title updates

Signed-off-by: Mark Bolwell <[email protected]>

section_3/cis_3.1/cis_3.1.1.yml

@@ -3,7 +3,7 @@
   {{ if .Vars.rhel7cis_rule_3_1_1 }}
 command:
   ipv6_boot_grub:
-    title: 3.1.1 | L2 | disable IPv6 | grub
+    title: 3.1.1 | disable IPv6 | grub
     exit-status: 0
     exec: 'grep "^\s*linux" {{ .Vars.rhel7cis_bootloader_file }} | grep -v ipv6.disable=1'
     stdout: ['!/./']
@@ -18,7 +18,7 @@ command:
       CISv8_IG2: true
       CISv8_IG3: true
   ipv6_default_grub:
-    title: 3.1.1 | L2 | disable IPv6 | grub
+    title: 3.1.1 | disable IPv6 | grub
     exit-status: 0
     exec: 'grep "^\s*linux" /etc/default/grub | grep -v ipv6.disable=1'
     stdout: ['!/./']
@@ -34,7 +34,7 @@ command:
       CISv8_IG3: true
 kernel-param:
   net.ipv6.conf.all.disable_ipv6:
-    title: 3.1.1 | L2 | disable IPv6 | kernel
+    title: 3.1.1 | disable IPv6 | kernel
     value: '1'
     meta:
       server: 2

section_3/cis_3.1/cis_3.1.2.yml

@@ -2,7 +2,7 @@
   {{ if .Vars.rhel7cis_rule_3_1_2 }}
 command:
   iwconfig:
-    title: 3.1.2 | L1 | Ensure wireless interfaces are disabled
+    title: 3.1.2 | Ensure wireless interfaces are disabled
     exit-status: 127
     exec: iwconfig
     meta:

section_3/cis_3.2/cis_3.2.x.yml

@@ -3,7 +3,7 @@
 kernel-param:
     {{ if .Vars.rhel7cis_rule_3_2_1 }}
     net.ipv4.ip_forward:
-      title: 3.2.1 | L1 | Ensure IP forwarding is disabled | IPv4
+      title: 3.2.1 | Ensure IP forwarding is disabled | IPv4
       value: '0'
       meta:
         server: 1
@@ -17,7 +17,7 @@ kernel-param:
         CISv8_IG3: true
       {{ if .Vars.rhel7cis_ipv6_required }}
     net.ipv6.conf.all.forwarding:
-      title: 3.2.1 | L1 | Ensure IP forwarding is disabled  | IPv6
+      title: 3.2.1 | Ensure IP forwarding is disabled  | IPv6
       value: '0'
       meta:
         server: 1
@@ -33,7 +33,7 @@ kernel-param:
     {{ end }}
     {{ if .Vars.rhel7cis_rule_3_2_2 }}
     net.ipv4.conf.all.send_redirects:
-      title: 3.2.2 | L1 | Ensure packet redirect sending is disabled | all
+      title: 3.2.2 | Ensure packet redirect sending is disabled | all
       value: '0'
       meta:
         server: 1
@@ -46,7 +46,7 @@ kernel-param:
         CISv8_IG2: true
         CISv8_IG3: true
     net.ipv4.conf.default.send_redirects:
-      title: 3.2.2 | L1 | Ensure packet redirect sending is disabled | default
+      title: 3.2.2 | Ensure packet redirect sending is disabled | default
       value: '0'
       meta:
         server: 1

section_3/cis_3.3/cis_3.3.1.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_1 }}
 kernel-param:
   net.ipv4.conf.all.accept_source_route:
-    title: 3.3.1 | L1 | Ensure source routed packets are not accepted  | IPv4_all
+    title: 3.3.1 | Ensure source routed packets are not accepted  | IPv4_all
     value: '0'
     meta:
       server: 1
@@ -14,7 +14,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv4.conf.default.accept_source_route:
-    title: 3.3.1 | L1 | Ensure source routed packets are not accepted | IPv4_default
+    title: 3.3.1 | Ensure source routed packets are not accepted | IPv4_default
     value: '0'
     meta:
       server: 1
@@ -28,7 +28,7 @@ kernel-param:
       CISv8_IG3: true
   {{ if .Vars.rhel7cis_ipv6_required }}
   net.ipv6.conf.all.accept_source_route:
-    title: 3.3.1 | L1 | Ensure source routed packets are not accepted | IPv6_all
+    title: 3.3.1 | Ensure source routed packets are not accepted | IPv6_all
     value: '0'
     meta:
       server: 1
@@ -41,7 +41,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv6.conf.default.accept_source_route:
-    title: 3.3.1 | L1 | Ensure source routed packets are not accepted | IPv6_default
+    title: 3.3.1 | Ensure source routed packets are not accepted | IPv6_default
     value: '0'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.2.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_2 }}
 kernel-param:
   net.ipv4.conf.all.accept_redirects:
-    title: 3.3.2 | L1 | Ensure ICMP redirects are not accepted | IPv4
+    title: 3.3.2 | Ensure ICMP redirects are not accepted | IPv4
     value: '0'
     meta:
       server: 1
@@ -14,7 +14,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv4.conf.default.accept_redirects:
-    title: 3.3.2 | L1 | Ensure ICMP redirects are not accepted | IPv4_default
+    title: 3.3.2 | Ensure ICMP redirects are not accepted | IPv4_default
     value: '0'
     meta:
       server: 1
@@ -28,7 +28,7 @@ kernel-param:
       CISv8_IG3: true
   {{ if .Vars.rhel7cis_ipv6_required }}
   net.ipv6.conf.all.accept_redirects:
-    title: 3.3.2 | L1 | Ensure ICMP redirects are not accepted | IPv6
+    title: 3.3.2 | Ensure ICMP redirects are not accepted | IPv6
     value: '0'
     meta:
       server: 1
@@ -41,7 +41,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv6.conf.default.accept_redirects:
-    title: 3.3.2 | L1 | Ensure ICMP redirects are not accepted | IPv6_default
+    title: 3.3.2 | Ensure ICMP redirects are not accepted | IPv6_default
     value: '0'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.3.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_3 }}
 kernel-param:
   net.ipv4.conf.all.secure_redirects:
-    title: 3.3.3 | L1 | Ensure secure ICMP redirects are not accepted | all
+    title: 3.3.3 | Ensure secure ICMP redirects are not accepted | all
     value: '0'
     meta:
       server: 1
@@ -14,7 +14,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv4.conf.default.secure_redirects:
-    title: 3.3.3 | L1 | Ensure secure ICMP redirects are not accepted | default
+    title: 3.3.3 | Ensure secure ICMP redirects are not accepted | default
     value: '0'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.4.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_4 }}
 kernel-param:
   net.ipv4.conf.all.log_martians:
-    title: 3.3.4 | L1 | Ensure suspicious packets are logged | all
+    title: 3.3.4 | Ensure suspicious packets are logged | all
     value: '1'
     meta:
       server: 1
@@ -14,7 +14,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv4.conf.default.log_martians:
-    title: 3.3.4 | L1 | Ensure suspicious packets are logged | default
+    title: 3.3.4 | Ensure suspicious packets are logged | default
     value: '1'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.5.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_5 }}
 kernel-param:
   net.ipv4.icmp_echo_ignore_broadcasts:
-    title: 3.3.5 | L1 | Ensure broadcast ICMP requests are ignored
+    title: 3.3.5 | Ensure broadcast ICMP requests are ignored
     value: '1'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.6.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_6 }}
 kernel-param:
   net.ipv4.icmp_ignore_bogus_error_responses:
-    title: 3.3.6 | L1 | Ensure bogus ICMP responses are ignored
+    title: 3.3.6 | Ensure bogus ICMP responses are ignored
     value: '1'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.7.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_7 }}
 kernel-param:
   net.ipv4.conf.all.rp_filter:
-    title: 3.3.7 | L1 | Ensure Reverse Path Filtering is enabled | all
+    title: 3.3.7 | Ensure Reverse Path Filtering is enabled | all
     value: '1'
     meta:
       server: 1
@@ -14,7 +14,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv4.conf.all.rp_filter:
-    title: 3.3.7 | L1 | Ensure Reverse Path Filtering is enabled | default
+    title: 3.3.7 | Ensure Reverse Path Filtering is enabled | default
     value: '1'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.8.yml

@@ -1,7 +1,7 @@
 {{ if .Vars.rhel7cis_rule_3_3_8 }}
 kernel-param:
   net.ipv4.tcp_syncookies:
-    title: 3.3.8 | L1 | Ensure TCP SYN Cookies is enabled
+    title: 3.3.8 | Ensure TCP SYN Cookies is enabled
     value: '1'
     meta:
       server: 1

section_3/cis_3.3/cis_3.3.9.yml

@@ -3,7 +3,7 @@
     {{ if .Vars.rhel7cis_ipv6_required }}
 kernel-param:
   net.ipv6.conf.all.accept_ra:
-    title: 3.3.9 | L1 | Ensure IPv6 router advertisements are not accepted | all
+    title: 3.3.9 | Ensure IPv6 router advertisements are not accepted | all
     value: '0'
     meta:
       server: 1
@@ -16,7 +16,7 @@ kernel-param:
       CISv8_IG2: true
       CISv8_IG3: true
   net.ipv6.conf.default.accept_ra:
-    title: 3.3.9 | L1 | Ensure IPv6 router advertisements are not accepted | default
+    title: 3.3.9 | Ensure IPv6 router advertisements are not accepted | default
     value: '0'
     meta:
       server: 1

section_3/cis_3.4/cis_3.4.1.yml

@@ -2,7 +2,7 @@
   {{ if .Vars.rhel7cis_rule_3_4_1 }}
 command:
   modprobe_dccp:
-    title: 3.4.1 | L2 | Ensure DCCP is disabled
+    title: 3.4.1 | Ensure DCCP is disabled
     exit-status: 0
     exec: 'modprobe -n -v dccp'
     stdout: ['install /bin/true']

section_3/cis_3.4/cis_3.4.2.yml

@@ -2,7 +2,7 @@
   {{ if .Vars.rhel7cis_rule_3_4_2 }}
 command:
   modprobe_sctp:
-    title: 3.4.2 | L2 | Ensure SCTP is disabled
+    title: 3.4.2 | Ensure SCTP is disabled
     exit-status: 0
     exec: 'modprobe -n -v sctp'
     stdout: ['install /bin/true']

section_3/cis_3.5/cis_3.5.1.x.yml

@@ -3,7 +3,7 @@
   {{ if .Vars.rhel7cis_rule_3_5_1_1 }}
 package:
   firewalld:
-    title: 3.5.1.1 | L1 | Ensure FirewallD is installed
+    title: 3.5.1.1 | Ensure FirewallD is installed
     installed: true
     meta:
       server: 1
@@ -16,7 +16,7 @@ package:
       CISv8_IG2: true
       CISv8_IG3: true
   iptables:
-    title: 3.5.1.1 | L1 | Ensure FirewallD is installed
+    title: 3.5.1.1 | Ensure FirewallD is installed
     installed: true
     meta:
       server: 1
@@ -31,7 +31,7 @@ package:
   {{ end }}
   {{ if .Vars.rhel7cis_rule_3_5_1_2 }}
   iptables-services:
-    title: 3.5.1.2 | L1 | Ensure iptables-services not installed with firewalld | IPv4
+    title: 3.5.1.2 | Ensure iptables-services not installed with firewalld | IPv4
     installed: false
     meta:
       server: 1
@@ -46,7 +46,7 @@ package:
       CISv8_IG3: true
     {{ if .Vars.rhel7cis_ipv6_required }}
   ip6tables-services:
-    title: 3.5.1.2 | L1 | Ensure iptables-services not installed with firewalld | IPv6
+    title: 3.5.1.2 | Ensure iptables-services not installed with firewalld | IPv6
     installed: false
     meta:
       server: 1
@@ -63,7 +63,7 @@ package:
   {{ end }}
   {{ if .Vars.rhel7cis_rule_3_5_1_3 }}
   nftables:
-    title: 3.5.1.3 | L1 | Ensure nftables either not installed or masked with firewalld | package
+    title: 3.5.1.3 | Ensure nftables either not installed or masked with firewalld | package
     installed: false
     meta:
       server: 1
@@ -78,7 +78,7 @@ package:
       CISv8_IG3: true
 service:
   nftables:
-    title: 3.5.1.3 | L1 | Ensure nftables either not installed or masked with firewalld | masked
+    title: 3.5.1.3 | Ensure nftables either not installed or masked with firewalld | masked
     enabled: false
     running: false
     skip: false
@@ -96,7 +96,7 @@ service:
   {{ end }}
   {{ if .Vars.rhel7cis_rule_3_5_1_4 }}
   firewalld:
-    title: 3.5.1.4 | L1 | Ensure firewalld service is enabled and running
+    title: 3.5.1.4 | Ensure firewalld service is enabled and running
     enabled: true
     running: true
     meta:
@@ -113,7 +113,7 @@ service:
 command:
   {{ if .Vars.rhel7cis_rule_3_5_1_5 }}
   default_zone:
-    title: 3.5.1.5 | L1 | Ensure default zone is set
+    title: 3.5.1.5 | Ensure default zone is set
     exec: firewall-cmd --get-default-zone
     exit-status: 0
     stdout: 
@@ -131,7 +131,7 @@ command:
   {{ end }}
   {{ if .Vars.rhel7cis_rule_3_5_1_6 }}
   nic_assigned:
-    title: 3.5.1.6 | L1 | Ensure network interfaces are assigned to appropriate zone
+    title: 3.5.1.6 | Ensure network interfaces are assigned to appropriate zone
     exec:  "nmcli -t connection show | awk -F ':' '{if($4){print $4}}' | while read INT; do firewall-cmd --get-active-zones | grep -B1 $INT; done"
     exit-status: 0
     {{ range .Vars.rhel7cis_firewall_interface }}

section_3/cis_3.5/cis_3.5.2.1.yml

@@ -3,7 +3,7 @@
   {{ if .Vars.rhel7cis_rule_3_5_2_1 }}
 package:
   nftables:
-    title: 3.5.2.1 | L1 | Ensure nftables is installed
+    title: 3.5.2.1 | Ensure nftables is installed
     installed: true
     meta:
       server: 1
@@ -18,7 +18,7 @@ package:
   {{ end }}
   {{ if .Vars.rhel7cis_rule_3_5_2_2 }}
   firewalld:
-    title: 3.5.2.2 | L1 | Ensure firewalld is not installed or stopped and masked
+    title: 3.5.2.2 | Ensure firewalld is not installed or stopped and masked
     installed: false
     meta:
       server: 1
@@ -34,7 +34,7 @@ package:
   {{ end }}
   {{ if .Vars.rhel7cis_rule_3_5_2_3 }}
   iptables-services:
-    title: 3.5.2.3 | L1 | Ensure iptables-services package is not installed | IPv4
+    title: 3.5.2.3 | Ensure iptables-services package is not installed | IPv4
     installed: false
     meta:
       server: 1
@@ -48,7 +48,7 @@ package:
       CISv8_IG2: true
       CISv8_IG3: true
   iptables6-services:
-    title: 3.5.2.3 | L1 | Ensure iptables6-services package is not installed | IPv6
+    title: 3.5.2.3 | Ensure iptables6-services package is not installed | IPv6
     installed: false
     meta:
       server: 1

section_3/cis_3.5/cis_3.5.2.10.yml

@@ -3,7 +3,7 @@
   {{ if .Vars.rhel7cis_rule_3_5_2_10 }}
 service:
   nftables:
-   title: 3.5.2.10 | L1 | Ensure nftables service is enabled
+   title: 3.5.2.10 | Ensure nftables service is enabled
    enabled: true
    meta:
      server: 1

section_3/cis_3.5/cis_3.5.2.11.yml

@@ -3,7 +3,7 @@
   {{ if .Vars.rhel7cis_rule_3_5_2_11 }}
 command:
   nftables:
-   title: 3.5.2.11 | L1 | Ensure nftables rules are permanent
+   title: 3.5.2.11 | Ensure nftables rules are permanent
    exec: awk '/hook input/,/}/' $(awk '$1 ~ /^\s*include/ { gsub("\"","",$2);print $2 }' /etc/sysconfig/nftables.conf)
    exit-status: 0
    meta: