updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-07-24 14:01:40 +01:00 · 2024-07-24 14:01:40 +01:00 · 42aa624d50
commit 42aa624d50
parent 06a1f2997c
4 changed files with 36 additions and 25 deletions
--- a/vars/audit.yml
+++ b/vars/audit.yml
@ -26,8 +26,8 @@ post_audit_outfile: "{{ audit_log_dir }}/{{ ansible_facts.hostname }}-{{ benchma

 ### Audit binary settings ###
 audit_bin_version:
-    release: v0.4.4
-    AMD64_checksum: 'sha256:1c4f54b22fde9d4d5687939abc2606b0660a5d14a98afcd09b04b793d69acdc5'
+  release: v0.4.4
+  AMD64_checksum: 'sha256:1c4f54b22fde9d4d5687939abc2606b0660a5d14a98afcd09b04b793d69acdc5'
 audit_bin_path: /usr/local/bin/
 audit_bin: "{{ audit_bin_path }}goss"
 audit_format: json
--- a/vars/main.yml
+++ b/vars/main.yml
@ -3,18 +3,28 @@

 min_ansible_version: 2.10.1
 rhel9cis_allowed_crypto_policies:
-    - 'DEFAULT'
-    - 'FUTURE'
-    - 'FIPS'
+  - 'DEFAULT'
+  - 'FUTURE'
+  - 'FIPS'

 rhel9cis_allowed_crypto_policies_modules:
-    - 'OSPP'
-    - 'AD-SUPPORT'
-    - 'AD-SUPPORT-LEGACY'
-    - 'NO-SHA1'
+  - 'OSPP'
+  - 'AD-SUPPORT'
+  - 'AD-SUPPORT-LEGACY'
+  - 'NO-SHA1'
+  - 'NO-SSHCBC'
+  - 'NO-SSHETM'
+  - 'NO-SSHWEAKCIPHER'
+  - 'NO-SSHWEAKMAC'
+  - 'NO-WEAKMAC'

 # Used to control warning summary
 warn_control_list: ""
 warn_count: 0

 gpg_key_package: "{{ ansible_facts.distribution | lower }}-gpg-keys"
+
+## Control 6.3.3.x - Audit template
+# This variable governs if the auditd logic should be executed(if value is true).
+# NOTE: The current default value is likely to be overriden(via 'set_fact') by other further tasks(in sub-section 'Auditd rules').
+update_audit_template: false