rename snmp var

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-08-09 13:13:35 +01:00 · 2024-08-09 13:13:35 +01:00 · 89345c12f8
commit 89345c12f8
parent 265423eb0a
2 changed files with 13 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -666,8 +666,8 @@ rhel9cis_rpc_server: true
 rhel9cis_rpc_mask: true
 rhel9cis_rsync_server: false
 rhel9cis_rsync_mask: false
-rhel9cis_net_snmp_server: false
-rhel9cis_net_snmp_mask: false
+rhel9cis_snmp_server: false
+rhel9cis_snmp_mask: false
 rhel9cis_telnet_server: false
 rhel9cis_telnet_mask: false
 rhel9cis_tftp_server: false
@ -965,19 +965,18 @@ rhel9cis_pamd_pwhistory_remember: 24
 rhel9cis_passwd_hash_algo: sha512  # pragma: allowlist secret

 ## Section 5.4.1.x: Shadow Password Suite Parameters
-rhel9cis_pass:
  ## Control 5.6.1.1 - Ensure password expiration is 365 days or less
  # This variable governs after how many days a password expires.
  # CIS requires a value of 365 or less.
-  max_days: 365
+rhel9cis_pass_max_days: 365
  ## Control 5.6.1.2 - Ensure minimum days between password changes is 7 or more
  # This variable specifies the minimum number of days allowed between changing
  # passwords. CIS requires a value of at least 1.
-  min_days: 7
+rhel9cis_pass_min_days: 7
  ## Control 5.6.1.3 - Ensure password expiration warning days is 7 or more
  # This variable governs, how many days before a password expires, the user will be warned.
  # CIS requires a value of at least 7.
-  warn_age: 7
+rhel9cis_pass_warn_age: 7

 ## Control 5.4.1.x - Ensure inactive password lock is 30 days or less
 rhel9cis_inactivelock:
@ -1052,6 +1051,10 @@ max_int_uid: 65533
 rhel9cis_config_aide: true

 ## Control 6.1.2 AIDE cron settings
+
+## How the aide schedule is run either cron or timer
+rhel9cis_aide_scan: cron
+
 # These are the crontab settings for periodical checking of the filesystem's integrity using AIDE.
 # The sub-settings of this variable provide the parameters required to configure
 # the cron job on the target system.
--- a/tasks/section_2/cis_2.1.x.yml
+++ b/tasks/section_2/cis_2.1.x.yml
@ -461,16 +461,16 @@
  block:
    - name: "2.1.14 | PATCH | Ensure snmp services are not in use | Remove package"
      when:
-        - not rhel9cis_net_snmp_server
-        - not rhel9cis_net_snmp_mask
+        - not rhel9cis_snmp_server
+        - not rhel9cis_snmp_mask
      ansible.builtin.package:
        name: net-snmp
        state: absent

    - name: "2.1.14 | PATCH | Ensure snmp services are not in use | Mask service"
      when:
-        - not rhel9cis_net_snmp_server
-        - rhel9cis_net_snmp_mask
+        - not rhel9cis_snmp_server
+        - rhel9cis_snmp_mask
      notify: Systemd_daemon_reload
      ansible.builtin.systemd:
        name: snmpd.service