sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

new var rhel9cis_rhel_default_repo

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-09-07 14:23:12 +01:00
parent 95140d3247
commit 43a339c74f
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
5 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yml
View file

@ -370,6 +370,7 @@ rhel9cis_rhnsd_required: false
# 1.2.4 repo_gpgcheck
rhel9cis_rhel_default_repo: true
rhel9cis_rule_enable_repogpg: true
# 1.4.1 Bootloader password
rhel9cis_bootloader_password_hash: 'grub.pbkdf2.sha512.10000.9306A36764A7BEA3BF492D1784396B27F52A71812E9955A58709F94EE70697F9BD5366F36E07DEC41B52279A056E2862A93E42069D7BBB08F5DFC2679CD43812.6C32ADA5449303AD5E67A4C150558592A05381331DE6B33463469A236871FA8E70738C6F9066091D877EF88A213C86825E093117F30E9E1BF158D0DB75E7581B'

4
tasks/section_1/cis_1.2.x.yml
View file

@ -111,8 +111,8 @@
when:
- rhel9cis_rule_1_2_4
- not rhel9cis_rhel_default_repo or ansible_facts.distribution != 'RedHat'
- ansible_facts.distribution != 'OracleLinux'
- rhel9cis_rule_enable_repogpg
- not rhel9cis_rhel_default_repo
tags:
- level1-server
- level1-workstation

2
vars/AlmaLinux.yml
View file

@ -3,3 +3,5 @@
os_gpg_key_pubkey_name: gpg-pubkey-b86b3716-61e69f29
os_gpg_key_pubkey_content: "AlmaLinux OS 9 <packager@almalinux.org> b86b3716"
# disable repo_gpgcheck due to OS default repos
rhel9cis_rule_enable_repogpg: false

2
vars/OracleLinux.yml
View file

@ -2,3 +2,5 @@
# OS Specific Settings
os_gpg_key_pubkey_name: gpg-pubkey-8d8b756f-629e59ec
os_gpg_key_pubkey_content: "Oracle Linux (release key 1) <secalert_us@oracle.com>"
# disable repo_gpgcheck due to OS default repos
rhel9cis_rule_enable_repogpg: false

3
vars/RedHat.yml
View file

@ -3,3 +3,6 @@
os_gpg_key_pubkey_name: gpg-pubkey-fd431d51-4ae0493b
os_gpg_key_pubkey_content: "Red Hat, Inc. (release key 2) <security@redhat.com> fd431d51"
# disable repo_gpgcheck due to OS default repos
rhel9cis_rule_enable_repogpg: false