sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

issue 41 5.3.7 tasks

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-03-13 09:44:51 +00:00
parent 1a466b7eb7
commit 868e74bbf4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
2 changed files with 17 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

9
defaults/main.yml
View file

@ -645,11 +645,9 @@ rhel9cis_shell_session_timeout:
# RHEL-09-5.4.1.5 Allow ansible to expire password for account with a last changed date in the future. False will just display users in violation, true will expire those users passwords
rhel9cis_futurepwchgdate_autofix: true
# 5.7
# rhel9cis_sugroup: sugroup # change accordingly wheel is default
# 5.3.7
rhel9cis_sugroup: nosugroup
# wheel users list please supply comma seperated e.g. "vagrant,root"
rhel9cis_sugroup_users: "root"
## Section6 vars
@ -660,13 +658,10 @@ rhel9cis_rpm_audit_file: /var/tmp/rpm_file_check
rhel9cis_no_world_write_adjust: true
rhel9cis_passwd_label: "{{ (this_item | default(item)).id }}: {{ (this_item | default(item)).dir }}"
# 6.2.16
## Dont follow symlinks for changes to user home directory thanks to @dulin-gnet and comminty for rhel8-cis reedbacj
rhel_09_6_2_16_home_follow_symlinks: false
#### Goss Configuration Settings ####
# Set correct env for the run_audit.sh script from https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git"
audit_run_script_environment: