RHEL9-CIS/vars/audit.yml

---

#### Audit Configuration Settings ####

# Timeout for those cmds that take longer to run where timeout set
audit_cmd_timeout: 120000

# if get_audit_binary_method == download change accordingly
audit_bin_url: "https://github.com/goss-org/goss/releases/download/{{ audit_bin_version.release }}/goss-linux-"

### Goss Audit Benchmark file ###
## managed by the control audit_content
# git
audit_file_git: "https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git"
audit_git_version: "benchmark_{{ benchmark_version }}"

## Goss configuration information
# Where the goss audit configuration will be stored - NOTE benchmark-audit is expected
audit_conf_dir: "{{ audit_conf_dest | default('/opt') }}/{{ benchmark }}-Audit"

# If changed these can affect other products
pre_audit_outfile: "{{ audit_log_dir }}/{{ ansible_facts.hostname }}-{{ benchmark }}-{{ benchmark_version }}_pre_scan_{{ ansible_facts.date_time.epoch }}.{{ audit_format }}"
post_audit_outfile: "{{ audit_log_dir }}/{{ ansible_facts.hostname }}-{{ benchmark }}-{{ benchmark_version }}_post_scan_{{ ansible_facts.date_time.epoch }}.{{ audit_format }}"

## The following should not need changing

### Audit binary settings ###
audit_bin_version:
  release: v0.4.4
  AMD64_checksum: 'sha256:1c4f54b22fde9d4d5687939abc2606b0660a5d14a98afcd09b04b793d69acdc5'
audit_bin_path: /usr/local/bin/
audit_bin: "{{ audit_bin_path }}goss"
audit_format: json

audit_vars_path: "{{ audit_conf_dir }}/vars/{{ ansible_facts.hostname }}.yml"
audit_results: |
      The{% if not audit_only %} pre remediation{% endif %} audit results are: {{ pre_audit_results}}
      {% if not audit_only %}The post remediation audit results are: {{ post_audit_results }}{% endif %}

      Full breakdown can be found in {{ audit_log_dir }}