ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-07-24 14:01:40 +01:00
parent 06a1f2997c
commit 42aa624d50
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
4 changed files with 36 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

24
vars/main.yml
View file

@ -3,18 +3,28 @@
min_ansible_version: 2.10.1
rhel9cis_allowed_crypto_policies:
- 'DEFAULT'
- 'FUTURE'
- 'FIPS'
- 'DEFAULT'
- 'FUTURE'
- 'FIPS'
rhel9cis_allowed_crypto_policies_modules:
- 'OSPP'
- 'AD-SUPPORT'
- 'AD-SUPPORT-LEGACY'
- 'NO-SHA1'
- 'OSPP'
- 'AD-SUPPORT'
- 'AD-SUPPORT-LEGACY'
- 'NO-SHA1'
- 'NO-SSHCBC'
- 'NO-SSHETM'
- 'NO-SSHWEAKCIPHER'
- 'NO-SSHWEAKMAC'
- 'NO-WEAKMAC'
# Used to control warning summary
warn_control_list: ""
warn_count: 0
gpg_key_package: "{{ ansible_facts.distribution | lower }}-gpg-keys"
## Control 6.3.3.x - Audit template
# This variable governs if the auditd logic should be executed(if value is true).
# NOTE: The current default value is likely to be overriden(via 'set_fact') by other further tasks(in sub-section 'Auditd rules').
update_audit_template: false