ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 14:27:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updates from Public

Browse source 
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
This commit is contained in:
Frederick Witty 2025-09-10 12:57:50 -04:00
parent a1d88edde0
commit 67c574d8a9
No known key found for this signature in database
GPG key ID: D29987C25A47D813
10 changed files with 32 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
defaults/main.yml
View file

@ -569,7 +569,9 @@ rhel9cis_bootloader_password_hash: 'grub.pbkdf2.sha512.changethispassword' # pr
# This variable governs whether a bootloader password should be set in '/boot/grub2/user.cfg' file.
rhel9cis_set_boot_pass: true
## Control 1.6
## Controls 1.6.x and Controls 5.1.x
# This variable governs if current Ansible role should manage system-wide crypto policy.
rhel9cis_crypto_policy_ansiblemanaged: true
# This variable contains the value to be set as the system-wide crypto policy. Current rule enforces NOT USING
# 'LEGACY' value(as it is less secure, it just ensures compatibility with legacy systems), therefore
# possible values for this variable are, as explained by RedHat docs: