ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 23:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Rebasing.

Browse source 
Documenting usage of chrony variables.

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
This commit is contained in:
Ionut Pruteanu 2024-01-31 00:45:10 +02:00
commit 21594f72f7
No known key found for this signature in database
GPG key ID: 95B7D43B702B3569
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
defaults/main.yml
View file

@ -38,6 +38,7 @@ rhel9cis_section6: true
# e.g. # e.g.
# - level1-server # - level1-server
# - level2-workstation # - level2-workstation
# Used for audit
rhel9cis_level_1: true rhel9cis_level_1: true
rhel9cis_level_2: true rhel9cis_level_2: true
@ -136,6 +137,7 @@ audit_run_heavy_tests: true
audit_cmd_timeout: 120000 audit_cmd_timeout: 120000
### End Goss enablements #### ### End Goss enablements ####
#### Detailed settings found at the end of this document ####
# These variables correspond with the CIS rule IDs or paragraph numbers defined in # These variables correspond with the CIS rule IDs or paragraph numbers defined in
# the CIS benchmark documents. # the CIS benchmark documents.
@ -829,8 +831,6 @@ rhel9cis_auditd:
# - `single`: the audit daemon will put the computer system in single user mode # - `single`: the audit daemon will put the computer system in single user mode
# CIS prescribes either `halt` or `single`. # CIS prescribes either `halt` or `single`.
admin_space_left_action: halt admin_space_left_action: halt
# The max_log_file parameter should be based on your sites policy.
max_log_file: 10
# This variable determines what action the audit system should take when the maximum # This variable determines what action the audit system should take when the maximum
# size of a log file is reached. # size of a log file is reached.
# The options for setting this variable are as follows: # The options for setting this variable are as follows:
@ -841,6 +841,8 @@ rhel9cis_auditd:
# - `keep_logs`: the system attempts to keep as many logs as possible without violating disk space constraints. # - `keep_logs`: the system attempts to keep as many logs as possible without violating disk space constraints.
# CIS prescribes the value `keep_logs`. # CIS prescribes the value `keep_logs`.
max_log_file_action: keep_logs max_log_file_action: keep_logs
# The max_log_file parameter should be based on your sites policy.
max_log_file: 10
# This value governs if the below extra-vars for auditd should be used by the role # This value governs if the below extra-vars for auditd should be used by the role
rhel9cis_auditd_extra_conf_usage: false rhel9cis_auditd_extra_conf_usage: false