forked from ansible-lockdown/RHEL9-CIS
Added Nist values
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
8b58d71e4b
commit
2bf67cde0d
16 changed files with 100 additions and 21 deletions
|
|
@ -8,7 +8,9 @@
|
|||
- level1-workstation
|
||||
- automated
|
||||
- patch
|
||||
- crypto
|
||||
- rule_1.6.1
|
||||
- NIST800-53R5_SC-6
|
||||
ansible.builtin.debug:
|
||||
msg: "Captured in prelim to ensure not LEGACY. Runs handler to update"
|
||||
changed_when: true
|
||||
|
|
@ -25,6 +27,9 @@
|
|||
- automated
|
||||
- patch
|
||||
- rule_1.6.2
|
||||
- NIST800-53R5_SC-8
|
||||
- NIST800-53R5_IA-5
|
||||
- NIST800-53R5_AC-17- NIST800-53R5_SC-6
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/sysconfig/sshd
|
||||
regexp: ^CRYPTO_POLICY\s*=
|
||||
|
|
@ -40,7 +45,9 @@
|
|||
- level1-workstation
|
||||
- automated
|
||||
- patch
|
||||
- crypto
|
||||
- rule_1.6.3
|
||||
- NIST800-53R5_SC-6
|
||||
block:
|
||||
- name: "1.6.3 | PATCH | Ensure system wide crypto policy disables sha1 hash and signature support | Add submodule exclusion"
|
||||
ansible.builtin.template:
|
||||
|
|
@ -66,7 +73,9 @@
|
|||
- level1-workstation
|
||||
- automated
|
||||
- patch
|
||||
- crypto
|
||||
- rule_1.6.4
|
||||
- NIST800-53R5_SC-6
|
||||
block:
|
||||
- name: "1.6.4 | PATCH | Ensure system wide crypto policy disables macs less than 128 bits | Add submodule exclusion"
|
||||
ansible.builtin.template:
|
||||
|
|
@ -93,7 +102,9 @@
|
|||
- level1-workstation
|
||||
- automated
|
||||
- patch
|
||||
- crypto
|
||||
- rule_1.6.5
|
||||
- NIST800-53R5_SC-6
|
||||
block:
|
||||
- name: "1.6.5 | PATCH | Ensure system wide crypto policy disables cbc for ssh | Add submodule exclusion"
|
||||
ansible.builtin.template:
|
||||
|
|
@ -119,7 +130,9 @@
|
|||
- level1-workstation
|
||||
- automated
|
||||
- patch
|
||||
- crypto
|
||||
- rule_1.6.6
|
||||
- NIST800-53R5_SC-6
|
||||
block:
|
||||
- name: "1.6.6 | PATCH | Ensure system wide crypto policy disables chacha20-poly1305 for ssh | Add submodule exclusion"
|
||||
ansible.builtin.template:
|
||||
|
|
@ -145,7 +158,9 @@
|
|||
- level1-workstation
|
||||
- automated
|
||||
- patch
|
||||
- crypto
|
||||
- rule_1.6.7
|
||||
- NIST800-53R5_SC-6
|
||||
block:
|
||||
- name: "1.6.7 | PATCH | Ensure system wide crypto policy disables EtM for ssh | Add submodule exclusion"
|
||||
ansible.builtin.template:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue