RHEL9-CIS/vars/RedHat.yml

---
# OS Specific Settings

os_gpg_key_pubkey_name: gpg-pubkey-fd431d51-4ae0493b
os_gpg_key_pubkey_content: "Red Hat, Inc. (release key 2) <security@redhat.com> fd431d51"

# disable repo_gpgcheck due to OS default repos
rhel9cis_rule_enable_repogpg: false

# Vars setup for overiding main.yml
rhel9cis_sshd:
    clientalivecountmax: 3
    clientaliveinterval: 900
    logingracetime: 60
    # allowusers: 
    allowgroups: sshd wheel
    # denyusers:
    # denygroups:
    usr_min_uid: 1000
Fix in logic for Alma (#4) * container standards Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic on handlers Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * initial container ignore Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tags and containder discovery Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic on auditd task Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tags and crypto logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * distro update for rocky Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * system_is_container updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * ssh pkg check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logrotate pkg check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * logic in container check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * add pkg fact and audit conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up crypto step Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added missing tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * container vars file now a variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added uid discovery and usage Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Updated OS checks and conditionals Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed empty become Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * change audit to include task Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Added OS_specific vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated import/include Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * OS Specific vars Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated changed_when Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fixed UID logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * changed reboot var Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * changed skip_reboot var name Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * masked only Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix logic Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * remove debug update logic 6.2.8 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed CentOS Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-02-02 11:25:03 +00:00			`---`
			`# OS Specific Settings`

1.2.2 rpm gpg key check Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-07-25 11:26:27 +01:00			`os_gpg_key_pubkey_name: gpg-pubkey-fd431d51-4ae0493b`
			`os_gpg_key_pubkey_content: "Red Hat, Inc. (release key 2) <security@redhat.com> fd431d51"`
Add SSH Variables the proper way, condition entries correct. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 13:11:16 +01:00
Add SSH Variables the proper way, fix vars. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 15:33:02 +01:00			`# disable repo_gpgcheck due to OS default repos`
			`rhel9cis_rule_enable_repogpg: false`

Add SSH Variables the proper way, condition entries correct. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 15:08:11 +01:00			`# Vars setup for overiding main.yml`
Add SSH Variables the proper way, condition entries correct. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 13:11:16 +01:00			`rhel9cis_sshd:`
			`clientalivecountmax: 3`
			`clientaliveinterval: 900`
			`logingracetime: 60`
			`# allowusers:`
Add SSH Variables the proper way, condition entries correct. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 14:17:00 +01:00			`allowgroups: sshd wheel`
Add SSH Variables the proper way, condition entries correct. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 13:11:16 +01:00			`# denyusers:`
Add SSH Variables the proper way, condition entries correct. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-17 15:08:11 +01:00			`# denygroups:`
5.6.1.x Test with shell. Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com> 2023-10-25 15:03:43 +01:00			`usr_min_uid: 1000`