ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

auditd, sysctl vars goss version update

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-06-20 17:05:23 +01:00
parent c3c668bb8e
commit d2684c1e9d
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
defaults/main.yml
View file

@ -460,6 +460,11 @@ rhel9cis_tftp_client: false
## Section3 vars
## Sysctl
sysctl_update: false
flush_ipv4_route: false
flush_ipv6_route: false
### Firewall Service - either firewalld, iptables, or nftables
#### Some control allow for services to be removed or masked
#### The options are under each heading
@ -498,6 +503,9 @@ rhel9cis_audit_back_log_limit: 8192
# The max_log_file parameter should be based on your sites policy
rhel9cis_max_log_file_size: 10
### 4.1.3.x audit template
update_audit_template: false
## Preferred method of logging
## Whether rsyslog or journald preferred method for local logging
## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5
@ -633,8 +641,8 @@ audit_run_script_environment:
### Goss binary settings ###
goss_version:
release: v0.3.16
checksum: 'sha256:827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb'
release: v0.3.18
checksum: 'sha256:432308ebca0caf8165d45bd27e3262126aad9d15572ac8cb3149b3c91f75aace'
audit_bin_path: /usr/local/bin/
audit_bin: "{{ audit_bin_path }}goss"
audit_format: json