ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-06 16:32:53 +01:00
parent ae6b6866e0
commit e27e5276e4
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 28 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

56
templates/ansible_vars_goss.yml.j2
View file

@ -99,14 +99,14 @@ rhel9cis_rule_1_5_1: {{ rhel9cis_rule_1_5_1 }}
rhel9cis_rule_1_5_2: {{ rhel9cis_rule_1_5_2 }}
rhel9cis_rule_1_5_3: {{ rhel9cis_rule_1_5_3 }}
# 1.6 Mandatory Access Control
rhel9cis_rule_1_6_1: {{ rhel9cis_rule_1_6_1 }}
rhel9cis_rule_1_6_2: {{ rhel9cis_rule_1_6_2 }}
rhel9cis_rule_1_6_3: {{ rhel9cis_rule_1_6_3 }}
rhel9cis_rule_1_6_4: {{ rhel9cis_rule_1_6_4 }}
rhel9cis_rule_1_6_5: {{ rhel9cis_rule_1_6_5 }}
rhel9cis_rule_1_6_6: {{ rhel9cis_rule_1_6_6 }}
rhel9cis_rule_1_6_7: {{ rhel9cis_rule_1_6_7 }}
rhel9cis_rule_1_6_8: {{ rhel9cis_rule_1_6_8 }}
rhel9cis_rule_1_6_1_1: {{ rhel9cis_rule_1_6_1_1 }}
rhel9cis_rule_1_6_1_2: {{ rhel9cis_rule_1_6_1_2 }}
rhel9cis_rule_1_6_1_3: {{ rhel9cis_rule_1_6_1_3 }}
rhel9cis_rule_1_6_1_4: {{ rhel9cis_rule_1_6_1_4 }}
rhel9cis_rule_1_6_1_5: {{ rhel9cis_rule_1_6_1_5 }}
rhel9cis_rule_1_6_1_6: {{ rhel9cis_rule_1_6_1_6 }}
rhel9cis_rule_1_6_1_7: {{ rhel9cis_rule_1_6_1_7 }}
rhel9cis_rule_1_6_1_8: {{ rhel9cis_rule_1_6_1_8 }}
# 1.7 Command Line Warning Banners
rhel9cis_rule_1_7_1: {{ rhel9cis_rule_1_7_1 }}
rhel9cis_rule_1_7_2: {{ rhel9cis_rule_1_7_2 }}
@ -114,12 +114,12 @@ rhel9cis_rule_1_7_3: {{ rhel9cis_rule_1_7_3 }}
rhel9cis_rule_1_7_4: {{ rhel9cis_rule_1_7_4 }}
rhel9cis_rule_1_7_5: {{ rhel9cis_rule_1_7_5 }}
rhel9cis_rule_1_7_6: {{ rhel9cis_rule_1_7_6 }}
rhel9cis_rule_1_7_7: {{ rhel9cis_rule_1_7_7 }}
rhel9cis_rule_1_8_1: {{ rhel9cis_rule_1_7_8 }}
rhel9cis_rule_1_8_2: {{ rhel9cis_rule_1_8_1 }}
rhel9cis_rule_1_8_3: {{ rhel9cis_rule_1_8_2 }}
rhel9cis_rule_1_8_4: {{ rhel9cis_rule_1_8_3 }}
rhel9cis_rule_1_8_5: {{ rhel9cis_rule_1_8_4 }}
# 1.8 Gnome Display Manager
rhel9cis_rule_1_8_1: {{ rhel9cis_rule_1_8_1 }}
rhel9cis_rule_1_8_2: {{ rhel9cis_rule_1_8_2 }}
rhel9cis_rule_1_8_3: {{ rhel9cis_rule_1_8_3 }}
rhel9cis_rule_1_8_4: {{ rhel9cis_rule_1_8_4 }}
rhel9cis_rule_1_8_5: {{ rhel9cis_rule_1_8_5 }}
# 1.9 Ensure updates, patches, and additional security software are installed
rhel9cis_rule_1_9: {{ rhel9cis_rule_1_9 }}
# Ensure system-wide crypto policy is not legacy
@ -409,7 +409,7 @@ rhel9cis_cups_server: {{ rhel9cis_cups_server }}
rhel9cis_dhcp_server: {{ rhel9cis_dhcp_server }}
rhel9cis_dns_server: {{ rhel9cis_dns_server }}
rhel9cis_ftp_server: {{ rhel9cis_ftp_server }}
rhel9cis_vsftpd_server: {{ rhel9cis_vsftp_server }}
rhel9cis_vsftpd_server: {{ rhel9cis_vsftpd_server }}
rhel9cis_tftp_server: {{ rhel9cis_tftp_server }}
rhel9cis_httpd_server: {{ rhel9cis_httpd_server }}
rhel9cis_nginx_server: {{ rhel9cis_nginx_server }}
@ -425,19 +425,19 @@ rhel9cis_is_mail_server: {{ rhel9cis_is_mail_server }}
# Note the options
# Packages are used for client services and Server- only remove if you dont use the client service
#
rhel9cis_use_nfs_server: {{ rhel9cis_use_nfs.server }}
rhel9cis_use_nfs_service: {{ rhel9cis_use_nfs.service }}
rhel9cis_use_rpc_server: {{ rhel9cis_use_rpc.server }}
rhel9cis_use_rpc_service: {{ rhel9cis_use_rpc.service }}
rhel9cis_use_rsync_server: {{ rhel9cis_use_rsync.server }}
rhel9cis_use_rsync_service: {{ rhel9cis_use_rsync.service }}
rhel9cis_use_nfs_server: {{ rhel9cis_use_nfs_server }}
rhel9cis_use_nfs_service: {{ rhel9cis_use_nfs_service }}
rhel9cis_use_rpc_server: {{ rhel9cis_use_rpc_server }}
rhel9cis_use_rpc_service: {{ rhel9cis_use_rpc_service }}
rhel9cis_use_rsync_server: {{ rhel9cis_use_rsync_server }}
rhel9cis_use_rsync_service: {{ rhel9cis_use_rsync_service }}
#### 2.3 Service clients
rhel9cis_ypbind_required: {{ rhel9cis_ypbind_required }}
rhel9cis_rsh_required: {{ rhel9cis_rsh_required }}
rhel9cis_talk_required: {{ rhel9cis_talk_required }}
rhel9cis_telnet_required: {{ rhel9cis_telnet_required }}
rhel9cis_openldap_clients_required: {{ openldap_clients_required }}
rhel9cis_openldap_clients_required: {{ rhel9cis_openldap_clients_required }}
rhel9cis_tftp_client: {{ rhel9cis_tftp_client }}
# Section 3
@ -482,7 +482,7 @@ rhel9cis_authselect_custom_profile_select: {{ rhel9cis_authselect_custom_profile
## 5.3.2 Authselect select false if using AD or RHEL ID mgmt
rhel9cis_authselect:
custom_profile_name: {{ rhel9cis_authselect['custom_profile_name'] }}
default_file_to_copy: {{ rhel9cis_authselect.default_file_to_copy }}
default_file_to_copy: {{ rhel9cis_authselect['default_file_to_copy'] }}
## 5.4.1 Enable automation to create custom profile settings, using the setings above
@ -491,8 +491,8 @@ rhel9cis_authselect_custom_profile_create: {{ rhel9cis_authselect_custom_profile
# 5.5.1
## PAM
rhel9cis_pam_password:
minlen: {{ rhel9cis_pam_password.minlen }}
minclass: {{ rhel9cis_pam_password.minclass }}
minlen: {{ rhel9cis_pam_password['minlen'] }}
minclass: {{ rhel9cis_pam_password['minclass'] }}
rhel9cis_pam_passwd_retry: "3"
## 5.5.3 choose one of below
@ -501,9 +501,9 @@ rhel9cis_passwd_remember: "5"
## 5.6.x login.defs password settings
rhel9cis_pass:
max_days: {{ rhel9cis_pass.max_days }}
min_days: {{ rhel9cis_pass.min_days }}
warn_age: {{ rhel9cis_pass.warn_age }}
max_days: {{ rhel9cis_pass['max_days'] }}
min_days: {{ rhel9cis_pass['min_days'] }}
warn_age: {{ rhel9cis_pass['warn_age'] }}
## 5.3.7 set sugroup if differs from wheel
rhel9cis_sugroup: {% if rhel9cis_sugroup is undefined %}wheel{% else %}{{ rhel9cis_sugroup }}{% endif %}