ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #439 from defnotyujine/fix_5.2.4

Browse source 
Added missing variable for task 5.2.4
This commit is contained in:
uk-bolly 2026-03-18 17:45:55 +00:00 committed by GitHub
commit 5e8ff2dc4a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
defaults/main.yml
View file

@ -959,6 +959,13 @@ rhel9cis_ssh_maxsessions: 4
# This variable defines the path and file name of the sudo log file.
rhel9cis_sudolog_location: "/var/log/sudo.log"
## Control 5.2.4 - Ensure users must provide password for escalation
# The following variable specifies a list of users that should not be required to provide a password
# for escalation. Feel free to edit it according to your needs.
rhel9cis_sudoers_exclude_nopasswd_list:
- ec2-user
- vagrant
## Control 5.2.x - Ensure sudo authentication timeout is configured correctly
# This variable sets the duration (in minutes) during which a user's authentication credentials
# are cached after successfully authenticating using "sudo". This allows the user to execute