forked from ansible-lockdown/RHEL9-CIS
section1 v2 initial
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
cf4376f1f7
commit
8b58d71e4b
47 changed files with 2181 additions and 1707 deletions
|
|
@ -28,11 +28,11 @@ os_check: true
|
|||
# E.g: If you want to execute the tasks of Section 1 you should set the "_section1" variable to true.
|
||||
# If you do not want the tasks from that section to get executed you simply set the variable to "false".
|
||||
rhel9cis_section1: true
|
||||
rhel9cis_section2: true
|
||||
rhel9cis_section3: true
|
||||
rhel9cis_section4: true
|
||||
rhel9cis_section5: true
|
||||
rhel9cis_section6: true
|
||||
rhel9cis_section2: false
|
||||
rhel9cis_section3: false
|
||||
rhel9cis_section4: false
|
||||
rhel9cis_section5: false
|
||||
rhel9cis_section6: false
|
||||
|
||||
# This is used for audit purposes to run only specifc level use the tags
|
||||
# e.g.
|
||||
|
|
@ -125,61 +125,98 @@ audit_log_dir: '/opt'
|
|||
|
||||
# Section 1 is Initial setup (FileSystem Configuration, Configure Software Updates, Filesystem Integrity Checking, Secure Boot Settings,
|
||||
# Additional Process Hardening, Mandatory Access Control, Command Line Warning Banners, and GNOME Display Manager)
|
||||
# Filesystem kernel modules
|
||||
rhel9cis_rule_1_1_1_1: true
|
||||
rhel9cis_rule_1_1_1_2: true
|
||||
rhel9cis_rule_1_1_2_1: true
|
||||
rhel9cis_rule_1_1_2_2: true
|
||||
rhel9cis_rule_1_1_2_3: true
|
||||
rhel9cis_rule_1_1_2_4: true
|
||||
rhel9cis_rule_1_1_3_1: true
|
||||
rhel9cis_rule_1_1_3_2: true
|
||||
rhel9cis_rule_1_1_3_3: true
|
||||
rhel9cis_rule_1_1_4_1: true
|
||||
rhel9cis_rule_1_1_4_2: true
|
||||
rhel9cis_rule_1_1_4_3: true
|
||||
rhel9cis_rule_1_1_4_4: true
|
||||
rhel9cis_rule_1_1_5_1: true
|
||||
rhel9cis_rule_1_1_5_2: true
|
||||
rhel9cis_rule_1_1_5_3: true
|
||||
rhel9cis_rule_1_1_5_4: true
|
||||
rhel9cis_rule_1_1_6_1: true
|
||||
rhel9cis_rule_1_1_6_2: true
|
||||
rhel9cis_rule_1_1_6_3: true
|
||||
rhel9cis_rule_1_1_6_4: true
|
||||
rhel9cis_rule_1_1_7_1: true
|
||||
rhel9cis_rule_1_1_7_2: true
|
||||
rhel9cis_rule_1_1_7_3: true
|
||||
rhel9cis_rule_1_1_8_1: true
|
||||
rhel9cis_rule_1_1_8_2: true
|
||||
rhel9cis_rule_1_1_8_3: true
|
||||
rhel9cis_rule_1_1_8_4: true
|
||||
rhel9cis_rule_1_1_9: true
|
||||
rhel9cis_rule_1_2_1: true
|
||||
rhel9cis_rule_1_2_2: true
|
||||
rhel9cis_rule_1_2_3: true
|
||||
rhel9cis_rule_1_2_4: true
|
||||
rhel9cis_rule_1_3_1: true
|
||||
rhel9cis_rule_1_3_2: true
|
||||
rhel9cis_rule_1_3_3: true
|
||||
rhel9cis_rule_1_1_1_3: true
|
||||
rhel9cis_rule_1_1_1_4: true
|
||||
rhel9cis_rule_1_1_1_5: true
|
||||
rhel9cis_rule_1_1_1_6: true
|
||||
rhel9cis_rule_1_1_1_7: true
|
||||
rhel9cis_rule_1_1_1_8: true
|
||||
rhel9cis_rule_1_1_1_9: true
|
||||
# Filesystems
|
||||
# /tmp
|
||||
rhel9cis_rule_1_1_2_1_1: true
|
||||
rhel9cis_rule_1_1_2_1_2: true
|
||||
rhel9cis_rule_1_1_2_1_3: true
|
||||
rhel9cis_rule_1_1_2_1_4: true
|
||||
# /dev/shm
|
||||
rhel9cis_rule_1_1_2_2_1: true
|
||||
rhel9cis_rule_1_1_2_2_2: true
|
||||
rhel9cis_rule_1_1_2_2_3: true
|
||||
rhel9cis_rule_1_1_2_2_4: true
|
||||
# /home
|
||||
rhel9cis_rule_1_1_2_3_1: true
|
||||
rhel9cis_rule_1_1_2_3_2: true
|
||||
rhel9cis_rule_1_1_2_3_3: true
|
||||
# /var
|
||||
rhel9cis_rule_1_1_2_4_1: true
|
||||
rhel9cis_rule_1_1_2_4_2: true
|
||||
rhel9cis_rule_1_1_2_4_3: true
|
||||
# /var/tmp
|
||||
rhel9cis_rule_1_1_2_5_1: true
|
||||
rhel9cis_rule_1_1_2_5_2: true
|
||||
rhel9cis_rule_1_1_2_5_3: true
|
||||
rhel9cis_rule_1_1_2_5_4: true
|
||||
# /var/log
|
||||
rhel9cis_rule_1_1_2_6_1: true
|
||||
rhel9cis_rule_1_1_2_6_2: true
|
||||
rhel9cis_rule_1_1_2_6_3: true
|
||||
rhel9cis_rule_1_1_2_6_4: true
|
||||
# /var/log/audit
|
||||
rhel9cis_rule_1_1_2_7_1: true
|
||||
rhel9cis_rule_1_1_2_7_2: true
|
||||
rhel9cis_rule_1_1_2_7_3: true
|
||||
rhel9cis_rule_1_1_2_7_4: true
|
||||
|
||||
# Package Mgmt
|
||||
# Config Pkg Repos
|
||||
rhel9cis_rule_1_2_1_1: true
|
||||
rhel9cis_rule_1_2_1_2: true
|
||||
rhel9cis_rule_1_2_1_3: true
|
||||
rhel9cis_rule_1_2_1_4: true
|
||||
# Package updates
|
||||
rhel9cis_rule_1_2_2_1: true
|
||||
|
||||
# Selinux
|
||||
rhel9cis_rule_1_3_1_1: true
|
||||
rhel9cis_rule_1_3_1_2: true
|
||||
rhel9cis_rule_1_3_1_3: true
|
||||
rhel9cis_rule_1_3_1_4: true
|
||||
rhel9cis_rule_1_3_1_5: true
|
||||
rhel9cis_rule_1_3_1_6: true
|
||||
rhel9cis_rule_1_3_1_7: true
|
||||
rhel9cis_rule_1_3_1_8: true
|
||||
|
||||
# Bootloader
|
||||
rhel9cis_rule_1_4_1: true
|
||||
rhel9cis_rule_1_4_2: true
|
||||
|
||||
# Additional Process Hardening
|
||||
rhel9cis_rule_1_5_1: true
|
||||
rhel9cis_rule_1_5_2: true
|
||||
rhel9cis_rule_1_5_3: true
|
||||
rhel9cis_rule_1_6_1_1: true
|
||||
rhel9cis_rule_1_6_1_2: true
|
||||
rhel9cis_rule_1_6_1_3: true
|
||||
rhel9cis_rule_1_6_1_4: true
|
||||
rhel9cis_rule_1_6_1_5: true
|
||||
rhel9cis_rule_1_6_1_6: true
|
||||
rhel9cis_rule_1_6_1_7: true
|
||||
rhel9cis_rule_1_6_1_8: true
|
||||
rhel9cis_rule_1_5_4: true
|
||||
|
||||
# Config system wide Crypto
|
||||
rhel9cis_rule_1_6_1: true
|
||||
rhel9cis_rule_1_6_2: true
|
||||
rhel9cis_rule_1_6_3: true
|
||||
rhel9cis_rule_1_6_4: true
|
||||
rhel9cis_rule_1_6_5: true
|
||||
rhel9cis_rule_1_6_6: true
|
||||
rhel9cis_rule_1_6_7: true
|
||||
|
||||
# Coomand line warning banners
|
||||
rhel9cis_rule_1_7_1: true
|
||||
rhel9cis_rule_1_7_2: true
|
||||
rhel9cis_rule_1_7_3: true
|
||||
rhel9cis_rule_1_7_4: true
|
||||
rhel9cis_rule_1_7_5: true
|
||||
rhel9cis_rule_1_7_6: true
|
||||
|
||||
# Gnome Display Manager
|
||||
rhel9cis_rule_1_8_1: true
|
||||
rhel9cis_rule_1_8_2: true
|
||||
rhel9cis_rule_1_8_3: true
|
||||
|
|
@ -190,8 +227,6 @@ rhel9cis_rule_1_8_7: true
|
|||
rhel9cis_rule_1_8_8: true
|
||||
rhel9cis_rule_1_8_9: true
|
||||
rhel9cis_rule_1_8_10: true
|
||||
rhel9cis_rule_1_9: true
|
||||
rhel9cis_rule_1_10: true
|
||||
|
||||
# Section 2 rules are controling Services (Special Purpose Services, and service clients)
|
||||
rhel9cis_rule_2_1_1: true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue