ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fetch audit and compliance facts added

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-03-31 14:50:40 +01:00
parent 82904557c7
commit 576531e986
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
4 changed files with 134 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
defaults/main.yml
View file

@ -33,6 +33,9 @@ rhel9cis_section7: true
rhel9cis_level_1: true
rhel9cis_level_2: true
# Create managed not custom local_facts files
Create_benchmark_facts: true
ansible_facts_path: /etc/ansible/facts.d
## Section 1.6 - Mandatory Access Control
# This variable governs whether SELinux is disabled or not. If SELinux is NOT DISABLED by setting
# 'rhel9cis_selinux_disable' to 'true', the 1.6 subsection will be executed.
@ -107,6 +110,20 @@ audit_conf_dest: "/opt"
# Where the audit logs are stored
audit_log_dir: '/opt'
## Ability to collect and take audit files moving to a centralised location
# This enables the collection of the files from the host
fetch_audit_output: false
# Method of getting,uploading the summary files
## Ensure access and permissions are avaiable for these to occur.
## options are
# fetch - fetches from server and moves to location on the ansible controller (could be a mount point available to controller)
# copy - copies file to a location available to the managed node
audit_output_collection_method: fetch
# Location to put the audit files
audit_output_destination: /opt/audit_summaries/
### Goss Settings ##
####### END ########