sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Added Managed by Ansible Changes will be lost

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-06-22 09:53:27 +01:00
parent cf6e08c390
commit b68e8a3cdd
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
9 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/ansible_vars_goss.yml.j2
View file

@ -1,3 +1,5 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
## metadata for benchmark ## metadata for benchmark
## metadata for Audit benchmark ## metadata for Audit benchmark

2
templates/audit/99_auditd.rules.j2
View file

@ -1,3 +1,5 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# This template will set all of the auditd configurations via a handler in the role in one task instead of individually # This template will set all of the auditd configurations via a handler in the role in one task instead of individually
{% if rhel9cis_rule_4_1_3_1 %} {% if rhel9cis_rule_4_1_3_1 %}
-w /etc/sudoers -p wa -k scope -w /etc/sudoers -p wa -k scope

2
templates/etc/chrony.conf.j2
View file

@ -1,3 +1,5 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# This the default chrony.conf file for the Debian chrony package. After # This the default chrony.conf file for the Debian chrony package. After
# editing this file use the command 'invoke-rc.d chrony restart' to make # editing this file use the command 'invoke-rc.d chrony restart' to make
# your changes take effect. John Hasler <jhasler@debian.org> 1998-2008 # your changes take effect. John Hasler <jhasler@debian.org> 1998-2008

1
templates/etc/modprobe.d/modprobe.conf.j2
View file

@ -1,5 +1,6 @@
# Disable usage of protocol {{ item }} # Disable usage of protocol {{ item }}
# Set by ansible {{ benchmark }} remediation role # Set by ansible {{ benchmark }} remediation role
# https://github.com/ansible-lockdown # https://github.com/ansible-lockdown
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
install {{ item }} /bin/true install {{ item }} /bin/true

2
templates/etc/sysctl.d/60-disable_ipv6.conf.j2
View file

@ -1,4 +1,4 @@
# Setting added via ansible CIS remediation playbook ## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# IPv6 disable # IPv6 disable
{% if rhel9cis_rule_3_1_1 and rhel9cis_ipv6_required %} {% if rhel9cis_rule_3_1_1 and rhel9cis_ipv6_required %}

2
templates/etc/sysctl.d/60-kernel_sysctl.conf.j2
View file

@ -1,4 +1,4 @@
# Setting added via ansible CIS remediation playbook ## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
{% if rhel9cis_rule_1_5_3 %} {% if rhel9cis_rule_1_5_3 %}

2
templates/etc/sysctl.d/60-netipv4_sysctl.conf.j2
View file

@ -1,4 +1,4 @@
# Setting added via ansible CIS remediation playbook ## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# IPv4 Network sysctl # IPv4 Network sysctl
{% if rhel9cis_rule_3_2_1 %} {% if rhel9cis_rule_3_2_1 %}

2
templates/etc/sysctl.d/60-netipv6_sysctl.conf.j2
View file

@ -1,4 +1,4 @@
# Setting added via ansible CIS remediation playbook ## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# IPv6 Network sysctl # IPv6 Network sysctl
{% if rhel9cis_ipv6_required %} {% if rhel9cis_ipv6_required %}

2
templates/etc/systemd/system/tmp.mount.j2
View file

@ -7,6 +7,8 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
[Unit] [Unit]
Description=Temporary Directory (/tmp) Description=Temporary Directory (/tmp)
Documentation=man:hier(7) Documentation=man:hier(7)