ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixing minor documentation issues.

Browse source 
Signed-off-by: Diana-Maria Dumitru <diana.dumitru@siemens.com>
This commit is contained in:
Tomuta, Diana Maria (T CST SCC-RO) 2025-07-09 12:13:45 +03:00 committed by Diana-Maria Dumitru
parent dfd5eb9a92
commit 76a680bb59
No known key found for this signature in database
GPG key ID: 03484C0A7C564FD5
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
defaults/main.yml
View file

@ -35,6 +35,7 @@ rhel9cis_level_2: true
# Create managed not custom local_facts files
create_benchmark_facts: true
# The path where the ansible facts file is created if audit facts are not present
ansible_facts_path: /etc/ansible/facts.d
## Section 1.6 - Mandatory Access Control
@ -776,7 +777,7 @@ rhel9cis_ftp_client: false
rhel9cis_openldap_clients_required: false
## Control - 2.2.3 - Ensure nis client is not installed
# Set this variable to `true` to keep package `nis`(`ypbind`); otherwise, the package is uninstalled.
rhel9cis_ypbind_required: false # Same package as NIS server
rhel9cis_ypbind_required: false
## Control - 2.2.4 - Ensure telnet client is not installed
# Set this variable to `true` to keep package `telnet`; otherwise, the package is uninstalled.
rhel9cis_telnet_required: false
@ -827,7 +828,7 @@ rhel9cis_flush_ipv6_route: false
# 1) either 'firewalld'
# 2) or 'nftables'
#### Some control allow for services to be removed or masked
#### The options are under each heading
#### The options are under each heading:
#### absent = remove the package
#### masked = leave package if installed and mask the service
rhel9cis_firewall: firewalld
@ -1223,7 +1224,6 @@ rhel9cis_aide_cron:
aide_weekday: '*'
## Preferred method of logging
## Whether rsyslog or journald preferred method for local logging
## Controls 6.2.1.x | Configure systemd-journald service
## Controls 6.2.2.x | Configured journald
## Controls 6.2.3.x | Configure rsyslog
@ -1327,7 +1327,7 @@ rhel9cis_remote_log_retrycount: 100
# of rsyslog forwarding must be enabled('rhel9cis_remote_log_server: true').
rhel9cis_remote_log_queuesize: 1000
# Control 6.2.3.7 - Ensure rsyslog is not configured to receive logs from a remote client
## Control 6.2.3.7 - Ensure rsyslog is not configured to receive logs from a remote client
# This variable expresses whether the system is used as a log server or not. If set to:
# - 'false', current system will act as a log CLIENT, thus it should NOT receive data from other hosts.
# - 'true', current system will act as a log SERVER, enabling centralised log management(by protecting log integrity
@ -1447,7 +1447,7 @@ rhel9cis_auditd_admin_space_left_action: halt
# for auditd should be used by the role.
rhel9cis_auditd_extra_conf_usage: false
# 6.3.3.x allow exceptions for UID in auditd config
## Controls 6.3.3.x allow exceptions for UID in auditd config
## Advanced option found in auditd post
# This variable governs if defining user exceptions for auditd logging is acceptable.
rhel9cis_allow_auditd_uid_user_exclusions: false
@ -1504,7 +1504,7 @@ min_int_uid: 1000
max_int_uid: 65533
## Control 7.2.9 - Ensure local interactive user dot files access is configured
# This variable is a toggle foe enabling/disabling the automated modification of
# This variable is a toggle for enabling/disabling the automated modification of
# permissions on dot files.
# Possible values are `true` and `false`
# This setting can impact a running system if not tested sufficiently