forked from ansible-lockdown/RHEL9-CIS
auditd, sysctl vars goss version update
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
c3c668bb8e
commit
d2684c1e9d
1 changed files with 10 additions and 2 deletions
|
|
@ -460,6 +460,11 @@ rhel9cis_tftp_client: false
|
|||
|
||||
|
||||
## Section3 vars
|
||||
## Sysctl
|
||||
sysctl_update: false
|
||||
flush_ipv4_route: false
|
||||
flush_ipv6_route: false
|
||||
|
||||
### Firewall Service - either firewalld, iptables, or nftables
|
||||
#### Some control allow for services to be removed or masked
|
||||
#### The options are under each heading
|
||||
|
|
@ -498,6 +503,9 @@ rhel9cis_audit_back_log_limit: 8192
|
|||
# The max_log_file parameter should be based on your sites policy
|
||||
rhel9cis_max_log_file_size: 10
|
||||
|
||||
### 4.1.3.x audit template
|
||||
update_audit_template: false
|
||||
|
||||
## Preferred method of logging
|
||||
## Whether rsyslog or journald preferred method for local logging
|
||||
## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5
|
||||
|
|
@ -633,8 +641,8 @@ audit_run_script_environment:
|
|||
|
||||
### Goss binary settings ###
|
||||
goss_version:
|
||||
release: v0.3.16
|
||||
checksum: 'sha256:827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb'
|
||||
release: v0.3.18
|
||||
checksum: 'sha256:432308ebca0caf8165d45bd27e3262126aad9d15572ac8cb3149b3c91f75aace'
|
||||
audit_bin_path: /usr/local/bin/
|
||||
audit_bin: "{{ audit_bin_path }}goss"
|
||||
audit_format: json
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue