Updated defaults/main.yml

defaults/main.yml

@@ -8,12 +8,13 @@ var_sudo_timestamp_timeout: '5'
 var_authselect_profile: sssd
 login_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
 var_password_pam_remember: '5'
-var_password_pam_remember_control_flag: requisite
+var_password_pam_remember_control_flag: requisite,required
 var_accounts_passwords_pam_faillock_deny: '3'
 var_accounts_passwords_pam_faillock_unlock_time: '900'
 var_password_pam_minclass: '4'
 var_password_pam_minlen: '14'
 var_password_pam_retry: '3'
+var_password_hashing_algorithm: SHA512
 var_account_disable_post_pw_expiration: '30'
 var_accounts_maximum_age_login_defs: '365'
 var_accounts_minimum_age_login_defs: '1'
@@ -64,10 +65,12 @@ accounts_password_pam_pwhistory_remember_password_auth: true
 accounts_password_pam_pwhistory_remember_system_auth: true
 accounts_password_pam_retry: true
 accounts_password_set_max_life_existing: true
+accounts_password_set_warn_age_existing: true
 accounts_password_warn_age_login_defs: true
 accounts_passwords_pam_faillock_deny: true
 accounts_passwords_pam_faillock_unlock_time: true
 accounts_root_path_dirs_no_write: true
+accounts_set_post_pw_existing: true
 accounts_tmout: true
 accounts_umask_etc_bashrc: true
 accounts_umask_etc_login_defs: true
@@ -101,6 +104,7 @@ audit_rules_kernel_module_loading_init: true
 audit_rules_login_events_faillock: true
 audit_rules_login_events_lastlog: true
 audit_rules_mac_modification: true
+audit_rules_mac_modification_usr_share: true
 audit_rules_media_export: true
 audit_rules_networkconfig_modification: true
 audit_rules_privileged_commands_usermod: true
@@ -267,21 +271,27 @@ mount_option_var_nosuid: true
 mount_option_var_tmp_nodev: true
 mount_option_var_tmp_noexec: true
 mount_option_var_tmp_nosuid: true
+no_empty_passwords: true
 no_empty_passwords_etc_shadow: true
 no_reboot_needed: true
 no_rsh_trust_files: true
 package_aide_installed: true
 package_audit_installed: true
+package_avahi_removed: true
 package_bind_removed: true
 package_cups_removed: true
+package_cyrus_imapd_removed: true
 package_dhcp_removed: true
+package_dnsmasq_removed: true
 package_dovecot_removed: true
+package_ftp_removed: true
 package_gdm_removed: true
 package_httpd_removed: true
 package_libselinux_installed: true
 package_mcstrans_removed: true
 package_net_snmp_removed: true
 package_nftables_installed: true
+package_nginx_removed: true
 package_openldap_clients_removed: true
 package_rsync_removed: true
 package_rsyslog_installed: true
@@ -298,6 +308,9 @@ package_xorg_x11_server_common_removed: true
 postfix_network_listening_disabled: true
 reboot_required: true
 restrict_strategy: true
+rsyslog_filecreatemode: true
+rsyslog_files_groupownership: true
+rsyslog_files_ownership: true
 rsyslog_files_permissions: true
 selinux_policytype: true
 selinux_state: true
@@ -308,6 +321,7 @@ service_nfs_disabled: true
 service_rpcbind_disabled: true
 service_rsyslog_enabled: true
 service_systemd_journald_enabled: true
+set_password_hashing_algorithm_logindefs: true
 set_password_hashing_algorithm_passwordauth: true
 set_password_hashing_algorithm_systemauth: true
 sshd_disable_empty_passwords: true
@@ -317,7 +331,7 @@ sshd_disable_tcp_forwarding: true
 sshd_disable_x11_forwarding: true
 sshd_do_not_permit_user_env: true
 sshd_enable_pam: true
-sshd_enable_warning_banner: true
+sshd_enable_warning_banner_net: true
 sshd_set_idle_timeout: true
 sshd_set_keepalive: true
 sshd_set_login_grace_time: true