mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 22:23:06 +00:00
Fixing minor documentation issues.
Signed-off-by: Diana-Maria Dumitru <diana.dumitru@siemens.com>
This commit is contained in:
Tomuta, Diana Maria (T CST SCC-RO)
Diana-Maria Dumitru
parent
dfd5eb9a92
commit
76a680bb59
1 changed files with 6 additions and 6 deletions
|
|
@ -35,6 +35,7 @@ rhel9cis_level_2: true
|
||||||
|
|
||||||
# Create managed not custom local_facts files
|
# Create managed not custom local_facts files
|
||||||
create_benchmark_facts: true
|
create_benchmark_facts: true
|
||||||
|
# The path where the ansible facts file is created if audit facts are not present
|
||||||
ansible_facts_path: /etc/ansible/facts.d
|
ansible_facts_path: /etc/ansible/facts.d
|
||||||
|
|
||||||
## Section 1.6 - Mandatory Access Control
|
## Section 1.6 - Mandatory Access Control
|
||||||
|
|
@ -776,7 +777,7 @@ rhel9cis_ftp_client: false
|
||||||
rhel9cis_openldap_clients_required: false
|
rhel9cis_openldap_clients_required: false
|
||||||
## Control - 2.2.3 - Ensure nis client is not installed
|
## Control - 2.2.3 - Ensure nis client is not installed
|
||||||
# Set this variable to `true` to keep package `nis`(`ypbind`); otherwise, the package is uninstalled.
|
# Set this variable to `true` to keep package `nis`(`ypbind`); otherwise, the package is uninstalled.
|
||||||
rhel9cis_ypbind_required: false # Same package as NIS server
|
rhel9cis_ypbind_required: false
|
||||||
## Control - 2.2.4 - Ensure telnet client is not installed
|
## Control - 2.2.4 - Ensure telnet client is not installed
|
||||||
# Set this variable to `true` to keep package `telnet`; otherwise, the package is uninstalled.
|
# Set this variable to `true` to keep package `telnet`; otherwise, the package is uninstalled.
|
||||||
rhel9cis_telnet_required: false
|
rhel9cis_telnet_required: false
|
||||||
|
|
@ -827,7 +828,7 @@ rhel9cis_flush_ipv6_route: false
|
||||||
# 1) either 'firewalld'
|
# 1) either 'firewalld'
|
||||||
# 2) or 'nftables'
|
# 2) or 'nftables'
|
||||||
#### Some control allow for services to be removed or masked
|
#### Some control allow for services to be removed or masked
|
||||||
#### The options are under each heading
|
#### The options are under each heading:
|
||||||
#### absent = remove the package
|
#### absent = remove the package
|
||||||
#### masked = leave package if installed and mask the service
|
#### masked = leave package if installed and mask the service
|
||||||
rhel9cis_firewall: firewalld
|
rhel9cis_firewall: firewalld
|
||||||
|
|
@ -1223,7 +1224,6 @@ rhel9cis_aide_cron:
|
||||||
aide_weekday: '*'
|
aide_weekday: '*'
|
||||||
|
|
||||||
## Preferred method of logging
|
## Preferred method of logging
|
||||||
## Whether rsyslog or journald preferred method for local logging
|
|
||||||
## Controls 6.2.1.x | Configure systemd-journald service
|
## Controls 6.2.1.x | Configure systemd-journald service
|
||||||
## Controls 6.2.2.x | Configured journald
|
## Controls 6.2.2.x | Configured journald
|
||||||
## Controls 6.2.3.x | Configure rsyslog
|
## Controls 6.2.3.x | Configure rsyslog
|
||||||
|
|
@ -1327,7 +1327,7 @@ rhel9cis_remote_log_retrycount: 100
|
||||||
# of rsyslog forwarding must be enabled('rhel9cis_remote_log_server: true').
|
# of rsyslog forwarding must be enabled('rhel9cis_remote_log_server: true').
|
||||||
rhel9cis_remote_log_queuesize: 1000
|
rhel9cis_remote_log_queuesize: 1000
|
||||||
|
|
||||||
# Control 6.2.3.7 - Ensure rsyslog is not configured to receive logs from a remote client
|
## Control 6.2.3.7 - Ensure rsyslog is not configured to receive logs from a remote client
|
||||||
# This variable expresses whether the system is used as a log server or not. If set to:
|
# This variable expresses whether the system is used as a log server or not. If set to:
|
||||||
# - 'false', current system will act as a log CLIENT, thus it should NOT receive data from other hosts.
|
# - 'false', current system will act as a log CLIENT, thus it should NOT receive data from other hosts.
|
||||||
# - 'true', current system will act as a log SERVER, enabling centralised log management(by protecting log integrity
|
# - 'true', current system will act as a log SERVER, enabling centralised log management(by protecting log integrity
|
||||||
|
|
@ -1447,7 +1447,7 @@ rhel9cis_auditd_admin_space_left_action: halt
|
||||||
# for auditd should be used by the role.
|
# for auditd should be used by the role.
|
||||||
rhel9cis_auditd_extra_conf_usage: false
|
rhel9cis_auditd_extra_conf_usage: false
|
||||||
|
|
||||||
# 6.3.3.x allow exceptions for UID in auditd config
|
## Controls 6.3.3.x allow exceptions for UID in auditd config
|
||||||
## Advanced option found in auditd post
|
## Advanced option found in auditd post
|
||||||
# This variable governs if defining user exceptions for auditd logging is acceptable.
|
# This variable governs if defining user exceptions for auditd logging is acceptable.
|
||||||
rhel9cis_allow_auditd_uid_user_exclusions: false
|
rhel9cis_allow_auditd_uid_user_exclusions: false
|
||||||
|
|
@ -1504,7 +1504,7 @@ min_int_uid: 1000
|
||||||
max_int_uid: 65533
|
max_int_uid: 65533
|
||||||
|
|
||||||
## Control 7.2.9 - Ensure local interactive user dot files access is configured
|
## Control 7.2.9 - Ensure local interactive user dot files access is configured
|
||||||
# This variable is a toggle foe enabling/disabling the automated modification of
|
# This variable is a toggle for enabling/disabling the automated modification of
|
||||||
# permissions on dot files.
|
# permissions on dot files.
|
||||||
# Possible values are `true` and `false`
|
# Possible values are `true` and `false`
|
||||||
# This setting can impact a running system if not tested sufficiently
|
# This setting can impact a running system if not tested sufficiently
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue