ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

tidy up vars

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-01 17:09:53 +01:00
parent 2565df6047
commit 2d21f8a98e
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
10 changed files with 45 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

21
defaults/main.yml
View file

@ -114,8 +114,6 @@ rhel9cis_rule_1_4_3: true
rhel9cis_rule_1_5_1: true
rhel9cis_rule_1_5_2: true
rhel9cis_rule_1_5_3: true
rhel9cis_rule_1_6_1: true
rhel9cis_rule_1_6_2: true
rhel9cis_rule_1_6_1_1: true
rhel9cis_rule_1_6_1_2: true
rhel9cis_rule_1_6_1_3: true
@ -137,7 +135,6 @@ rhel9cis_rule_1_8_4: true
rhel9cis_rule_1_8_5: true
rhel9cis_rule_1_9: true
rhel9cis_rule_1_10: true
rhel9cis_rule_1_11: true
# Section 2 rules
rhel9cis_rule_2_1_1: true
@ -469,11 +466,6 @@ rhel9cis_firewall: firewalld
##### firewalld
rhel9cis_default_zone: public
rhel9cis_int_zone: customzone
rhel9cis_interface: eth0
rhel9cis_firewall_services:
- ssh
- dhcpv6-client
#### nftables
rhel9cis_nft_tables_autonewtable: true
@ -541,13 +533,6 @@ rhel9cis_sshd:
# allowgroups: systems dba
# denyusers:
# denygroups:
rhel9cis_pam_faillock:
attempts: 5
interval: 900
unlock_time: 900
fail_for_root: no
remember: 5
pwhash: sha512
# 5.2.5 SSH LogLevel setting. Options are INFO or VERBOSE
rhel9cis_ssh_loglevel: INFO
@ -580,11 +565,7 @@ rhel9cis_pass:
rhel9cis_syslog: rsyslog
rhel9cis_rsyslog_ansiblemanaged: true
rhel9cis_vartmp:
source: /tmp
fstype: none
opts: "defaults,nodev,nosuid,noexec,bind"
enabled: false
## PAM
rhel9cis_pam_password:
minlen: "14"