ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 14:27:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added missing variable for task 5.2.4

Browse source 
Signed-off-by: defnotyujine <batauling1000@gmail.com>
This commit is contained in:
defnotyujine 2026-03-10 17:19:22 +08:00
parent 497b3dc8d9
commit ce40cd630c
No known key found for this signature in database
GPG key ID: D76FF97B68E000CB
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
defaults/main.yml
View file

@ -959,6 +959,13 @@ rhel9cis_ssh_maxsessions: 4
# This variable defines the path and file name of the sudo log file. # This variable defines the path and file name of the sudo log file.
rhel9cis_sudolog_location: "/var/log/sudo.log" rhel9cis_sudolog_location: "/var/log/sudo.log"
## Control 5.2.4 - Ensure users must provide password for escalation
# The following variable specifies a list of users that should not be required to provide a password
# for escalation. Feel free to edit it according to your needs.
rhel9cis_sudoers_exclude_nopasswd_list:
- ec2-user
- vagrant
## Control 5.2.x - Ensure sudo authentication timeout is configured correctly ## Control 5.2.x - Ensure sudo authentication timeout is configured correctly
# This variable sets the duration (in minutes) during which a user's authentication credentials # This variable sets the duration (in minutes) during which a user's authentication credentials
# are cached after successfully authenticating using "sudo". This allows the user to execute # are cached after successfully authenticating using "sudo". This allows the user to execute