Initial

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2022-01-07 09:06:18 +00:00 · 2022-01-07 09:06:18 +00:00 · a54b5216eb
commit a54b5216eb
87 changed files with 7693 additions and 0 deletions
--- a/group_vars/docker
+++ b/group_vars/docker
@ -0,0 +1,28 @@
+---
+ansible_user: root
+# AIDE cron settings
+rhel9cis_aide_cron:
+  cron_user: root
+  cron_file: /var/spool/cron/root
+  aide_job: '/usr/sbin/aide --check'
+  aide_minute: 0
+  aide_hour: 5
+  aide_day: '*'
+  aide_month: '*'
+  aide_weekday: '*'
+
+rhel9cis_sshd:
+    clientalivecountmax: 3
+    clientaliveinterval: 300
+    ciphers: "aes256-ctr,aes192-ctr,aes128-ctr"
+    macs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com"
+    logingracetime: 60
+    # - make sure you understand the precedence when working with these values!!
+    allowusers: vagrant
+    allowgroups: vagrant
+    denyusers: root
+    denygroups: root
+
+# Workarounds for Docker
+rhel9cis_skip_for_travis: true
+rhel9cis_selinux_disable: true