Merge branch 'siemens/feat/document_main_variables' of code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables

defaults/main.yml

@@ -893,7 +893,7 @@ rhel9cis_auditd_uid_exclude:
 # This variable governs which logging service should be used, choosing between 'rsyslog'(CIS recommendation)
 # or 'journald'(only one is implemented) will trigger the execution of the associated subsection, as the-best
 # practices are written wholly independent of each other.
-rhel9cis_syslog: rsyslog
+rhel9cis_syslog: journald
 ## Control 4.2.1.5 | PATCH | Ensure logging is configured
 # This variable governs if current Ansible role should manage syslog settings
 # in /etc/rsyslog.conf file, namely mail, news and misc(warn, messages)

vars/AlmaLinux.yml

@@ -5,3 +5,9 @@ os_gpg_key_pubkey_name: gpg-pubkey-b86b3716-61e69f29
 os_gpg_key_pubkey_content: "AlmaLinux OS 9 <packager@almalinux.org> b86b3716"
 # disable repo_gpgcheck due to OS default repos
 rhel9cis_rule_enable_repogpg: false
+
+rhel9cis_sshd:
+    # This variable sets the maximum number of unresponsive "keep-alive" messages
+    # that can be sent from the server to the client before the connection is considered
+    # inactive and thus, closed.
+    clientalivecountmax: 3

vars/Rocky.yml

@@ -3,3 +3,9 @@
 
 os_gpg_key_pubkey_name: gpg-pubkey-350d275d-6279464b
 os_gpg_key_pubkey_content: "Rocky Enterprise Software Foundation - Release key 2022 <releng@rockylinux.org> 350d275d"
+
+rhel9cis_sshd:
+    # This variable sets the maximum number of unresponsive "keep-alive" messages
+    # that can be sent from the server to the client before the connection is considered
+    # inactive and thus, closed.
+    clientalivecountmax: 3