ansible-towers/ansible-role-rhel9-cis
1
0
Fork 0
mirror of https://github.com/RedHatOfficial/ansible-role-rhel9-cis.git synced 2026-02-10 01:12:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated defaults/main.yml

Browse Source
This commit is contained in:
ComplianceAsCode development team
2023-05-04 10:45:41 -04:00
committed by Dan Clark
parent e12ab3940f
commit 80c021a7dd
1 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
defaults/main.yml
View File

@@ -8,12 +8,13 @@ var_sudo_timestamp_timeout: '5'
var_authselect_profile: sssd
login_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
var_password_pam_remember: '5'
var_password_pam_remember_control_flag: requisite
var_password_pam_remember_control_flag: requisite,required
var_accounts_passwords_pam_faillock_deny: '3'
var_accounts_passwords_pam_faillock_unlock_time: '900'
var_password_pam_minclass: '4'
var_password_pam_minlen: '14'
var_password_pam_retry: '3'
var_password_hashing_algorithm: SHA512
var_account_disable_post_pw_expiration: '30'
var_accounts_maximum_age_login_defs: '365'
var_accounts_minimum_age_login_defs: '1'
@@ -64,10 +65,12 @@ accounts_password_pam_pwhistory_remember_password_auth: true
accounts_password_pam_pwhistory_remember_system_auth: true
accounts_password_pam_retry: true
accounts_password_set_max_life_existing: true
accounts_password_set_warn_age_existing: true
accounts_password_warn_age_login_defs: true
accounts_passwords_pam_faillock_deny: true
accounts_passwords_pam_faillock_unlock_time: true
accounts_root_path_dirs_no_write: true
accounts_set_post_pw_existing: true
accounts_tmout: true
accounts_umask_etc_bashrc: true
accounts_umask_etc_login_defs: true
@@ -101,6 +104,7 @@ audit_rules_kernel_module_loading_init: true
audit_rules_login_events_faillock: true
audit_rules_login_events_lastlog: true
audit_rules_mac_modification: true
audit_rules_mac_modification_usr_share: true
audit_rules_media_export: true
audit_rules_networkconfig_modification: true
audit_rules_privileged_commands_usermod: true
@@ -267,21 +271,27 @@ mount_option_var_nosuid: true
mount_option_var_tmp_nodev: true
mount_option_var_tmp_noexec: true
mount_option_var_tmp_nosuid: true
no_empty_passwords: true
no_empty_passwords_etc_shadow: true
no_reboot_needed: true
no_rsh_trust_files: true
package_aide_installed: true
package_audit_installed: true
package_avahi_removed: true
package_bind_removed: true
package_cups_removed: true
package_cyrus_imapd_removed: true
package_dhcp_removed: true
package_dnsmasq_removed: true
package_dovecot_removed: true
package_ftp_removed: true
package_gdm_removed: true
package_httpd_removed: true
package_libselinux_installed: true
package_mcstrans_removed: true
package_net_snmp_removed: true
package_nftables_installed: true
package_nginx_removed: true
package_openldap_clients_removed: true
package_rsync_removed: true
package_rsyslog_installed: true
@@ -298,6 +308,9 @@ package_xorg_x11_server_common_removed: true
postfix_network_listening_disabled: true
reboot_required: true
restrict_strategy: true
rsyslog_filecreatemode: true
rsyslog_files_groupownership: true
rsyslog_files_ownership: true
rsyslog_files_permissions: true
selinux_policytype: true
selinux_state: true
@@ -308,6 +321,7 @@ service_nfs_disabled: true
service_rpcbind_disabled: true
service_rsyslog_enabled: true
service_systemd_journald_enabled: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
sshd_disable_empty_passwords: true
@@ -317,7 +331,7 @@ sshd_disable_tcp_forwarding: true
sshd_disable_x11_forwarding: true
sshd_do_not_permit_user_env: true
sshd_enable_pam: true
sshd_enable_warning_banner: true
sshd_enable_warning_banner_net: true
sshd_set_idle_timeout: true
sshd_set_keepalive: true
sshd_set_login_grace_time: true