ansible-towers/ansible-role-rhel9-cis
1
0
Fork 0
mirror of https://github.com/RedHatOfficial/ansible-role-rhel9-cis.git synced 2026-02-10 09:22:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated defaults/main.yml

Browse Source
This commit is contained in:
ComplianceAsCode development team
2025-10-29 21:10:43 -04:00
committed by Dan Clark
parent 9a3743a82b
commit 7ac19107ff
1 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
defaults/main.yml
View File

@@ -24,12 +24,6 @@ var_accounts_password_warn_age_login_defs: '7'
var_pam_wheel_group_for_su: sugroup
var_accounts_tmout: '900'
var_accounts_user_umask: '027'
var_accounts_passwords_pam_faillock_dir: /var/run/faillock
var_auditd_action_mail_acct: root
var_auditd_admin_space_left_action: halt
var_auditd_max_log_file: '6'
var_auditd_max_log_file_action: keep_logs
var_auditd_space_left_action: email
sysctl_net_ipv6_conf_all_accept_ra_value: '0'
sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
@@ -56,12 +50,18 @@ var_selinux_policy_name: targeted
var_selinux_state: enforcing
var_postfix_inet_interfaces: loopback-only
var_multiple_time_servers: 0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org
var_sshd_set_keepalive: '0'
var_sshd_set_keepalive: '1'
sshd_idle_timeout_value: '900'
var_sshd_set_login_grace_time: '60'
sshd_max_auth_tries_value: '4'
var_sshd_max_sessions: '10'
var_sshd_set_maxstartups: 10:30:60
var_accounts_passwords_pam_faillock_dir: /var/run/faillock
var_auditd_action_mail_acct: root
var_auditd_admin_space_left_action: halt
var_auditd_max_log_file: '6'
var_auditd_max_log_file_action: keep_logs
var_auditd_space_left_action: email
DISA_STIG_RHEL_09_211020: true
DISA_STIG_RHEL_09_211040: true
DISA_STIG_RHEL_09_212025: true
@@ -125,6 +125,7 @@ DISA_STIG_RHEL_09_232265: true
DISA_STIG_RHEL_09_232270: true
DISA_STIG_RHEL_09_251010: true
DISA_STIG_RHEL_09_251015: true
DISA_STIG_RHEL_09_252020: true
DISA_STIG_RHEL_09_253010: true
DISA_STIG_RHEL_09_253015: true
DISA_STIG_RHEL_09_253020: true
@@ -196,6 +197,8 @@ DISA_STIG_RHEL_09_611010: true
DISA_STIG_RHEL_09_611015: true
DISA_STIG_RHEL_09_611020: true
DISA_STIG_RHEL_09_611025: true
DISA_STIG_RHEL_09_611030: true
DISA_STIG_RHEL_09_611035: true
DISA_STIG_RHEL_09_611075: true
DISA_STIG_RHEL_09_611080: true
DISA_STIG_RHEL_09_611090: true
@@ -239,7 +242,10 @@ DISA_STIG_RHEL_09_671010: true
DISA_STIG_RHEL_09_671025: true
DISA_STIG_RHEL_09_672030: true
DISA_STIG_RHEL_09_672045: true
DISA_STIG_needed_rules: true
account_disable_post_pw_expiration: true
account_password_pam_faillock_password_auth: true
account_password_pam_faillock_system_auth: true
accounts_maximum_age_login_defs: true
accounts_minimum_age_login_defs: true
accounts_no_uid_except_zero: true
@@ -296,6 +302,7 @@ audit_rules_mac_modification: true
audit_rules_mac_modification_usr_share: true
audit_rules_media_export: true
audit_rules_networkconfig_modification: true
audit_rules_networkconfig_modification_network_scripts: true
audit_rules_privileged_commands: true
audit_rules_privileged_commands_kmod: true
audit_rules_privileged_commands_usermod: true