win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_State: 'Present'
+win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_ValueData: '1'
+win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_ValueType: 'Dword'
+# R-254349 WN22-CC-000180
+win2022STIG_stigrule_254349_Manage: True
+win2022STIG_stigrule_254349_DCSettingIndex_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\'
+win2022STIG_stigrule_254349_DCSettingIndex_State: 'Present'
+win2022STIG_stigrule_254349_DCSettingIndex_ValueData: '1'
+win2022STIG_stigrule_254349_DCSettingIndex_ValueType: 'Dword'
+# R-254350 WN22-CC-000190
+win2022STIG_stigrule_254350_Manage: True
+win2022STIG_stigrule_254350_ACSettingIndex_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\'
+win2022STIG_stigrule_254350_ACSettingIndex_State: 'Present'
+win2022STIG_stigrule_254350_ACSettingIndex_ValueData: '1'
+win2022STIG_stigrule_254350_ACSettingIndex_ValueType: 'Dword'
+# R-254351 WN22-CC-000200
+win2022STIG_stigrule_254351_Manage: True
+win2022STIG_stigrule_254351_DisableInventory_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\'
+win2022STIG_stigrule_254351_DisableInventory_State: 'Present'
+win2022STIG_stigrule_254351_DisableInventory_ValueData: '1'
+win2022STIG_stigrule_254351_DisableInventory_ValueType: 'Dword'
+# R-254352 WN22-CC-000210
+win2022STIG_stigrule_254352_Manage: True
+win2022STIG_stigrule_254352_NoAutoplayfornonVolume_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\'
+win2022STIG_stigrule_254352_NoAutoplayfornonVolume_State: 'Present'
+win2022STIG_stigrule_254352_NoAutoplayfornonVolume_ValueData: '1'
+win2022STIG_stigrule_254352_NoAutoplayfornonVolume_ValueType: 'Dword'
+# R-254353 WN22-CC-000220
+win2022STIG_stigrule_254353_Manage: True
+win2022STIG_stigrule_254353_NoAutorun_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\'
+win2022STIG_stigrule_254353_NoAutorun_State: 'Present'
+win2022STIG_stigrule_254353_NoAutorun_ValueData: '1'
+win2022STIG_stigrule_254353_NoAutorun_ValueType: 'Dword'
+# R-254354 WN22-CC-000230
+win2022STIG_stigrule_254354_Manage: True
+win2022STIG_stigrule_254354_NoDriveTypeAutoRun_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\'
+win2022STIG_stigrule_254354_NoDriveTypeAutoRun_State: 'Present'
+win2022STIG_stigrule_254354_NoDriveTypeAutoRun_ValueData: '255'
+win2022STIG_stigrule_254354_NoDriveTypeAutoRun_ValueType: 'Dword'
+# R-254355 WN22-CC-000240
+win2022STIG_stigrule_254355_Manage: True
+win2022STIG_stigrule_254355_EnumerateAdministrators_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI\'
+win2022STIG_stigrule_254355_EnumerateAdministrators_State: 'Present'
+win2022STIG_stigrule_254355_EnumerateAdministrators_ValueData: '0'
+win2022STIG_stigrule_254355_EnumerateAdministrators_ValueType: 'Dword'
+# R-254356 WN22-CC-000250
+win2022STIG_stigrule_254356_Manage: True
+win2022STIG_stigrule_254356_AllowTelemetry_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\'
+win2022STIG_stigrule_254356_AllowTelemetry_State: 'Present'
+win2022STIG_stigrule_254356_AllowTelemetry_ValueData: '1'
+win2022STIG_stigrule_254356_AllowTelemetry_ValueType: 'Dword'
+# R-254357 WN22-CC-000260
+win2022STIG_stigrule_254357_Manage: True
+win2022STIG_stigrule_254357_DODownloadMode_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\'
+win2022STIG_stigrule_254357_DODownloadMode_State: 'Present'
+win2022STIG_stigrule_254357_DODownloadMode_ValueData: '100'
+win2022STIG_stigrule_254357_DODownloadMode_ValueType: 'Dword'
+# R-254358 WN22-CC-000270
+win2022STIG_stigrule_254358_Manage: True
+win2022STIG_stigrule_254358_MaxSize_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\'
+win2022STIG_stigrule_254358_MaxSize_State: 'Present'
+win2022STIG_stigrule_254358_MaxSize_ValueData: '32768'
+win2022STIG_stigrule_254358_MaxSize_ValueType: 'Dword'
+# R-254359 WN22-CC-000280
+win2022STIG_stigrule_254359_Manage: True
+win2022STIG_stigrule_254359_MaxSize_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\'
+win2022STIG_stigrule_254359_MaxSize_State: 'Present'
+win2022STIG_stigrule_254359_MaxSize_ValueData: '196608'
+win2022STIG_stigrule_254359_MaxSize_ValueType: 'Dword'
+# R-254360 WN22-CC-000290
+win2022STIG_stigrule_254360_Manage: True
+win2022STIG_stigrule_254360_MaxSize_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\System\'
+win2022STIG_stigrule_254360_MaxSize_State: 'Present'
+win2022STIG_stigrule_254360_MaxSize_ValueData: '32768'
+win2022STIG_stigrule_254360_MaxSize_ValueType: 'Dword'
+# R-254361 WN22-CC-000300
+win2022STIG_stigrule_254361_Manage: True
+win2022STIG_stigrule_254361_EnableSmartScreen_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\'
+win2022STIG_stigrule_254361_EnableSmartScreen_State: 'Present'
+win2022STIG_stigrule_254361_EnableSmartScreen_ValueData: '1'
+win2022STIG_stigrule_254361_EnableSmartScreen_ValueType: 'Dword'
+# R-254362 WN22-CC-000310
+win2022STIG_stigrule_254362_Manage: True
+win2022STIG_stigrule_254362_NoDataExecutionPrevention_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\'
+win2022STIG_stigrule_254362_NoDataExecutionPrevention_State: 'Present'
+win2022STIG_stigrule_254362_NoDataExecutionPrevention_ValueData: '0'
+win2022STIG_stigrule_254362_NoDataExecutionPrevention_ValueType: 'Dword'
+# R-254363 WN22-CC-000320
+win2022STIG_stigrule_254363_Manage: True
+win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\'
+win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_State: 'Present'
+win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_ValueData: '0'
+win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_ValueType: 'Dword'
+# R-254364 WN22-CC-000330
+win2022STIG_stigrule_254364_Manage: True
+win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\'
+win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_State: 'Present'
+win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_ValueData: '0'
+win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_ValueType: 'Dword'
+# R-254365 WN22-CC-000340
+win2022STIG_stigrule_254365_Manage: True
+win2022STIG_stigrule_254365_DisablePasswordSaving_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
+win2022STIG_stigrule_254365_DisablePasswordSaving_State: 'Present'
+win2022STIG_stigrule_254365_DisablePasswordSaving_ValueData: '1'
+win2022STIG_stigrule_254365_DisablePasswordSaving_ValueType: 'Dword'
+# R-254366 WN22-CC-000350
+win2022STIG_stigrule_254366_Manage: True
+win2022STIG_stigrule_254366_fDisableCdm_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
+win2022STIG_stigrule_254366_fDisableCdm_State: 'Present'
+win2022STIG_stigrule_254366_fDisableCdm_ValueData: '1'
+win2022STIG_stigrule_254366_fDisableCdm_ValueType: 'Dword'
+# R-254367 WN22-CC-000360
+win2022STIG_stigrule_254367_Manage: True
+win2022STIG_stigrule_254367_fPromptForPassword_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
+win2022STIG_stigrule_254367_fPromptForPassword_State: 'Present'
+win2022STIG_stigrule_254367_fPromptForPassword_ValueData: '1'
+win2022STIG_stigrule_254367_fPromptForPassword_ValueType: 'Dword'
+# R-254368 WN22-CC-000370
+win2022STIG_stigrule_254368_Manage: True
+win2022STIG_stigrule_254368_fEncryptRPCTraffic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
+win2022STIG_stigrule_254368_fEncryptRPCTraffic_State: 'Present'
+win2022STIG_stigrule_254368_fEncryptRPCTraffic_ValueData: '1'
+win2022STIG_stigrule_254368_fEncryptRPCTraffic_ValueType: 'Dword'
+# R-254369 WN22-CC-000380
+win2022STIG_stigrule_254369_Manage: True
+win2022STIG_stigrule_254369_MinEncryptionLevel_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
+win2022STIG_stigrule_254369_MinEncryptionLevel_State: 'Present'
+win2022STIG_stigrule_254369_MinEncryptionLevel_ValueData: '3'
+win2022STIG_stigrule_254369_MinEncryptionLevel_ValueType: 'Dword'
+# R-254370 WN22-CC-000390
+win2022STIG_stigrule_254370_Manage: True
+win2022STIG_stigrule_254370_DisableEnclosureDownload_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\'
+win2022STIG_stigrule_254370_DisableEnclosureDownload_State: 'Present'
+win2022STIG_stigrule_254370_DisableEnclosureDownload_ValueData: '1'
+win2022STIG_stigrule_254370_DisableEnclosureDownload_ValueType: 'Dword'
+# R-254371 WN22-CC-000400
+win2022STIG_stigrule_254371_Manage: True
+win2022STIG_stigrule_254371_AllowBasicAuthInClear_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\'
+win2022STIG_stigrule_254371_AllowBasicAuthInClear_State: 'Present'
+win2022STIG_stigrule_254371_AllowBasicAuthInClear_ValueData: '0'
+win2022STIG_stigrule_254371_AllowBasicAuthInClear_ValueType: 'Dword'
+# R-254372 WN22-CC-000410
+win2022STIG_stigrule_254372_Manage: True
+win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\'
+win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_State: 'Present'
+win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_ValueData: '0'
+win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_ValueType: 'Dword'
+# R-254373 WN22-CC-000420
+win2022STIG_stigrule_254373_Manage: True
+win2022STIG_stigrule_254373_EnableUserControl_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\'
+win2022STIG_stigrule_254373_EnableUserControl_State: 'Present'
+win2022STIG_stigrule_254373_EnableUserControl_ValueData: '0'
+win2022STIG_stigrule_254373_EnableUserControl_ValueType: 'Dword'
+# R-254374 WN22-CC-000430
+win2022STIG_stigrule_254374_Manage: True
+win2022STIG_stigrule_254374_AlwaysInstallElevated_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\'
+win2022STIG_stigrule_254374_AlwaysInstallElevated_State: 'Present'
+win2022STIG_stigrule_254374_AlwaysInstallElevated_ValueData: '0'
+win2022STIG_stigrule_254374_AlwaysInstallElevated_ValueType: 'Dword'
+# R-254375 WN22-CC-000440
+win2022STIG_stigrule_254375_Manage: True
+win2022STIG_stigrule_254375_SafeForScripting_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\'
+win2022STIG_stigrule_254375_SafeForScripting_State: 'Present'
+win2022STIG_stigrule_254375_SafeForScripting_ValueData: '0'
+win2022STIG_stigrule_254375_SafeForScripting_ValueType: 'Dword'
+# R-254376 WN22-CC-000450
+win2022STIG_stigrule_254376_Manage: True
+win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_State: 'Present'
+win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_ValueData: '1'
+win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_ValueType: 'Dword'
+# R-254378 WN22-CC-000470
+win2022STIG_stigrule_254378_Manage: True
+win2022STIG_stigrule_254378_EnableScriptBlockLogging_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\'
+win2022STIG_stigrule_254378_EnableScriptBlockLogging_State: 'Present'
+win2022STIG_stigrule_254378_EnableScriptBlockLogging_ValueData: '1'
+win2022STIG_stigrule_254378_EnableScriptBlockLogging_ValueType: 'Dword'
+# R-254379 WN22-CC-000480
+win2022STIG_stigrule_254379_Manage: True
+win2022STIG_stigrule_254379_AllowBasic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\'
+win2022STIG_stigrule_254379_AllowBasic_State: 'Present'
+win2022STIG_stigrule_254379_AllowBasic_ValueData: '0'
+win2022STIG_stigrule_254379_AllowBasic_ValueType: 'Dword'
+# R-254380 WN22-CC-000490
+win2022STIG_stigrule_254380_Manage: True
+win2022STIG_stigrule_254380_AllowUnencryptedTraffic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\'
+win2022STIG_stigrule_254380_AllowUnencryptedTraffic_State: 'Present'
+win2022STIG_stigrule_254380_AllowUnencryptedTraffic_ValueData: '0'
+win2022STIG_stigrule_254380_AllowUnencryptedTraffic_ValueType: 'Dword'
+# R-254381 WN22-CC-000500
+win2022STIG_stigrule_254381_Manage: True
+win2022STIG_stigrule_254381_AllowDigest_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\'
+win2022STIG_stigrule_254381_AllowDigest_State: 'Present'
+win2022STIG_stigrule_254381_AllowDigest_ValueData: '0'
+win2022STIG_stigrule_254381_AllowDigest_ValueType: 'Dword'
+# R-254382 WN22-CC-000510
+win2022STIG_stigrule_254382_Manage: True
+win2022STIG_stigrule_254382_AllowBasic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\'
+win2022STIG_stigrule_254382_AllowBasic_State: 'Present'
+win2022STIG_stigrule_254382_AllowBasic_ValueData: '0'
+win2022STIG_stigrule_254382_AllowBasic_ValueType: 'Dword'
+# R-254383 WN22-CC-000520
+win2022STIG_stigrule_254383_Manage: True
+win2022STIG_stigrule_254383_AllowUnencryptedTraffic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\'
+win2022STIG_stigrule_254383_AllowUnencryptedTraffic_State: 'Present'
+win2022STIG_stigrule_254383_AllowUnencryptedTraffic_ValueData: '0'
+win2022STIG_stigrule_254383_AllowUnencryptedTraffic_ValueType: 'Dword'
+# R-254384 WN22-CC-000530
+win2022STIG_stigrule_254384_Manage: True
+win2022STIG_stigrule_254384_DisableRunAs_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\'
+win2022STIG_stigrule_254384_DisableRunAs_State: 'Present'
+win2022STIG_stigrule_254384_DisableRunAs_ValueData: '1'
+win2022STIG_stigrule_254384_DisableRunAs_ValueType: 'Dword'
+# R-254407 WN22-DC-000230
+win2022STIG_stigrule_254407_Manage: True
+win2022STIG_stigrule_254407_Computer_Account_Management_AuditType: success
+# R-254408 WN22-DC-000240
+win2022STIG_stigrule_254408_Manage: True
+win2022STIG_stigrule_254408_Directory_Service_Access_AuditType: success,failure
+# R-254409 WN22-DC-000250
+win2022STIG_stigrule_254409_Manage: True
+win2022STIG_stigrule_254409_Directory_Service_Access_AuditType: success,failure
+# R-254410 WN22-DC-000260
+win2022STIG_stigrule_254410_Manage: True
+win2022STIG_stigrule_254410_Directory_Service_Changes_AuditType: success,failure
+# R-254411 WN22-DC-000270
+win2022STIG_stigrule_254411_Manage: True
+win2022STIG_stigrule_254411_Directory_Service_Changes_AuditType: success,failure
+# R-254416 WN22-DC-000320
+win2022STIG_stigrule_254416_Manage: True
+win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\'
+win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_State: 'Present'
+win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_ValueData: '2'
+win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_ValueType: 'Dword'
+# R-254417 WN22-DC-000330
+win2022STIG_stigrule_254417_Manage: True
+win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_State: 'Present'
+win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_ValueData: '0'
+win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_ValueType: 'Dword'
+# R-254418 WN22-DC-000340
+win2022STIG_stigrule_254418_Manage: False
+win2022STIG_stigrule_254418_SeNetworkLogonRight_Users: ['Administrators','Authenticated Users','Enterprise Domain Controllers']
+# R-254419 WN22-DC-000350
+win2022STIG_stigrule_254419_Manage: True
+win2022STIG_stigrule_254419_SeMachineAccountPrivilege_Users: ['Administrators']
+# R-254420 WN22-DC-000360
+win2022STIG_stigrule_254420_Manage: True
+win2022STIG_stigrule_254420_SeRemoteInteractiveLogonRight_Users: ['Administrators']
+# R-254421 WN22-DC-000370
+win2022STIG_stigrule_254421_Manage: False
+win2022STIG_stigrule_254421_SeDenyNetworkLogonRight_Users: ['Guests']
+# R-254422 WN22-DC-000380
+win2022STIG_stigrule_254422_Manage: False
+win2022STIG_stigrule_254422_SeDenyBatchLogonRight_Users: ['Guests']
+# R-254423 WN22-DC-000390
+win2022STIG_stigrule_254423_Manage: False
+win2022STIG_stigrule_254423_SeDenyServiceLogonRight_Users: []
+# R-254424 WN22-DC-000400
+win2022STIG_stigrule_254424_Manage: False
+win2022STIG_stigrule_254424_SeDenyInteractiveLogonRight_Users: ['Guests']
+# R-254425 WN22-DC-000410
+win2022STIG_stigrule_254425_Manage: False
+win2022STIG_stigrule_254425_SeDenyRemoteInteractiveLogonRight_Users: ['Guests']
+# R-254426 WN22-DC-000420
+win2022STIG_stigrule_254426_Manage: False
+win2022STIG_stigrule_254426_SeEnableDelegationPrivilege_Users: ['Administrators']
+# R-254429 WN22-MS-000020
+win2022STIG_stigrule_254429_Manage: False
+win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
+win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_State: 'Present'
+win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_ValueData: '0'
+win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_ValueType: 'Dword'
+# R-254430 WN22-MS-000030
+win2022STIG_stigrule_254430_Manage: True
+win2022STIG_stigrule_254430_EnumerateLocalUsers_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\'
+win2022STIG_stigrule_254430_EnumerateLocalUsers_State: 'Present'
+win2022STIG_stigrule_254430_EnumerateLocalUsers_ValueData: '0'
+win2022STIG_stigrule_254430_EnumerateLocalUsers_ValueType: 'Dword'
+# R-254431 WN22-MS-000040
+win2022STIG_stigrule_254431_Manage: True
+win2022STIG_stigrule_254431_RestrictRemoteClients_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\'
+win2022STIG_stigrule_254431_RestrictRemoteClients_State: 'Present'
+win2022STIG_stigrule_254431_RestrictRemoteClients_ValueData: '1'
+win2022STIG_stigrule_254431_RestrictRemoteClients_ValueType: 'Dword'
+# R-254432 WN22-MS-000050
+win2022STIG_stigrule_254432_Manage: True
+win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_Key: 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\'
+win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_State: 'Present'
+win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_ValueData: '4'
+win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_ValueType: 'string'
+# R-254434 WN22-MS-000070
+win2022STIG_stigrule_254434_Manage: False
+win2022STIG_stigrule_254434_SeNetworkLogonRight_Users: ['Administrators','Authenticated Users']
+# R-254436 WN22-MS-000090
+win2022STIG_stigrule_254436_Manage: False
+win2022STIG_stigrule_254436_SeDenyBatchLogonRight_Users: ['Enterprise Admins','Domain Admins','Guests']
+# R-254437 WN22-MS-000100
+win2022STIG_stigrule_254437_Manage: False
+win2022STIG_stigrule_254437_SeDenyServiceLogonRight_Users: ['Enterprise Admins','Domain Admins']
+# R-254438 WN22-MS-000110
+win2022STIG_stigrule_254438_Manage: False
+win2022STIG_stigrule_254438_SeDenyInteractiveLogonRight_Users: ['Enterprise Admins','Domain Admins','Guests']
+# R-254440 WN22-MS-000130
+win2022STIG_stigrule_254440_Manage: False
+win2022STIG_stigrule_254440_SeEnableDelegationPrivilege_Users: []
+# R-254441 WN22-MS-000140
+# Please ensure the hardware requirements are met. See https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
+win2022STIG_stigrule_254441_Manage: False
+win2022STIG_stigrule_254441_LsaCfgFlags_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\'
+win2022STIG_stigrule_254441_LsaCfgFlags_State: 'Present'
+win2022STIG_stigrule_254441_LsaCfgFlags_ValueData: '1'
+win2022STIG_stigrule_254441_LsaCfgFlags_ValueType: 'Dword'
+# R-254445 WN22-SO-000010
+win2022STIG_stigrule_254445_Manage: True
+win2022STIG_stigrule_254445_Accounts_Guest_account_status_ValueData: '0'
+# R-254446 WN22-SO-000020
+win2022STIG_stigrule_254446_Manage: True
+win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
+win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_State: 'Present'
+win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_ValueData: '1'
+win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_ValueType: 'Dword'
+# R-254448 WN22-SO-000040
+win2022STIG_stigrule_254448_Manage: False
+win2022STIG_stigrule_254448_Accounts_Rename_guest_account_ValueData: 'RenamedGuest'
+# R-254449 WN22-SO-000050
+win2022STIG_stigrule_254449_Manage: True
+win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
+win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_State: 'Present'
+win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_ValueData: '1'
+win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_ValueType: 'Dword'
+# R-254450 WN22-SO-000060
+win2022STIG_stigrule_254450_Manage: True
+win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_State: 'Present'
+win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_ValueData: '1'
+win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_ValueType: 'Dword'
+# R-254451 WN22-SO-000070
+win2022STIG_stigrule_254451_Manage: True
+win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_State: 'Present'
+win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_ValueData: '1'
+win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_ValueType: 'Dword'
+# R-254452 WN22-SO-000080
+win2022STIG_stigrule_254452_Manage: True
+win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_State: 'Present'
+win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_ValueData: '1'
+win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_ValueType: 'Dword'
+# R-254453 WN22-SO-000090
+win2022STIG_stigrule_254453_Manage: True
+win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_State: 'Present'
+win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_ValueData: '0'
+win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_ValueType: 'Dword'
+# R-254454 WN22-SO-000100
+win2022STIG_stigrule_254454_Manage: True
+win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_State: 'Present'
+win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_ValueData: '30'
+win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_ValueType: 'Dword'
+# R-254455 WN22-SO-000110
+win2022STIG_stigrule_254455_Manage: True
+win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
+win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_State: 'Present'
+win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_ValueData: '1'
+win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_ValueType: 'Dword'
+# R-254456 WN22-SO-000120
+win2022STIG_stigrule_254456_Manage: True
+win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_State: 'Present'
+win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_ValueData: '900'
+win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_ValueType: 'Dword'
+# R-254457 WN22-SO-000130
+win2022STIG_stigrule_254457_Manage: True
+win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_State: 'Present'
+win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_ValueData: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+-At any time, the USG may inspect and seize data stored on this IS.
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
+win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_ValueType: 'string'
+# R-254458 WN22-SO-000140
+win2022STIG_stigrule_254458_Manage: True
+win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_State: 'Present'
+win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_ValueData: 'DoD Notice and Consent Banner'
+win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_ValueType: 'string'
+# R-254459 WN22-SO-000150
+win2022STIG_stigrule_254459_Manage: True
+win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_Key: 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\'
+win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_State: 'Present'
+win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_ValueData: '1'
+win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_ValueType: 'string'
+# R-254460 WN22-SO-000160
+win2022STIG_stigrule_254460_Manage: True
+win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
+win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_State: 'Present'
+win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_ValueData: '1'
+win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_ValueType: 'Dword'
+# R-254461 WN22-SO-000170
+win2022STIG_stigrule_254461_Manage: True
+win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
+win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_State: 'Present'
+win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_ValueData: '1'
+win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_ValueType: 'Dword'
+# R-254462 WN22-SO-000180
+win2022STIG_stigrule_254462_Manage: True
+win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
+win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_State: 'Present'
+win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_ValueData: '0'
+win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_ValueType: 'Dword'
+# R-254463 WN22-SO-000190
+win2022STIG_stigrule_254463_Manage: True
+win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
+win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_State: 'Present'
+win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_ValueData: '1'
+win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_ValueType: 'Dword'
+# R-254464 WN22-SO-000200
+win2022STIG_stigrule_254464_Manage: True
+win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
+win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_State: 'Present'
+win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_ValueData: '1'
+win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_ValueType: 'Dword'
+# R-254465 WN22-SO-000210
+win2022STIG_stigrule_254465_Manage: False
+win2022STIG_stigrule_254465_Network_access_Allow_anonymous_SID_Name_translation_ValueData: '0'
+# R-254466 WN22-SO-000220
+win2022STIG_stigrule_254466_Manage: True
+win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
+win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_State: 'Present'
+win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_ValueData: '1'
+win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_ValueType: 'Dword'
+# R-254467 WN22-SO-000230
+win2022STIG_stigrule_254467_Manage: True
+win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
+win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_State: 'Present'
+win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_ValueData: '1'
+win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_ValueType: 'Dword'
+# R-254468 WN22-SO-000240
+win2022STIG_stigrule_254468_Manage: True
+win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
+win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_State: 'Present'
+win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_ValueData: '0'
+win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_ValueType: 'Dword'
+# R-254469 WN22-SO-000250
+win2022STIG_stigrule_254469_Manage: True
+win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\'
+win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_State: 'Present'
+win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_ValueData: '1'
+win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_ValueType: 'Dword'
+# R-254470 WN22-SO-000260
+win2022STIG_stigrule_254470_Manage: True
+win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\'
+win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_State: 'Present'
+win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_ValueData: '1'
+win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_ValueType: 'Dword'
+# R-254471 WN22-SO-000270
+win2022STIG_stigrule_254471_Manage: True
+win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0\'
+win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_State: 'Present'
+win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_ValueData: '0'
+win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_ValueType: 'Dword'
+# R-254472 WN22-SO-000280
+win2022STIG_stigrule_254472_Manage: True
+win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\pku2u\'
+win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_State: 'Present'
+win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_ValueData: '0'
+win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_ValueType: 'Dword'
+# R-254474 WN22-SO-000300
+win2022STIG_stigrule_254474_Manage: True
+win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\'
+win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_State: 'Present'
+win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_ValueData: '1'
+win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_ValueType: 'Dword'
+# R-254475 WN22-SO-000310
+win2022STIG_stigrule_254475_Manage: True
+win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\'
+win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_State: 'Present'
+win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_ValueData: '5'
+win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_ValueType: 'Dword'
+# R-254476 WN22-SO-000320
+win2022STIG_stigrule_254476_Manage: True
+win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LDAP\'
+win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_State: 'Present'
+win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_ValueData: '1'
+win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_ValueType: 'Dword'
+# R-254477 WN22-SO-000330
+win2022STIG_stigrule_254477_Manage: True
+win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\'
+win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_State: 'Present'
+win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_ValueData: '537395200'
+win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_ValueType: 'Dword'
+# R-254478 WN22-SO-000340
+win2022STIG_stigrule_254478_Manage: True
+win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\'
+win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_State: 'Present'
+win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_ValueData: '537395200'
+win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_ValueType: 'Dword'
+# R-254479 WN22-SO-000350
+win2022STIG_stigrule_254479_Manage: True
+win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\'
+win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_State: 'Present'
+win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_ValueData: '2'
+win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_ValueType: 'Dword'
+# R-254480 WN22-SO-000360
+win2022STIG_stigrule_254480_Manage: True
+win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\'
+win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_State: 'Present'
+win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_ValueData: '1'
+win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_ValueType: 'Dword'
+# R-254481 WN22-SO-000370
+win2022STIG_stigrule_254481_Manage: True
+win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\'
+win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_State: 'Present'
+win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_ValueData: '1'
+win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_ValueType: 'Dword'
+# R-254482 WN22-SO-000380
+win2022STIG_stigrule_254482_Manage: True
+win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_State: 'Present'
+win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_ValueData: '1'
+win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_ValueType: 'Dword'
+# R-254483 WN22-SO-000390
+win2022STIG_stigrule_254483_Manage: True
+win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_State: 'Present'
+win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_ValueData: '0'
+win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_ValueType: 'Dword'
+# R-254484 WN22-SO-000400
+win2022STIG_stigrule_254484_Manage: True
+win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_State: 'Present'
+win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_ValueData: '2'
+win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_ValueType: 'Dword'
+# R-254485 WN22-SO-000410
+win2022STIG_stigrule_254485_Manage: True
+win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_State: 'Present'
+win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_ValueData: '0'
+win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_ValueType: 'Dword'
+# R-254486 WN22-SO-000420
+win2022STIG_stigrule_254486_Manage: True
+win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_State: 'Present'
+win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_ValueData: '1'
+win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_ValueType: 'Dword'
+# R-254487 WN22-SO-000430
+win2022STIG_stigrule_254487_Manage: True
+win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_State: 'Present'
+win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_ValueData: '1'
+win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_ValueType: 'Dword'
+# R-254488 WN22-SO-000440
+win2022STIG_stigrule_254488_Manage: True
+win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_State: 'Present'
+win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_ValueData: '1'
+win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_ValueType: 'Dword'
+# R-254489 WN22-SO-000450
+win2022STIG_stigrule_254489_Manage: True
+win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
+win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_State: 'Present'
+win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_ValueData: '1'
+win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_ValueType: 'Dword'
+# R-254490 WN22-UC-000010
+win2022STIG_stigrule_254490_Manage: True
+win2022STIG_stigrule_254490_SaveZoneInformation_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\'
+win2022STIG_stigrule_254490_SaveZoneInformation_State: 'Present'
+win2022STIG_stigrule_254490_SaveZoneInformation_ValueData: '2'
+win2022STIG_stigrule_254490_SaveZoneInformation_ValueType: 'Dword'
+# R-254491 WN22-UR-000010
+win2022STIG_stigrule_254491_Manage: True
+win2022STIG_stigrule_254491_SeTrustedCredManAccessPrivilege_Users: []
+# R-254492 WN22-UR-000020
+win2022STIG_stigrule_254492_Manage: True
+win2022STIG_stigrule_254492_SeTcbPrivilege_Users: []
+# R-254493 WN22-UR-000030
+win2022STIG_stigrule_254493_Manage: True
+win2022STIG_stigrule_254493_SeInteractiveLogonRight_Users: ['Administrators']
+# R-254494 WN22-UR-000040
+win2022STIG_stigrule_254494_Manage: True
+win2022STIG_stigrule_254494_SeBackupPrivilege_Users: ['Administrators']
+# R-254495 WN22-UR-000050
+win2022STIG_stigrule_254495_Manage: True
+win2022STIG_stigrule_254495_SeCreatePagefilePrivilege_Users: ['Administrators']
+# R-254496 WN22-UR-000060
+win2022STIG_stigrule_254496_Manage: True
+win2022STIG_stigrule_254496_SeCreateTokenPrivilege_Users: []
+# R-254497 WN22-UR-000070
+win2022STIG_stigrule_254497_Manage: True
+win2022STIG_stigrule_254497_SeCreateGlobalPrivilege_Users: ['Administrators','Service','Local Service','Network Service']
+# R-254498 WN22-UR-000080
+win2022STIG_stigrule_254498_Manage: True
+win2022STIG_stigrule_254498_SeCreatePermanentPrivilege_Users: []
+# R-254499 WN22-UR-000090
+win2022STIG_stigrule_254499_Manage: True
+win2022STIG_stigrule_254499_SeCreateSymbolicLinkPrivilege_Users: ['Administrators']
+# R-254500 WN22-UR-000100
+win2022STIG_stigrule_254500_Manage: True
+win2022STIG_stigrule_254500_SeDebugPrivilege_Users: ['Administrators']
+# R-254501 WN22-UR-000110
+win2022STIG_stigrule_254501_Manage: True
+win2022STIG_stigrule_254501_SeRemoteShutdownPrivilege_Users: ['Administrators']
+# R-254502 WN22-UR-000120
+win2022STIG_stigrule_254502_Manage: True
+win2022STIG_stigrule_254502_SeAuditPrivilege_Users: ['Local Service','Network Service']
+# R-254503 WN22-UR-000130
+win2022STIG_stigrule_254503_Manage: True
+win2022STIG_stigrule_254503_SeImpersonatePrivilege_Users: ['Administrators','Service','Local Service','Network Service']
+# R-254504 WN22-UR-000140
+win2022STIG_stigrule_254504_Manage: True
+win2022STIG_stigrule_254504_SeIncreaseBasePriorityPrivilege_Users: ['Administrators']
+# R-254505 WN22-UR-000150
+win2022STIG_stigrule_254505_Manage: True
+win2022STIG_stigrule_254505_SeLoadDriverPrivilege_Users: ['Administrators']
+# R-254506 WN22-UR-000160
+win2022STIG_stigrule_254506_Manage: True
+win2022STIG_stigrule_254506_SeLockMemoryPrivilege_Users: []
+# R-254507 WN22-UR-000170
+win2022STIG_stigrule_254507_Manage: True
+win2022STIG_stigrule_254507_SeSecurityPrivilege_Users: ['Administrators']
+# R-254508 WN22-UR-000180
+win2022STIG_stigrule_254508_Manage: True
+win2022STIG_stigrule_254508_SeSystemEnvironmentPrivilege_Users: ['Administrators']
+# R-254509 WN22-UR-000190
+win2022STIG_stigrule_254509_Manage: True
+win2022STIG_stigrule_254509_SeManageVolumePrivilege_Users: ['Administrators']
+# R-254510 WN22-UR-000200
+win2022STIG_stigrule_254510_Manage: True
+win2022STIG_stigrule_254510_SeProfileSingleProcessPrivilege_Users: ['Administrators']
+# R-254511 WN22-UR-000210
+win2022STIG_stigrule_254511_Manage: True
+win2022STIG_stigrule_254511_SeRestorePrivilege_Users: ['Administrators']
+# R-254512 WN22-UR-000220
+win2022STIG_stigrule_254512_Manage: True
+win2022STIG_stigrule_254512_SeTakeOwnershipPrivilege_Users: ['Administrators']

collections/ansible_collections/demo/openshift/roles/cluster_config/README.md

@@ -0,0 +1,131 @@
+Role Name
+=========
+
+This Ansible role helps configure Operators on the Openshift Cluster to support VM migrations. Tasks include
+- Configure Catalog Sources to use mirroring repository for Operators
+- Create and configure Operators
+
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+The task `operators/catalog_sources.yml` needs following variables:
+
+- **Variable Name**: `cluster_config_catalog_sources`
+  - **Type**: List
+  - **Description**: A list of custom CatalogSources configurations used as loop variables to generate Kubernetes manifest files from the  template `catalog_source.j2` for CatalogSource. If the variable is not available, no manifest is created.
+  - **Example**:
+    ```yaml
+    cluster_config_catalog_sources:
+      - name: redhat-marketplace2
+        source_type: grpc
+        display_name: Mirror to Red Hat Marketplace
+        image_path: internal-registry.example.com/operator:v1
+        priority: '-300'
+        icon:
+          base64data: ''
+          mediatype: ''
+        publisher: redhat
+        address: ''
+        grpc_pod_config: |
+          nodeSelector:
+            kubernetes.io/os: linux
+            node-role.kubernetes.io/master: ''
+          priorityClassName: system-cluster-critical
+          securityContextConfig: restricted
+          tolerations:
+            - effect: NoSchedule
+              key: node-role.kubernetes.io/master
+              operator: Exists
+            - effect: NoExecute
+              key: node.kubernetes.io/unreachable
+              operator: Exists
+              tolerationSeconds: 120
+            - effect: NoExecute
+              key: node.kubernetes.io/not-ready
+              operator: Exists
+              tolerationSeconds: 120
+        registry_poll_interval: 10m
+    ```
+
+The task `operators/operator_config.yaml` needs following variables:
+
+- **Variable Name**: `cluster_config_operators`
+  - **Type**: List
+  - **Description**: A list of operators to be installed on OCP cluster
+- **Variable Name**: `cluster_config_[OPERATOR_NAME]`
+  - **Type**: Dict
+  - **Description**: Configuration specific to each operator listed in `cluster_config_operators`. Includes settings for namespace, operator group, subscription, and any extra resources
+  - **Example**: Assume the `cluster_config_operators` specifies these operators:
+  ```yaml
+  cluster_config_operators:
+    - cnv
+    - oadp
+  ```
+  then the corresponding `cluster_config_mtv` and `cluster_config_cnv` can be configured as following:
+  ```yaml
+  cluster_config_cnv_namespace: openshift-cnv
+  cluster_config_cnv:
+  namespace:
+    name: "{{ cluster_config_cnv_namespace }}"
+  operator_group:
+    name: kubevirt-hyperconverged-group
+    target_namespaces:
+      - "{{ cluster_config_cnv_namespace }}"
+  subscription:
+    name: kubevirt-hyperconverged
+    starting_csv: kubevirt-hyperconverged-operator.v4.13.8
+  extra_resources:
+    - apiVersion: hco.kubevirt.io/v1beta1
+      kind: HyperConverged
+      metadata:
+        name: kubevirt-hyperconverged
+        namespace: "{{ cluster_config_cnv_namespace }}"
+      spec:
+        BareMetalPlatform: true
+
+  cluster_config_oadp_namespace: openshift-adp
+  cluster_config_oadp:
+  namespace:
+    name: "{{ cluster_config_oadp_namespace }}"
+  operator_group:
+    name: redhat-oadp-operator-group
+    target_namespaces:
+      - "{{ cluster_config_oadp_namespace }}"
+  subscription:
+    name: redhat-oadp-operator-subscription
+    spec_name: redhat-oadp-operator
+  ```
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+An example of configuring a CatalogSource resource:
+```
+- name: Configure Catalog Sources for Operators
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - ansible.builtin.include_role:
+        name: cluster_config
+        tasks_from: operators/catalog_sources
+```
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

collections/ansible_collections/demo/openshift/roles/cluster_config/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+# defaults file for cluster_config
+cluster_config_operators:
+  - cnv
+
+cluster_config_cnv:
+  checkplan: true
+  namespace:
+    name: &cluster_config_cnv_namespace openshift-cnv
+  operator_group:
+    name: kubevirt-hyperconverged-group
+    target_namespaces:
+      - *cluster_config_cnv_namespace
+  subscription:
+    name: kubevirt-hyperconverged
+  extra_resources:
+    - apiVersion: hco.kubevirt.io/v1beta1
+      kind: HyperConverged
+      metadata:
+        name: kubevirt-hyperconverged
+        namespace: *cluster_config_cnv_namespace
+      spec:
+        BareMetalPlatform: true

collections/ansible_collections/demo/openshift/roles/cluster_config/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for cluster_config

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Configure Operators
+  ansible.builtin.import_tasks: operators/operator_config.yml

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/_operator_config_item.yml

@@ -0,0 +1,37 @@
+---
+- name: Retrieve Operator name
+  ansible.builtin.set_fact:
+    _operator: "{{ vars['cluster_config_' + _operator_name] }}"
+- name: Configure Operator {{ _operator_name }}
+  redhat.openshift.k8s:
+    state: present
+    template:
+      - operators/namespace.yml.j2
+      - operators/operator_group.yml.j2
+      - operators/subscription.yml.j2
+- name: Query for install plan
+  kubernetes.core.k8s_info:
+    api_version: operators.coreos.com/v1alpha1
+    kind: InstallPlan
+    namespace: "{{ _operator.namespace.name }}"
+  register: r_install_plans
+  retries: 30
+  delay: 5
+  until:
+    - r_install_plans.resources | default([]) | length > 0
+    - r_install_plans.resources[0].status is defined
+    - r_install_plans.resources[0].status.phase == "Complete"
+  when:
+    - _operator.checkplan is defined
+    - _operator.checkplan | bool
+
+- name: Configure extra resources for Operator {{ _operator_name }}
+  redhat.openshift.k8s:
+    state: present
+    definition: "{{ item }}"
+  register: creation_result
+  loop: "{{ _operator.extra_resources }}"
+  retries: 30
+  delay: 5
+  until: creation_result is success
+  when: _operator.extra_resources is defined

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/catalog_sources.yml

@@ -0,0 +1,7 @@
+---
+- name: Configure custom CatalogSource for Operators
+  redhat.openshift.k8s:
+    state: present
+    template: operators/catalog_source.j2
+  loop: "{{ cluster_config_catalog_sources }}"
+  when: cluster_config_catalog_sources is defined

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/node-health-check.yml

@@ -0,0 +1,59 @@
+---
+- name: Create node-health-check operator namespace
+  redhat.openshift.k8s:
+    name:  openshift-workload-availability
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Create node-health-check operator group
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1
+      kind: OperatorGroup
+      metadata:
+        generateName: openshift-workload-availability-
+        annotations:
+          olm.providedAPIs: >-
+            NodeHealthCheck.v1alpha1.remediation.medik8s.io,SelfNodeRemediation.v1alpha1.self-node-remediation.medik8s.io,SelfNodeRemediationConfig.v1alpha1.self-node-remediation.medik8s.io,SelfNodeRemediationTemplate.v1alpha1.self-node-remediation.medik8s.io
+        namespace: openshift-workload-availability
+      spec:
+        upgradeStrategy: Default
+
+- name: Create node-health-check operator subscription
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1alpha1
+      kind: Subscription
+      metadata:
+        labels:
+          operators.coreos.com/node-healthcheck-operator.openshift-workload-availability: ''
+        name: node-health-check-operator
+        namespace: openshift-workload-availability
+      spec:
+        channel: stable
+        installPlanApproval: Automatic
+        name: node-healthcheck-operator
+        source: redhat-operators
+        sourceNamespace: openshift-marketplace
+
+- name: Create Self Node Remediation subscription
+  redhat.openshift.k8s:
+    state: present
+    definition:
+      apiVersion: operators.coreos.com/v1alpha1
+      kind: Subscription
+      metadata:
+        name: self-node-remediation-stable-redhat-operators-openshift-marketplace
+        namespace: openshift-workload-availability
+        labels:
+          operators.coreos.com/self-node-remediation.openshift-workload-availability: ''
+      spec:
+        channel: stable
+        installPlanApproval: Automatic
+        name: self-node-remediation
+        source: redhat-operators
+        sourceNamespace: openshift-marketplace
+        startingCSV: self-node-remediation.v0.8.0

collections/ansible_collections/demo/openshift/roles/cluster_config/tasks/operators/operator_config.yml

@@ -0,0 +1,6 @@
+---
+- name: Configure Operators
+  ansible.builtin.include_tasks: _operator_config_item.yml
+  loop: "{{ cluster_config_operators }}"
+  loop_control:
+    loop_var: _operator_name

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/catalog_source.j2

@@ -0,0 +1,34 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: {{ item.name }}
+  namespace: openshift-marketplace
+spec:
+  sourceType: {{ item.source_type | d('grpc',true) }}
+  image: {{ item.image_path }}
+  {% if item.display_name is defined -%}
+  displayName: {{ item.display_name }}
+  {% endif -%}
+  {% if item.priority is defined -%}
+  priority: {{ item.priority }}
+  {% endif -%}
+  {% if item.grpc_pod_config is defined -%}
+  grpcPodConfig:
+    {{ item.grpc_pod_config | indent(4) }}
+  {% endif -%}
+  {% if item.icon is defined -%}
+  icon:
+    base64data: '{{ item.icon.base64data or ''  }}'
+    mediatype: '{{ item.icon.mediatype or '' }}'
+  {% endif -%}
+  {% if item.publisher is defined -%}
+  publisher: {{ item.publisher }}
+  {% endif -%}
+  {% if item.address is defined -%}
+  address: {{ item.address }}
+  {% endif -%}
+  {% if item.registry_poll_interval is defined -%}
+  updateStrategy:
+    registryPoll:
+      interval: {{ item.registry_poll_interval }}
+  {% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/namespace.yml.j2

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: {{ _operator.namespace.name }}
+{% if _operator.namespace.labels is defined %}
+    labels:
+      {% for key, value in _operator.namespace.labels.items() -%}
+      {{ key }}: "{{ value }}"
+      {% endfor -%}
+{% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/operator_group.yml.j2

@@ -0,0 +1,12 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: {{ _operator.operator_group.name }}
+  namespace: {{ _operator.operator_group.namespace | d(_operator.namespace.name, true) }}
+spec:
+  {% if _operator.operator_group.target_namespaces is defined -%}
+  targetNamespaces:
+  {% for item in _operator.operator_group.target_namespaces %}
+    - {{ item }}
+  {% endfor %}
+  {% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/templates/operators/subscription.yml.j2

@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: {{ _operator.subscription.name }}
+  namespace: "{{ _operator.subscription.namespace | d(_operator.namespace.name, true) }}"
+spec:
+  channel: {{ _operator.subscription.channel | d('stable', true) }}
+  installPlanApproval: {{ _operator.subscription.install_plan_approval | d('Automatic', true) }}
+  name: {{ _operator.subscription.spec_name | d(_operator.subscription.name, true) }}
+  source: {{ _operator.subscription.source | d('redhat-operators', true) }}
+  sourceNamespace: {{ _operator.subscription.source_namespace | d('openshift-marketplace', true) }}
+{% if _operator.subscription.starting_csv is defined %}
+  startingCSV: {{ _operator.subscription.starting_csv }}
+{% endif -%}

collections/ansible_collections/demo/openshift/roles/cluster_config/tests/inventory

@@ -0,0 +1 @@
+localhost

collections/ansible_collections/demo/openshift/roles/cluster_config/tests/test.yml

@@ -0,0 +1,6 @@
+---
+- name: Include cluster_config role
+  hosts: localhost
+  remote_user: root
+  roles:
+    - cluster_config

collections/ansible_collections/demo/openshift/roles/cluster_config/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for cluster_config

collections/ansible_collections/demo/patching/plugins/modules/scan_packages.py

@@ -0,0 +1,101 @@
+#!/usr/bin/env python
+
+from ansible.module_utils.basic import *  # noqa
+
+DOCUMENTATION = """
+---
+module: scan_packages
+short_description: Return installed packages information as fact data
+description:
+    - Return information about installed packages as fact data
+"""
+
+EXAMPLES = """
+# Example fact output:
+# host | success >> {
+#    "ansible_facts": {
+#        "packages": [
+#                {
+#                  "version": "1.0.6-5",
+#                  "source": "apt",
+#                  "arch": "amd64",
+#                  "name": "libbz2-1.0"
+#                },
+#                {
+#                  "version": "2.7.1-4ubuntu1",
+#                  "source": "apt",
+#                  "arch": "amd64",
+#                  "name": "patch"
+#                },
+#                {
+#                  "version": "4.8.2-19ubuntu1",
+#                  "source": "apt",
+#                  "arch": "amd64",
+#                  "name": "gcc-4.8-base"
+#                }
+#       ]
+"""
+
+
+def rpm_package_list():
+    import rpm
+
+    trans_set = rpm.TransactionSet()
+    installed_packages = []
+    for package in trans_set.dbMatch():
+        package_details = {
+            "name": package[rpm.RPMTAG_NAME],
+            "version": package[rpm.RPMTAG_VERSION],
+            "release": package[rpm.RPMTAG_RELEASE],
+            "epoch": package[rpm.RPMTAG_EPOCH],
+            "arch": package[rpm.RPMTAG_ARCH],
+            "source": "rpm",
+        }
+        if installed_packages == []:
+            installed_packages = [package_details]
+        else:
+            installed_packages.append(package_details)
+    return installed_packages
+
+
+def deb_package_list():
+    import apt
+
+    apt_cache = apt.Cache()
+    installed_packages = []
+    apt_installed_packages = [
+        pk for pk in apt_cache.keys() if apt_cache[pk].is_installed
+    ]
+    for package in apt_installed_packages:
+        ac_pkg = apt_cache[package].installed
+        package_details = {
+            "name": package,
+            "version": ac_pkg.version,
+            "arch": ac_pkg.architecture,
+            "source": "apt",
+        }
+        if installed_packages == []:
+            installed_packages = [package_details]
+        else:
+            installed_packages.append(package_details)
+    return installed_packages
+
+
+def main():
+    module = AnsibleModule(argument_spec=dict(os_family=dict(required=True)))
+    ans_os = module.params["os_family"]
+    if ans_os in ("RedHat", "Suse", "openSUSE Leap"):
+        packages = rpm_package_list()
+    elif ans_os == "Debian":
+        packages = deb_package_list()
+    else:
+        packages = None
+
+    if packages is not None:
+        results = dict(ansible_facts=dict(packages=packages))
+    else:
+        results = dict(skipped=True, msg="Unsupported Distribution")
+    module.exit_json(**results)
+
+
+main()

collections/ansible_collections/demo/patching/plugins/modules/scan_services.py

@@ -0,0 +1,233 @@
+#!/usr/bin/env python
+
+import re
+from ansible.module_utils.basic import *  # noqa
+
+DOCUMENTATION = """
+---
+module: scan_services
+short_description: Return service state information as fact data
+description:
+     - Return service state information as fact data for various service management utilities
+"""
+
+EXAMPLES = """
+---
+- monit: scan_services
+
+# Example fact output:
+# host | success >> {
+#   "ansible_facts": {
+#     "services": {
+#       "network": {
+#         "source": "sysv",
+#         "state": "running",
+#         "name": "network"
+#       },
+#       "arp-ethers.service": {
+#         "source": "systemd",
+#         "state": "stopped",
+#         "name": "arp-ethers.service"
+#       }
+#     }
+#   }
+# }
+"""
+
+
+class BaseService(object):
+    def __init__(self, module):
+        self.module = module
+        self.incomplete_warning = False
+
+
+class ServiceScanService(BaseService):
+    def gather_services(self):
+        services = {}
+        service_path = self.module.get_bin_path("service")
+        if service_path is None:
+            return None
+        initctl_path = self.module.get_bin_path("initctl")
+        chkconfig_path = self.module.get_bin_path("chkconfig")
+
+        # sysvinit
+        if service_path is not None and chkconfig_path is None:
+            rc, stdout, stderr = self.module.run_command(
+                '%s --status-all 2>&1 | grep -E "\\[ (\\+|\\-) \\]"' % service_path,
+                use_unsafe_shell=True,
+            )
+            for line in stdout.split("\n"):
+                line_data = line.split()
+                if len(line_data) < 4:
+                    continue  # Skipping because we expected more data
+                service_name = " ".join(line_data[3:])
+                if line_data[1] == "+":
+                    service_state = "running"
+                else:
+                    service_state = "stopped"
+                services[service_name] = {
+                    "name": service_name,
+                    "state": service_state,
+                    "source": "sysv",
+                }
+
+        # Upstart
+        if initctl_path is not None and chkconfig_path is None:
+            p = re.compile(
+                "^\s?(?P<name>.*)\s(?P<goal>\w+)\/(?P<state>\w+)(\,\sprocess\s(?P<pid>[0-9]+))?\s*$"
+            )
+            rc, stdout, stderr = self.module.run_command("%s list" % initctl_path)
+            real_stdout = stdout.replace("\r", "")
+            for line in real_stdout.split("\n"):
+                m = p.match(line)
+                if not m:
+                    continue
+                service_name = m.group("name")
+                service_goal = m.group("goal")
+                service_state = m.group("state")
+                if m.group("pid"):
+                    pid = m.group("pid")
+                else:
+                    pid = None  # NOQA
+                payload = {
+                    "name": service_name,
+                    "state": service_state,
+                    "goal": service_goal,
+                    "source": "upstart",
+                }
+                services[service_name] = payload
+
+        # RH sysvinit
+        elif chkconfig_path is not None:
+            # print '%s --status-all | grep -E "is (running|stopped)"' % service_path
+            p = re.compile(
+                "(?P<service>.*?)\s+[0-9]:(?P<rl0>on|off)\s+[0-9]:(?P<rl1>on|off)\s+[0-9]:(?P<rl2>on|off)\s+"
+                "[0-9]:(?P<rl3>on|off)\s+[0-9]:(?P<rl4>on|off)\s+[0-9]:(?P<rl5>on|off)\s+[0-9]:(?P<rl6>on|off)"
+            )
+            rc, stdout, stderr = self.module.run_command(
+                "%s" % chkconfig_path, use_unsafe_shell=True
+            )
+            # Check for special cases where stdout does not fit pattern
+            match_any = False
+            for line in stdout.split("\n"):
+                if p.match(line):
+                    match_any = True
+            if not match_any:
+                p_simple = re.compile("(?P<service>.*?)\s+(?P<rl0>on|off)")
+                match_any = False
+                for line in stdout.split("\n"):
+                    if p_simple.match(line):
+                        match_any = True
+                if match_any:
+                    # Try extra flags " -l --allservices" needed for SLES11
+                    rc, stdout, stderr = self.module.run_command(
+                        "%s -l --allservices" % chkconfig_path, use_unsafe_shell=True
+                    )
+                elif "--list" in stderr:
+                    # Extra flag needed for RHEL5
+                    rc, stdout, stderr = self.module.run_command(
+                        "%s --list" % chkconfig_path, use_unsafe_shell=True
+                    )
+            for line in stdout.split("\n"):
+                m = p.match(line)
+                if m:
+                    service_name = m.group("service")
+                    service_state = "stopped"
+                    if m.group("rl3") == "on":
+                        rc, stdout, stderr = self.module.run_command(
+                            "%s %s status" % (service_path, service_name),
+                            use_unsafe_shell=True,
+                        )
+                        service_state = rc
+                        if rc in (0,):
+                            service_state = "running"
+                        # elif rc in (1,3):
+                        else:
+                            if (
+                                "root" in stderr
+                                or "permission" in stderr.lower()
+                                or "not in sudoers" in stderr.lower()
+                            ):
+                                self.incomplete_warning = True
+                                continue
+                            else:
+                                service_state = "stopped"
+                    service_data = {
+                        "name": service_name,
+                        "state": service_state,
+                        "source": "sysv",
+                    }
+                    services[service_name] = service_data
+        return services
+
+
+class SystemctlScanService(BaseService):
+    def systemd_enabled(self):
+        # Check if init is the systemd command, using comm as cmdline could be symlink
+        try:
+            f = open("/proc/1/comm", "r")
+        except IOError:
+            # If comm doesn't exist, old kernel, no systemd
+            return False
+        for line in f:
+            if "systemd" in line:
+                return True
+        return False
+
+    def gather_services(self):
+        services = {}
+        if not self.systemd_enabled():
+            return None
+        systemctl_path = self.module.get_bin_path(
+            "systemctl", opt_dirs=["/usr/bin", "/usr/local/bin"]
+        )
+        if systemctl_path is None:
+            return None
+        rc, stdout, stderr = self.module.run_command(
+            "%s list-unit-files --type=service | tail -n +2 | head -n -2"
+            % systemctl_path,
+            use_unsafe_shell=True,
+        )
+        for line in stdout.split("\n"):
+            line_data = line.split()
+            if len(line_data) != 2:
+                continue
+            if line_data[1] == "enabled":
+                state_val = "running"
+            else:
+                state_val = "stopped"
+            services[line_data[0]] = {
+                "name": line_data[0],
+                "state": state_val,
+                "source": "systemd",
+            }
+        return services
+
+
+def main():
+    module = AnsibleModule(argument_spec=dict())
+    service_modules = (ServiceScanService, SystemctlScanService)
+    all_services = {}
+    incomplete_warning = False
+    for svc_module in service_modules:
+        svcmod = svc_module(module)
+        svc = svcmod.gather_services()
+        if svc is not None:
+            all_services.update(svc)
+            if svcmod.incomplete_warning:
+                incomplete_warning = True
+    if len(all_services) == 0:
+        results = dict(
+            skipped=True,
+            msg="Failed to find any services. Sometimes this is due to insufficient privileges.",
+        )
+    else:
+        results = dict(ansible_facts=dict(services=all_services))
+        if incomplete_warning:
+            results[
+                "msg"
+            ] = "WARNING: Could not find status for all services. Sometimes this is due to insufficient privileges."
+    module.exit_json(**results)
+
+
+main()

collections/ansible_collections/demo/patching/plugins/modules/win_scan_packages.ps1

@@ -0,0 +1,66 @@
+#!powershell
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# WANT_JSON
+# POWERSHELL_COMMON
+
+$uninstall_native_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
+$uninstall_wow6432_path = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
+
+if ([System.IntPtr]::Size -eq 4) {
+
+    # This is a 32-bit Windows system, so we only check for 32-bit programs, which will be
+    # at the native registry location.
+
+    [PSObject []]$packages = Get-ChildItem -Path $uninstall_native_path |
+        Get-ItemProperty |
+        Select-Object -Property @{Name="name"; Expression={$_."DisplayName"}},
+            @{Name="version"; Expression={$_."DisplayVersion"}},
+            @{Name="publisher"; Expression={$_."Publisher"}},
+            @{Name="arch"; Expression={ "Win32" }} |
+        Where-Object { $_.name }
+
+} else {
+
+    # This is a 64-bit Windows system, so we check for 64-bit programs in the native
+    # registry location, and also for 32-bit programs under Wow6432Node.
+
+    [PSObject []]$packages = Get-ChildItem -Path $uninstall_native_path |
+        Get-ItemProperty |
+        Select-Object -Property @{Name="name"; Expression={$_."DisplayName"}},
+            @{Name="version"; Expression={$_."DisplayVersion"}},
+            @{Name="publisher"; Expression={$_."Publisher"}},
+            @{Name="arch"; Expression={ "Win64" }} |
+        Where-Object { $_.name }
+
+    $packages += Get-ChildItem -Path $uninstall_wow6432_path |
+        Get-ItemProperty |
+        Select-Object -Property @{Name="name"; Expression={$_."DisplayName"}},
+            @{Name="version"; Expression={$_."DisplayVersion"}},
+            @{Name="publisher"; Expression={$_."Publisher"}},
+            @{Name="arch"; Expression={ "Win32" }} |
+        Where-Object { $_.name }
+
+}
+
+$result = New-Object psobject @{
+    ansible_facts = New-Object psobject @{
+        packages = $packages
+    }
+    changed = $false
+}
+
+Exit-Json $result;

collections/ansible_collections/demo/patching/plugins/modules/win_scan_packages.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+DOCUMENTATION = """
+---
+module: win_scan_packages
+short_description: Return Package state information as fact data
+description:
+     - Return Package state information as fact data for various Packages
+"""
+
+EXAMPLES = """
+- monit: win_scan_packages
+
+#  Example fact output:
+#  host | success >> {
+#   "ansible_facts": {
+#     "packages": [
+#       {
+#         "name": "Mozilla Firefox 76.0.1 (x64 en-US)",
+#         "version": "76.0.1",
+#         "publisher": "Mozilla",
+#         "arch": "Win64"
+#       },
+#       {
+#         "name": "Mozilla Maintenance Service",
+#         "version": "76.0.1",
+#         "publisher": "Mozilla",
+#         "arch": "Win64"
+#       }
+#     ]
+#   }
+# }
+"""

collections/ansible_collections/demo/patching/plugins/modules/win_scan_services.ps1

@@ -0,0 +1,30 @@
+#!powershell
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# WANT_JSON
+# POWERSHELL_COMMON
+
+$result = New-Object psobject @{
+    ansible_facts = New-Object psobject @{
+        services = Get-Service |
+            Select-Object -Property @{Name="name"; Expression={$_."DisplayName"}},
+                @{Name="win_svc_name"; Expression={$_."Name"}},
+                @{Name="state"; Expression={$_."Status".ToString().ToLower()}}
+    }
+    changed = $false
+}
+
+Exit-Json $result;

collections/ansible_collections/demo/patching/plugins/modules/win_scan_services.py

@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+DOCUMENTATION = """
+---
+module: win_scan_services
+short_description: Return service state information as fact data
+description:
+     - Return service state information as fact data for various service management utilities
+"""
+
+EXAMPLES = """
+- monit: win_scan_services
+
+# Example fact output:
+# host | success >> {
+#   "ansible_facts": {
+#     "services": [
+#       {
+#         "name": "AllJoyn Router Service",
+#         "win_svc_name": "AJRouter",
+#         "state": "stopped"
+#       },
+#       {
+#         "name": "Application Layer Gateway Service",
+#         "win_svc_name": "ALG",
+#         "state": "stopped"
+#       },
+#       {
+#         "name": "Application Host Helper Service",
+#         "win_svc_name": "AppHostSvc",
+#         "state": "running"
+#       }
+#     ]
+#   }
+# }
+"""

collections/ansible_collections/demo/patching/roles/build_report_network/README.md

@@ -0,0 +1,36 @@
+build_report_network
+========
+
+Installs Apache and creates a report based on facts from network devices
+
+Requirements
+------------
+
+Must run on Apache server
+
+Role Variables / Configuration
+--------------
+
+N/A
+
+Dependencies
+------------
+
+N/A
+
+Example Playbook
+----------------
+
+The role can be used to create an html report on any number of Linux hosts using any number of network devices
+
+
+```
+---
+- hosts: all
+
+  tasks:
+  - name: Run Network Report
+    import_role:
+      name: shadowman.reports.build_report_network
+
+```

collections/ansible_collections/demo/patching/roles/build_report_network/files/css/main.css

@@ -0,0 +1,207 @@
+p.hostname {
+  color: #000000;
+  font-weight: bolder;
+  font-size: large;
+  margin: auto;
+  width: 50%;
+}
+
+#subtable {
+  background: #ebebeb;
+  margin: 0px;
+  width: 100%;
+}
+
+#subtable tbody tr td {
+  padding: 5px 5px 5px 5px;
+}
+
+#subtable thead th {
+  padding: 5px;
+}
+
+* {
+  -moz-box-sizing: border-box;
+  -webkit-box-sizing: border-box;
+  box-sizing: border-box;
+  font-family: "Open Sans", "Helvetica";
+
+}
+
+a {
+  color: #ffffff;
+}
+
+p {
+  color: #ffffff;
+}
+h1 {
+  text-align: center;
+  color: #ffffff;
+}
+
+body {
+  background:#353a40;
+  padding: 0px;
+  margin: 0px;
+  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+}
+
+table {
+  border-collapse: separate;
+  background:#fff;
+  @include border-radius(5px);
+  @include box-shadow(0px 0px 5px rgba(0,0,0,0.3));
+}
+
+.main_net_table {
+  margin:50px auto;
+}
+
+.main_net_table {
+  margin:50px auto;
+}
+
+thead {
+  @include border-radius(5px);
+}
+
+thead th {
+  font-size:16px;
+  font-weight:400;
+  color:#fff;
+  @include text-shadow(1px 1px 0px rgba(0,0,0,0.5));
+  text-align:left;
+  padding:20px;
+  border-top:1px solid #858d99;
+  background: #353a40;
+
+  &:first-child {
+   @include border-top-left-radius(5px);
+  }
+
+  &:last-child {
+    @include border-top-right-radius(5px);
+  }
+}
+
+tbody tr td {
+  font-weight:400;
+  color:#5f6062;
+  font-size:13px;
+  padding:20px 20px 20px 20px;
+  border-bottom:1px solid #e0e0e0;
+
+}
+
+tbody tr:nth-child(2n) {
+  background:#f0f3f5;
+}
+
+tbody tr:last-child td {
+  border-bottom:none;
+  &:first-child {
+    @include border-bottom-left-radius(5px);
+  }
+  &:last-child {
+    @include border-bottom-right-radius(5px);
+  }
+}
+
+td {
+  vertical-align: top;
+}
+
+span.highlight {
+    background-color: yellow;
+}
+
+.expandclass {
+  color: #5f6062;
+}
+
+.content{
+         display:none;
+         margin: 10px;
+}
+
+header {
+  width: 100%;
+  position: initial;
+  float: initial;
+  padding: 0;
+  margin: 0;
+  border-radius: 0;
+  height: 88px;
+  background-color: #171717;
+}
+
+.header-container {
+  margin: 0 auto;
+  width: 100%;
+  height: 100%;
+  max-width: 1170px;
+  padding: 0;
+  float: initial;
+  display: flex;
+  align-items: center;
+}
+
+.header-logo {
+  width: 137px;
+  border: 0;
+  margin: 0;
+  margin-left: 15px;
+}
+
+.header-link {
+  margin-left: 40px;
+  text-decoration: none;
+  cursor: pointer;
+  text-transform: uppercase;
+  font-size: 15px;
+  font-family: 'Red Hat Text';
+  font-weight: 500;
+}
+
+.header-link:hover {
+  text-shadow: 0 0 0.02px white;
+  text-decoration: none;
+}
+
+table.net_info td {
+    padding: 5px;
+}
+
+p.expandclass:hover {
+    text-decoration: underline;
+    color: #EE0000;
+    cursor: pointer;
+}
+
+.summary_info {
+}
+
+.ui-state-active, .ui-widget-content .ui-state-active, .ui-widget-header .ui-state-active, a.ui-button:active, .ui-button:active, .ui-button.ui-state-active:hover {
+    border: 1px solid #5F0000;
+    background: #EE0000;
+}
+
+div#net_content {
+    padding: 0px;
+    height: auto !important;
+}
+
+img.router_image {
+    vertical-align: middle;
+    padding: 0px 10px 10px 10px;
+    width: 50px;
+}
+
+table.net_info {
+    width: 100%;
+}
+
+p.internal_label {
+    color: #000000;
+}

collections/ansible_collections/demo/patching/roles/build_report_network/files/redhat-ansible-logo.svg

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 24.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Logos" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="930.2px" height="350px" viewBox="0 0 930.2 350" style="enable-background:new 0 0 930.2 350;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#FFFFFF;}
+	.st1{fill:#EE0000;}
+</style>
+<title>Logo-Red_Hat-Ansible_Automation_Platform-A-Reverse-RGB</title>
+<path class="st0" d="M383.3,228.5h18.8L446,335.7h-17.5l-12.4-31.4h-48l-12.6,31.4h-16.7L383.3,228.5z M410.9,291l-18.7-47l-18.7,47
+	H410.9z"/>
+<path class="st0" d="M455.2,257.7h15.3v7.8c6.2-6.2,14.7-9.6,23.5-9.3c17.9,0,30.5,12.4,30.5,30.5v49h-15.3v-46.5
+	c0-12.3-7.5-19.8-19.3-19.8c-7.8-0.3-15.1,3.6-19.3,10.1v56.1h-15.3V257.7z"/>
+<path class="st0" d="M543,315.5c8.1,6.4,16.7,9.8,25.4,9.8c11,0,18.7-4.8,18.7-11.7c0-5.5-4-8.7-12.6-10l-14.1-2
+	c-15.5-2.3-23.3-9.5-23.3-21.6c0-14.1,12.3-23.6,30.5-23.6c11.3-0.1,22.3,3.4,31.5,9.9l-7.8,10.1c-8.6-5.7-16.4-8.1-24.7-8.1
+	c-9.3,0-15.6,4.3-15.6,10.6c0,5.7,3.7,8.4,12.9,9.8l14.1,2c15.5,2.3,23.6,9.7,23.6,21.7c0,14-14.1,24.5-32.6,24.5
+	c-13.5,0-25.6-4-34.2-11.5L543,315.5z"/>
+<path class="st0" d="M611.6,235.6c0-5.2,4.1-9.4,9.3-9.5c0,0,0,0,0,0c5.2-0.2,9.7,3.9,9.9,9.1c0.2,5.2-3.9,9.7-9.1,9.9
+	c-0.2,0-0.5,0-0.7,0C615.8,245.1,611.6,240.9,611.6,235.6C611.6,235.7,611.6,235.7,611.6,235.6z M628.6,335.7h-15.3v-78h15.3V335.7z
+	"/>
+<path class="st0" d="M685.5,336.9c-8.5,0-16.8-2.7-23.6-7.8v6.6h-15.2V228.5l15.3-3.4v40c6.6-5.6,15.1-8.7,23.7-8.6
+	c22.1,0,39.4,17.7,39.4,40.1C725.2,319.1,707.9,336.9,685.5,336.9z M662,279.2v35.2c4.9,5.7,13,9.2,21.8,9.2
+	c15,0,26.4-11.5,26.4-26.8c0-15.3-11.5-27-26.4-27C674.9,269.8,667.1,273.2,662,279.2z"/>
+<path class="st0" d="M755,335.7h-15.3V228.5l15.3-3.4V335.7z"/>
+<path class="st0" d="M810.5,337.1c-23,0-40.9-17.7-40.9-40.4c0-22.5,17.2-40.1,39.1-40.1c21.5,0,37.7,17.8,37.7,40.8v4.4h-61.6
+	c2,13,13.2,22.5,26.4,22.4c7.2,0.2,14.2-2.3,19.8-6.8l9.8,9.7C832.1,333.7,821.5,337.4,810.5,337.1z M784.9,290.2h46.3
+	c-2.3-11.9-11.5-20.8-22.8-20.8C796.5,269.4,787.2,277.8,784.9,290.2z"/>
+<path class="st1" d="M202.8,137.5c18.4,0,45.1-3.8,45.1-25.7c0.1-1.7-0.1-3.4-0.5-5l-11-47.7c-2.5-10.5-4.8-15.2-23.2-24.5
+	c-14.3-7.3-45.5-19.4-54.7-19.4c-8.6,0-11.1,11.1-21.3,11.1c-9.8,0-17.1-8.3-26.4-8.3c-8.8,0-14.6,6-19,18.4c0,0-12.4,34.9-14,40
+	c-0.3,0.9-0.4,1.9-0.4,2.9C77.6,92.9,131.1,137.5,202.8,137.5 M250.8,120.7c2.5,12.1,2.5,13.3,2.5,14.9c0,20.6-23.2,32.1-53.7,32.1
+	c-69,0-129.3-40.3-129.3-67c0-3.7,0.8-7.4,2.2-10.8c-24.8,1.3-56.9,5.7-56.9,34c0,46.4,109.9,103.5,196.9,103.5
+	c66.7,0,83.5-30.2,83.5-54C296.1,154.6,279.9,133.4,250.8,120.7"/>
+<path d="M250.7,120.7c2.5,12.1,2.5,13.3,2.5,14.9c0,20.6-23.2,32.1-53.7,32.1c-69,0-129.3-40.3-129.3-67c0-3.7,0.8-7.4,2.2-10.8
+	l5.4-13.3c-0.3,0.9-0.4,1.9-0.4,2.8c0,13.6,53.5,58.1,125.2,58.1c18.4,0,45.1-3.8,45.1-25.7c0.1-1.7-0.1-3.4-0.5-5L250.7,120.7z"/>
+<path class="st0" d="M869.1,151.2c0,17.5,10.5,26,29.7,26c5.9-0.1,11.8-1,17.5-2.5v-20.3c-3.7,1.2-7.5,1.7-11.3,1.7
+	c-7.9,0-10.8-2.5-10.8-9.9v-31.1h22.9V94.2h-22.9V67.7l-25,5.4v21.1h-16.6v20.9h16.6L869.1,151.2z M791,151.7
+	c0-5.4,5.4-8.1,13.6-8.1c5,0,10,0.7,14.9,1.9V156c-4.8,2.6-10.2,3.9-15.6,3.9C795.9,159.9,791.1,156.8,791,151.7 M798.7,177.5
+	c8.8,0,16-1.9,22.6-6.3v5h24.8v-52.5c0-20-13.5-30.9-35.9-30.9c-12.6,0-25,2.9-38.3,9l9,18.4c9.6-4,17.7-6.5,24.8-6.5
+	c10.3,0,15.6,4,15.6,12.2v4c-6.1-1.6-12.3-2.4-18.6-2.3c-21.1,0-33.8,8.8-33.8,24.6C768.9,166.6,780.4,177.6,798.7,177.5
+	 M662.5,176.2h26.7v-42.5h44.6v42.5h26.7V67.7h-26.6v41.7h-44.6V67.7h-26.7L662.5,176.2z M561,135.1c0-11.8,9.3-20.8,21.5-20.8
+	c6.4-0.1,12.6,2.1,17.4,6.4v28.6c-4.7,4.4-10.9,6.7-17.4,6.5C570.5,155.8,561,146.8,561,135.1 M600.2,176.1H625V62.3l-25,5.4v30.8
+	c-6.4-3.6-13.6-5.5-20.9-5.4c-23.9,0-42.6,18.4-42.6,42c-0.3,23,18.1,41.9,41.1,42.2c0.2,0,0.5,0,0.7,0c7.9,0,15.6-2.5,22-7.1V176.1
+	z M486.5,113.2c7.9,0,14.6,5.1,17.2,13h-34.2C471.9,118,478.2,113.2,486.5,113.2 M444.2,135.2c0,23.9,19.5,42.5,44.6,42.5
+	c13.8,0,23.9-3.7,34.3-12.4l-16.6-14.7c-3.9,4-9.6,6.2-16.4,6.2c-8.8,0.2-16.8-4.9-20.2-13h58.4v-6.2c0-26-17.5-44.8-41.4-44.8
+	c-23.2-0.4-42.4,18.2-42.7,41.5C444.2,134.6,444.2,134.9,444.2,135.2 M400.9,90.5c8.8,0,13.8,5.6,13.8,12.2s-5,12.2-13.8,12.2h-26.3
+	V90.5H400.9z M347.9,176.2h26.7v-39.5h20.3l20.5,39.5h29.7l-23.9-43.4c12.4-5,20.5-17.1,20.4-30.5c0-19.5-15.3-34.5-38.3-34.5H348
+	L347.9,176.2z"/>
+</svg>

collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Create web directory if it does not exist
+  ansible.builtin.file:
+    path: "{{ file_path }}"
+    state: directory
+    mode: "0755"
+
+- name: Create HTML report
+  ansible.builtin.template:
+    src: report.j2
+    dest: "{{ file_path }}/network.html"
+    mode: "0644"
+  check_mode: false
+
+- name: Copy CSS over
+  ansible.builtin.copy:
+    src: "css"
+    dest: "{{ file_path }}"
+    directory_mode: true
+    mode: "0775"
+  check_mode: false
+
+- name: Copy logos over
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "{{ file_path }}"
+    directory_mode: true
+    mode: "0644"
+  loop:
+    - "webpage_logo.png"
+    - "redhat-ansible-logo.svg"
+    - "router.png"
+  check_mode: false
+
+# - name: Display link to Linux patch report
+#   ansible.builtin.debug:
+#     msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/network.html"

collections/ansible_collections/demo/patching/roles/build_report_network/templates/ansible.j2

@@ -0,0 +1,41 @@
+<!-- INTERNAL TABLE FOR Ansible -->
+<div id="accordion">
+<div>
+<h3>Ansible Automation Info</h3>
+<div class="net_content">
+<table class="net_info">
+<tbody>
+  <tr>
+    <td>Ansible user</td>
+    <td class="sub_net_info">{{ hostvars[network_switch]['ansible_user'] }}</td>
+  </tr>
+  <tr>
+    <td>Transport</td>
+    <td class="sub_net_info">{% set ansible_connection = hostvars[network_switch]['ansible_net_api'] %}{{ transport[ansible_connection] }}</td>
+  </tr>
+  <tr>
+    <td>Ansible Mgmt IP</td>
+    <td class="sub_net_info">{{ hostvars[network_switch]['ansible_host'] | default('N/A') }}</td>
+  </tr>
+  <tr>
+    <td>Ansible groups</td>
+    <td class="sub_net_info">{% for group in hostvars[network_switch]['group_names'] %}{{ group }} {% endfor %}</td>
+  </tr>
+  <tr>
+    <td>Ansible core version</td>
+    <td class="sub_net_info">{% for group in hostvars[network_switch]['ansible_version']['string']|default("Unknown") %}{{ group }} {% endfor %}</td>
+  </tr>
+  <tr>
+    <td>Ansible Python</td>
+    <td class="sub_net_info">{{ hostvars[network_switch]['ansible_playbook_python']|default("Unknown") }} </td>
+  </tr>
+  <tr>
+    <td>Python version</td>
+    <td class="sub_net_info">{{ hostvars[network_switch]['ansible_net_python_version']|default("Unknown") }} </td>
+  </tr>
+</tbody>
+</table>
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR Ansible -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/bgp.j2

@@ -0,0 +1,52 @@
+<!-- INTERNAL TABLE FOR BGP -->
+<div id="accordion">
+<div>
+<h3>BGP Global Info</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['bgp_global'] is defined and hostvars[network_switch]['ansible_network_resources']['bgp_global']|length > 0 %}
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>ASN</th>
+            <th>Router ID</th>
+
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>{{ hostvars[network_switch].ansible_network_resources.bgp_global['as_number']|default("Not Configured") }}</td>
+            <td>{{ hostvars[network_switch].ansible_network_resources.bgp_global.bgp['router_id']['address']|default("Not Configured") }}</td>
+        </tr>
+    </tbody>
+</table>
+{% if hostvars[network_switch]['ansible_network_resources']['bgp_global'][
+'neighbor'] is defined and hostvars[network_switch]['ansible_network_resources']['bgp_global'][
+'neighbor']|length > 0 %}
+<p class="internal_label">BGP Neighbors</p>
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>Address</th>
+            <th>Remote AS</th>
+
+        </tr>
+    </thead>
+    <tbody>
+    {% for bgp_neighbor in hostvars[network_switch].ansible_network_resources.bgp_global.neighbor %}
+        <tr>
+            <td>{{ bgp_neighbor['address']|default("Not Configured") }}</td>
+            <td>{{ bgp_neighbor['remote_as']|default("Not Configured") }}</td>
+        </tr>
+    {% endfor %}
+    </tbody>
+</table>
+{% endif %}
+{% elif hostvars[network_switch]['ansible_network_resources']['bgp_global'] is defined and hostvars[network_switch]['ansible_network_resources']['bgp_global']|length == 0 %}
+BGP is not configured on this device
+{% else %}
+No BGP information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR BGP -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/bgp_address_family.j2

@@ -0,0 +1,46 @@
+<!-- INTERNAL TABLE FOR BGP -->
+<div id="accordion">
+<div>
+<h3>BGP Address Family</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family'] is defined and hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family']|length > 0 %}
+
+{% for address_family in hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family'] %}
+<p class="internal_label">Address Family {{ address_family['afi'] }}</p>
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>Network</th>
+
+        </tr>
+    </thead>
+    <tbody>
+    {% if hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family']['networks'] is defined %}
+    {% for bgp_network in address_family['networks'] %}
+        <tr>
+            <td>{{ bgp_network['prefix']|default("Not Configured") }}</td>
+        </tr>
+    {% endfor %}
+    {% elif hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family']['network'] is defined %}
+    {% for bgp_network in address_family['network'] %}
+        <tr>
+            <td>{{ bgp_network['address']|default("Not Configured") }}</td>
+            <td>{{ bgp_network['mask']|default("Not Configured") }}</td>
+        </tr>
+    {% endfor %}
+    {% else %}
+    No BGP networks information available
+    {% endif %}
+    </tbody>
+</table>
+{% endfor %}
+
+{% elif hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family'] is defined and hostvars[network_switch]['ansible_network_resources']['bgp_address_family']['address_family']|length == 0 %}
+no BGP address-family is not configured on this device
+{% else %}
+No BGP information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR BGP -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/header.j2

@@ -0,0 +1,13 @@
+  <div class="wrapper">
+    <header>
+      <div class="header-container">
+        <a href="https://ansible.com">
+          <img
+            class="header-logo"
+            src="redhat-ansible-logo.svg"
+            title="Red Hat Ansible"
+            alt="Red Hat Ansible"
+          />
+        </a>
+      </div>
+    </header>

collections/ansible_collections/demo/patching/roles/build_report_network/templates/interfaces.j2

@@ -0,0 +1,39 @@
+<!-- INTERNAL TABLE FOR INTERFACES -->
+<div id="accordion">
+<div>
+<h3>Interfaces - MTU/Duplex/Speed</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['interfaces'] is defined and hostvars[network_switch]['ansible_network_resources']['interfaces']|length > 0  %}
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>Interface Name</th>
+            <th>Description</th>
+            <th>Duplex</th>
+            <th>Enabled</th>
+            <th>MTU</th>
+            <th>Speed</th>
+        </tr>
+    </thead>
+    <tbody>
+{% for interface in hostvars[network_switch]['ansible_network_resources']['interfaces'] %}
+        <tr>
+            <td>{{interface['name']}}</td>
+            <td>{{interface['description']|default("none")}}</td>
+            <td>{{interface['duplex']|default("default")}}</td>
+            <td>{{interface['enabled']|default("N/A")}}</td>
+            <td>{{interface['mtu']|default("default")}}</td>
+            <td>{{interface['speed']|default("default")}}</td>
+        </tr>
+{% endfor %}
+    </tbody>
+</table>
+{% elif hostvars[network_switch]['ansible_network_resources']['interfaces'] is defined and hostvars[network_switch]['ansible_network_resources']['interfaces']|length == 0 %}
+No interfaces configured on this device
+{% else %}
+No Interface information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR INTERFACES -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/l2_interfaces.j2

@@ -0,0 +1,37 @@
+<!-- INTERNAL TABLE FOR l2_interfaces -->
+<div id="accordion">
+<div>
+<h3>L2 Interfaces - Trunk/Access Ports</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['l2_interfaces'] is defined and hostvars[network_switch]['ansible_network_resources']['l2_interfaces']|length > 0 %}
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>Name</th>
+            <th>Mode</th>
+            <th>Access VLAN</th>
+            <th>Trunk Native VLAN</th>
+            <th>Trunk Allowed VLANs</th>
+        </tr>
+    </thead>
+    <tbody>
+{% for l2_interface in hostvars[network_switch]['ansible_network_resources']['l2_interfaces'] %}
+        <tr>
+            <td>{{l2_interface['name']}}</td>
+            <td>{{l2_interface['mode']|default("Not Configured")}}</td>
+            <td>{{l2_interface['access']['vlan']|default("Not Configured")}}</td>
+            <td>{{l2_interface['trunk']['native_vlan']|default("Not Configured")}}</td>
+            <td>{{l2_interface['trunk']['trunk_allowed_vlans']|default("Not Configured")}}</td>
+        </tr>
+{% endfor %}
+    </tbody>
+</table>
+{% elif hostvars[network_switch]['ansible_network_resources']['l2_interfaces'] is defined and hostvars[network_switch]['ansible_network_resources']['l2_interfaces']|length == 0 %}
+L2 information is not configured on this device
+{% else %}
+No L2 information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR l2_interfaces -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/l3_interfaces.j2

@@ -0,0 +1,54 @@
+<!-- INTERNAL TABLE FOR L3_INTERFACES -->
+<div id="accordion">
+<div>
+<h3>L3 Interfaces - IP Addresses</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['l3_interfaces'] is defined and hostvars[network_switch]['ansible_network_resources']['l3_interfaces']|length > 0 %}
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>Interface Name</th>
+            <th>IPv4</th>
+            <th>IPv6</th>
+        </tr>
+    </thead>
+    <tbody>
+{% for interface in hostvars[network_switch]['ansible_network_resources']['l3_interfaces'] %}
+        <tr>
+            <td>{{interface['name']}}</td>
+<!-- INTERNAL IPv4 LOOP FOR L3_INTERFACES -->
+            <td>
+{% if interface.ipv4 is defined %}
+{% for address in interface.ipv4 %}
+{{ address['address']|default("Not Configured") }}
+{% if address['secondary'] is defined %}
+secondary
+{% endif %}
+{% if loop.length > 1 and not loop.last %}<br>{% endif %}
+{% endfor %}
+{% endif %}
+            </td>
+<!-- END IPv4 INTERNAL LOOP FOR L3_INTERFACES -->
+<!-- INTERNAL IPv6 LOOP FOR L3_INTERFACES -->
+            <td>
+{% if interface.ipv6 is defined %}
+{% for v6address in interface.ipv6 %}
+{{v6address['address']|default("Not Configured") }}
+{% if loop.length > 1 and not loop.last %}<br>{% endif %}
+{% endfor %}
+{% endif %}
+            </td>
+<!-- END INTERNAL LOOP FOR L3_INTERFACES -->
+        </tr>
+{% endfor %}
+    </tbody>
+</table>
+{% elif hostvars[network_switch]['ansible_network_resources']['l3_interfaces'] is defined and hostvars[network_switch]['ansible_network_resources']['l3_interfaces']|length == 0 %}
+L3 information is not configured on this device
+{% else %}
+No L3 information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR L3_INTERFACES -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/lacp.j2

@@ -0,0 +1,29 @@
+<!-- INTERNAL TABLE FOR LACP -->
+<div id="accordion">
+<div>
+<h3>LACP</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['lacp'] is defined and hostvars[network_switch]['ansible_network_resources']['lacp'].keys()|length > 0  %}
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>System Priority</th>
+        </tr>
+    </thead>
+    <tbody>
+{% for property in hostvars[network_switch]['ansible_network_resources']['lacp'] %}
+        <tr>
+            <td>{% if property['system'] is defined %} }{{property['system']['priority']}}{% else %}LACP not configured {% endif %}</td>
+        </tr>
+{% endfor %}
+    </tbody>
+</table>
+{% elif hostvars[network_switch]['ansible_network_resources']['lacp'] is defined and hostvars[network_switch]['ansible_network_resources']['lacp'].keys()|length == 0 %}
+LACP is not configured on this device
+{% else %}
+No LACP information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR LACP -->

collections/ansible_collections/demo/patching/roles/build_report_network/templates/lldp_interfaces.j2

@@ -0,0 +1,31 @@
+<!-- INTERNAL TABLE FOR lldp_interfaces -->
+<div id="accordion">
+<div>
+<h3>LLDP Interfaces</h3>
+<div class="net_content">
+{% if hostvars[network_switch]['ansible_network_resources']['lldp_interfaces'] is defined %}
+<table id="subtable">
+    <thead>
+        <tr>
+            <th>vlan_id</th>
+            <th>Name</th>
+            <th>state</th>
+        </tr>
+    </thead>
+    <tbody>
+{% for interface in hostvars[network_switch]['ansible_network_resources']['lldp_interfaces'] %}
+        <tr>
+            <td>{{interface['name']}}</td>
+            <td>{{interface['receive']|default("Not Configured")}}</td>
+            <td>{{interface['transmit']|default("Not Configured")}}</td>
+        </tr>
+{% endfor %}
+    </tbody>
+</table>
+{% else %}
+No LLDP information available
+{% endif %}
+</div>
+</div>
+</div>
+<!-- END INTERNAL TABLE FOR lldp_interfaces -->