diff --git a/.github/workflows/github_networks.tf b/.github/workflows/github_networks.tf
index 4db9025..ba77764 100644
--- a/.github/workflows/github_networks.tf
+++ b/.github/workflows/github_networks.tf
@@ -1,11 +1,53 @@
 resource "aws_vpc" "Main" {
-  cidr_block = var.main_vpc_cidr
-  tags       = var.instance_tags
+  cidr_block       = var.main_vpc_cidr
+  instance_tenancy = "default"
+  tags = {
+    Environment = "${var.environment}"
+    Name        = "${var.namespace}-VPC"
+  }
 }
 
 resource "aws_internet_gateway" "IGW" {
   vpc_id = aws_vpc.Main.id
   tags = {
-    Name = "${var.namespace}-IGW"
+    Environment = "${var.environment}"
+    Name        = "${var.namespace}-IGW"
   }
 }
+
+resource "aws_subnet" "publicsubnets" {
+  vpc_id            = aws_vpc.Main.id
+  cidr_block        = var.public_subnets
+  availability_zone = var.availability_zone
+  tags = {
+    Environment = "${var.environment}"
+    Name        = "${var.namespace}-pubsub"
+  }
+}
+
+resource "aws_subnet" "Main" {
+  vpc_id     = aws_vpc.Main.id
+  cidr_block = var.private_subnets
+  availability_zone = var.availability_zone
+  tags = {
+    Environment = "${var.environment}"
+    Name        = "${var.namespace}-prvsub"
+  }
+}
+
+resource "aws_route_table" "PublicRT" {
+  vpc_id = aws_vpc.Main.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.IGW.id
+  }
+  tags = {
+    Environment = "${var.environment}"
+    Name        = "${var.namespace}-publicRT"
+  }
+}
+
+resource "aws_route_table_association" "rt_associate_public" {
+  subnet_id      = aws_subnet.Main.id
+  route_table_id = aws_route_table.PublicRT.id
+}
diff --git a/.github/workflows/github_vars.tfvars b/.github/workflows/github_vars.tfvars
index 59d5d14..24daeca 100644
--- a/.github/workflows/github_vars.tfvars
+++ b/.github/workflows/github_vars.tfvars
@@ -3,7 +3,8 @@
 // Declared in variables.tf
 // 
 
-namespace = "github_actions"
+namespace   = "github_actions"
+environment = "lockdown_github_repo_workflow"
 
 // Matching pair name found in AWS for keypairs PEM key
 ami_key_pair_name = "github_actions"
diff --git a/.github/workflows/linux_benchmark_testing.yml b/.github/workflows/linux_benchmark_testing.yml
index 9f96e84..908ea06 100644
--- a/.github/workflows/linux_benchmark_testing.yml
+++ b/.github/workflows/linux_benchmark_testing.yml
@@ -73,7 +73,7 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        run: terraform apply -var-file "OS.tfvars" -var-file "github_vars.tfvars" --auto-approve -input=false
+        run: terraform apply -var-file "github_vars.tfvars" -var-file "OS.tfvars" --auto-approve -input=false
 
 ## Debug Section
       - name: DEBUG - Show Ansible hostfile
@@ -81,18 +81,9 @@ jobs:
         working-directory: .github/workflows
         run: cat hosts.yml
 
-# Centos 7 images take a while to come up insert sleep or playbook fails
+# Aws deployments taking a while to come up insert sleep or playbook fails
 
-      - name: Check if test os is rhel7
-        working-directory: .github/workflows
-        id: test_os
-        run: >-
-          echo "::set-output name=RHEL7::$(
-          grep -c RHEL7 OS.tfvars
-          )"
-
-      - name: if RHEL7 - Sleep for 60 seconds
-        #if: steps.test_os.outputs.RHEL7 >= 1
+      - name: Sleep for 60 seconds
         run: sleep 60s
         shell: bash
 
@@ -117,4 +108,4 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        run: terraform destroy -var-file "OS.tfvars" -var-file "github_vars.tfvars" --auto-approve -input=false
\ No newline at end of file
+        run: terraform destroy -var-file "github_vars.tfvars" -var-file "OS.tfvars" --auto-approve -input=false
diff --git a/.github/workflows/main.tf b/.github/workflows/main.tf
index b231d2a..61da17c 100644
--- a/.github/workflows/main.tf
+++ b/.github/workflows/main.tf
@@ -5,9 +5,6 @@ provider "aws" {
 
 // Create a security group with access to port 22 and port 80 open to serve HTTP traffic
 
-data "aws_vpc" "default" {
-  default = true
-}
 
 resource "random_id" "server" {
   keepers = {
@@ -19,8 +16,8 @@ resource "random_id" "server" {
 }
 
 resource "aws_security_group" "github_actions" {
-  name   = "${var.namespace}-${random_id.server.hex}"
-  vpc_id = data.aws_vpc.default.id
+  name   = "${var.namespace}-${random_id.server.hex}-SG"
+  vpc_id = aws_vpc.Main.id
 
   ingress {
     from_port   = 22
@@ -43,7 +40,8 @@ resource "aws_security_group" "github_actions" {
     cidr_blocks = ["0.0.0.0/0"]
   }
   tags = {
-    Name = "${var.namespace}-SG"
+    Environment = "${var.environment}"
+    Name        = "${var.namespace}-SG"
   }
 }
 
@@ -51,11 +49,13 @@ resource "aws_security_group" "github_actions" {
 
 resource "aws_instance" "testing_vm" {
   ami                         = var.ami_id
+  availability_zone           = var.availability_zone
   associate_public_ip_address = true
   key_name                    = var.ami_key_pair_name # This is the key as known in the ec2 key_pairs
   instance_type               = var.instance_type
   tags                        = var.instance_tags
   vpc_security_group_ids      = [aws_security_group.github_actions.id]
+  subnet_id                   = aws_subnet.Main.id
   root_block_device {
     delete_on_termination = true
   }
@@ -80,3 +80,4 @@ resource "local_file" "inventory" {
         audit_git_version: devel
     EOF
 }
+
diff --git a/.github/workflows/terraform.tfvars b/.github/workflows/terraform.tfvars
index 6d98b8b..d894ec4 100644
--- a/.github/workflows/terraform.tfvars
+++ b/.github/workflows/terraform.tfvars
@@ -1,5 +1,6 @@
 // vars should be loaded by OSname.tfvars
-aws_region    = "us-east-1"
-ami_os        = var.ami_os
-ami_username  = var.ami_username
-instance_tags = var.instance_tags
+availability_zone      = "us-east-1b"
+aws_region             = "us-east-1"
+ami_os                 = var.ami_os
+ami_username           = var.ami_username
+instance_tags          = var.instance_tags
diff --git a/.github/workflows/variables.tf b/.github/workflows/variables.tf
index 752ee88..7e05228 100644
--- a/.github/workflows/variables.tf
+++ b/.github/workflows/variables.tf
@@ -6,6 +6,12 @@ variable "aws_region" {
   type        = string
 }
 
+variable "availability_zone" {
+  description = "List of availability zone in the region"
+  default     = "us-east-1b"
+  type        = string
+}
+
 variable "instance_type" {
   description = "EC2 Instance Type"
   default     = "t3.micro"
@@ -52,6 +58,11 @@ variable "namespace" {
   type        = string
 }
 
+variable "environment" {
+  description = "Env Name used across all tags"
+  type        = string
+}
+
 // taken from github_vars.tfvars &
 
 variable "main_vpc_cidr" {
diff --git a/Changelog.md b/Changelog.md
index 07d5eff..1e2297a 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -35,6 +35,8 @@
 - added more to logrotate 4.3.x - sure to logrotate now a seperate package
 - grub path now standard to /boot/grub2/grub.cfg
 - 1.6.1.4 from rh8 removed as selinux.cfg doesnt disable selinux any longer
+- workflow update
+- removed doc update
 
 ## 0.1
 
diff --git a/templates/ansible_vars_goss.yml.old b/templates/ansible_vars_goss.yml.old
deleted file mode 100644
index f10c74f..0000000
--- a/templates/ansible_vars_goss.yml.old
+++ /dev/null
@@ -1,429 +0,0 @@
-## metadata for Audit benchmark
-benchmark_version: '1.0.1'
-
-# Set if genuine RHEL (subscription manager check) not for derivatives e.g. CentOS
-is_redhat_os: {% if ansible_distribution == "RedHat" %}true{% else %}false{% endif %}
-
-rhel9cis_os_distribution: {{ ansible_distribution | lower }}
-
-# timeout for each command to run where set - default = 10seconds/10000ms
-timeout_ms: {{ audit_cmd_timeout }}
-
-# Taken from LE rhel8-cis
-rhel9cis_section1: {{ rhel9cis_section1 }}
-rhel9cis_section2: {{ rhel9cis_section2 }}
-rhel9cis_section3: {{ rhel9cis_section3 }}
-rhel9cis_section4: {{ rhel9cis_section4 }}
-rhel9cis_section5: {{ rhel9cis_section5 }}
-rhel9cis_section6: {{ rhel9cis_section6 }}
-
-rhel9cis_level_1: {{ rhel9cis_level_1 }}
-rhel9cis_level_2: {{ rhel9cis_level_2 }}
-
-rhel9cis_selinux_disable: {{ rhel9cis_selinux_disable }}
-
-
-
-# to enable rules that may have IO impact on a system e.g. full filesystem scans or CPU heavy
-run_heavy_tests: true
-{% if rhel9cis_legacy_boot is defined %}
-rhel9cis_legacy_boot: {{ rhel9cis_legacy_boot }}
-{% endif %}
-
-
-rhel9cis_set_boot_pass: {{ rhel9cis_set_boot_pass }}
-# These variables correspond with the CIS rule IDs or paragraph numbers defined in
-# the CIS benchmark documents.
-# PLEASE NOTE: These work in coordination with the section # group variables and tags.
-# You must enable an entire section in order for the variables below to take effect.
-# Section 1 rules
-rhel9cis_rule_1_1_1_1: {{ rhel9cis_rule_1_1_1_1 }}
-rhel9cis_rule_1_1_1_2: {{ rhel9cis_rule_1_1_1_2 }}
-rhel9cis_rule_1_1_1_3: {{ rhel9cis_rule_1_1_1_3 }}
-rhel9cis_rule_1_1_1_4: {{ rhel9cis_rule_1_1_1_4 }}
-rhel9cis_rule_1_1_2: {{ rhel9cis_rule_1_1_2 }}
-rhel9cis_rule_1_1_3: {{ rhel9cis_rule_1_1_3 }}
-rhel9cis_rule_1_1_4: {{ rhel9cis_rule_1_1_4 }}
-rhel9cis_rule_1_1_5: {{ rhel9cis_rule_1_1_5 }}
-rhel9cis_rule_1_1_6: {{ rhel9cis_rule_1_1_6 }}
-rhel9cis_rule_1_1_7: {{ rhel9cis_rule_1_1_7 }}
-rhel9cis_rule_1_1_8: {{ rhel9cis_rule_1_1_8 }}
-rhel9cis_rule_1_1_9: {{ rhel9cis_rule_1_1_9 }}
-rhel9cis_rule_1_1_10: {{ rhel9cis_rule_1_1_10 }}
-rhel9cis_rule_1_1_11: {{ rhel9cis_rule_1_1_11 }}
-rhel9cis_rule_1_1_12: {{ rhel9cis_rule_1_1_12 }}
-rhel9cis_rule_1_1_13: {{ rhel9cis_rule_1_1_13 }}
-rhel9cis_rule_1_1_14: {{ rhel9cis_rule_1_1_14 }}
-rhel9cis_rule_1_1_15: {{ rhel9cis_rule_1_1_15 }}
-rhel9cis_rule_1_1_16: {{ rhel9cis_rule_1_1_16 }}
-rhel9cis_rule_1_1_17: {{ rhel9cis_rule_1_1_17 }}
-rhel9cis_rule_1_1_18: {{ rhel9cis_rule_1_1_18 }}
-rhel9cis_rule_1_1_19: {{ rhel9cis_rule_1_1_19 }}
-rhel9cis_rule_1_1_20: {{ rhel9cis_rule_1_1_20 }}
-rhel9cis_rule_1_1_21: {{ rhel9cis_rule_1_1_21 }}
-rhel9cis_rule_1_1_22: {{ rhel9cis_rule_1_1_22 }}
-rhel9cis_rule_1_1_23: {{ rhel9cis_rule_1_1_23 }}
-rhel9cis_rule_1_2_1: {% if ansible_distribution == "RedHat" %}True{% else %}False{% endif %}  # Only run if Redhat and Subscribed
-rhel9cis_rule_1_2_2: {{ rhel9cis_rule_1_2_2 }}
-rhel9cis_rule_1_2_3: {{ rhel9cis_rule_1_2_3 }}
-rhel9cis_rule_1_2_4: {{ rhel9cis_rule_1_2_4 }}
-rhel9cis_rule_1_2_5: {{ rhel9cis_rule_1_2_5 }}
-rhel9cis_rule_1_3_1: {{ rhel9cis_rule_1_3_1 }}
-rhel9cis_rule_1_3_2: {{ rhel9cis_rule_1_3_2 }}
-rhel9cis_rule_1_3_3: {{ rhel9cis_rule_1_3_3 }}
-rhel9cis_rule_1_4_1: {{ rhel9cis_rule_1_4_1 }}
-rhel9cis_rule_1_4_2: {{ rhel9cis_rule_1_4_2 }}
-rhel9cis_rule_1_4_3: {{ rhel9cis_rule_1_4_3 }}
-rhel9cis_rule_1_5_1: {{ rhel9cis_rule_1_5_1 }}
-rhel9cis_rule_1_5_2: {{ rhel9cis_rule_1_5_2 }}
-rhel9cis_rule_1_5_3: {{ rhel9cis_rule_1_5_3 }}
-
-rhel9cis_rule_1_7_1_1: {{ rhel9cis_rule_1_7_1_1 }}
-rhel9cis_rule_1_7_1_2: {{ rhel9cis_rule_1_7_1_2 }}
-rhel9cis_rule_1_7_1_3: {{ rhel9cis_rule_1_7_1_3 }}
-rhel9cis_rule_1_7_1_4: {{ rhel9cis_rule_1_7_1_4 }}
-rhel9cis_rule_1_7_1_5: {{ rhel9cis_rule_1_7_1_5 }}
-rhel9cis_rule_1_7_1_6: {{ rhel9cis_rule_1_7_1_6 }}
-rhel9cis_rule_1_7_1_7: {{ rhel9cis_rule_1_7_1_7 }}
-rhel9cis_rule_1_8_1_1: {{ rhel9cis_rule_1_8_1_1 }}
-rhel9cis_rule_1_8_1_2: {{ rhel9cis_rule_1_8_1_2 }}
-rhel9cis_rule_1_8_1_3: {{ rhel9cis_rule_1_8_1_3 }}
-rhel9cis_rule_1_8_1_4: {{ rhel9cis_rule_1_8_1_4 }}
-rhel9cis_rule_1_8_1_5: {{ rhel9cis_rule_1_8_1_5 }}
-rhel9cis_rule_1_8_1_6: {{ rhel9cis_rule_1_8_1_6 }}
-rhel9cis_rule_1_8_2: {{ rhel9cis_rule_1_8_2 }}
-rhel9cis_rule_1_9: {{ rhel9cis_rule_1_9 }}
-rhel9cis_rule_1_10: {{ rhel9cis_rule_1_10 }}
-
-
-# section 2 rules
-rhel9cis_rule_2_1_1: {{ rhel9cis_rule_2_1_1 }}
-rhel9cis_rule_2_2_1_1: {{ rhel9cis_rule_2_2_1_1 }}
-rhel9cis_rule_2_2_1_2: {{ rhel9cis_rule_2_2_1_2 }}
-rhel9cis_rule_2_2_2: {{ rhel9cis_rule_2_2_2 }}
-rhel9cis_rule_2_2_3: {{ rhel9cis_rule_2_2_3 }}
-rhel9cis_rule_2_2_4: {{ rhel9cis_rule_2_2_4 }}
-rhel9cis_rule_2_2_5: {{ rhel9cis_rule_2_2_5 }}
-rhel9cis_rule_2_2_6: {{ rhel9cis_rule_2_2_6 }}
-rhel9cis_rule_2_2_7: {{ rhel9cis_rule_2_2_7 }}
-rhel9cis_rule_2_2_8: {{ rhel9cis_rule_2_2_8 }}
-rhel9cis_rule_2_2_9: {{ rhel9cis_rule_2_2_9 }}
-rhel9cis_rule_2_2_10: {{ rhel9cis_rule_2_2_10 }}
-rhel9cis_rule_2_2_11: {{ rhel9cis_rule_2_2_11 }}
-rhel9cis_rule_2_2_12: {{ rhel9cis_rule_2_2_12 }}
-rhel9cis_rule_2_2_13: {{ rhel9cis_rule_2_2_13 }}
-rhel9cis_rule_2_2_14: {{ rhel9cis_rule_2_2_14 }}
-rhel9cis_rule_2_2_15: {{ rhel9cis_rule_2_2_15 }}
-rhel9cis_rule_2_2_16: {{ rhel9cis_rule_2_2_16 }}
-rhel9cis_rule_2_2_17: {{ rhel9cis_rule_2_2_17 }}
-rhel9cis_rule_2_2_18: {{ rhel9cis_rule_2_2_18 }}
-rhel9cis_rule_2_3_1: {{ rhel9cis_rule_2_3_1 }}
-rhel9cis_rule_2_3_2: {{ rhel9cis_rule_2_3_2 }}
-rhel9cis_rule_2_3_3: {{ rhel9cis_rule_2_3_3 }}
-
-
-# Section 3 rules
-rhel9cis_rule_3_1_1: {{ rhel9cis_rule_3_1_1 }}
-rhel9cis_rule_3_1_2: {{ rhel9cis_rule_3_1_2 }}
-rhel9cis_rule_3_2_1: {{ rhel9cis_rule_3_2_1 }}
-rhel9cis_rule_3_2_2: {{ rhel9cis_rule_3_2_2 }}
-rhel9cis_rule_3_2_3: {{ rhel9cis_rule_3_2_3 }}
-rhel9cis_rule_3_2_4: {{ rhel9cis_rule_3_2_4 }}
-rhel9cis_rule_3_2_5: {{ rhel9cis_rule_3_2_5 }}
-rhel9cis_rule_3_2_6: {{ rhel9cis_rule_3_2_6 }}
-rhel9cis_rule_3_2_7: {{ rhel9cis_rule_3_2_7 }}
-rhel9cis_rule_3_2_8: {{ rhel9cis_rule_3_2_8 }}
-rhel9cis_rule_3_2_9: {{ rhel9cis_rule_3_2_9 }}
-rhel9cis_rule_3_3_1: {{ rhel9cis_rule_3_3_1 }}
-rhel9cis_rule_3_3_2: {{ rhel9cis_rule_3_3_2 }}
-rhel9cis_rule_3_3_3: {{ rhel9cis_rule_3_3_3 }}
-rhel9cis_rule_3_3_4: {{ rhel9cis_rule_3_3_4 }}
-rhel9cis_rule_3_4_1_1: {{ rhel9cis_rule_3_4_1_1 }}
-rhel9cis_rule_3_4_2_1: {{ rhel9cis_rule_3_4_2_1 }}
-rhel9cis_rule_3_4_2_2: {{ rhel9cis_rule_3_4_2_2 }}
-rhel9cis_rule_3_4_2_3: {{ rhel9cis_rule_3_4_2_3 }}
-rhel9cis_rule_3_4_2_4: {{ rhel9cis_rule_3_4_2_4 }}
-rhel9cis_rule_3_4_2_5: {{ rhel9cis_rule_3_4_2_5 }}
-rhel9cis_rule_3_4_2_6: {{ rhel9cis_rule_3_4_2_6 }}
-rhel9cis_rule_3_5: {{ rhel9cis_rule_3_5 }}
-rhel9cis_rule_3_6: {{ rhel9cis_rule_3_6 }}
-
-
-# Section 4 rules
-rhel9cis_rule_4_1_1_1: {{ rhel9cis_rule_4_1_1_1 }}
-rhel9cis_rule_4_1_1_2: {{ rhel9cis_rule_4_1_1_2 }}
-rhel9cis_rule_4_1_1_3: {{ rhel9cis_rule_4_1_1_3 }}
-rhel9cis_rule_4_1_1_4: {{ rhel9cis_rule_4_1_1_4 }}
-rhel9cis_rule_4_1_2_1: {{ rhel9cis_rule_4_1_2_1 }}
-rhel9cis_rule_4_1_2_2: {{ rhel9cis_rule_4_1_2_2 }}
-rhel9cis_rule_4_1_2_3: {{ rhel9cis_rule_4_1_2_3 }}
-rhel9cis_rule_4_1_3: {{ rhel9cis_rule_4_1_3 }}
-rhel9cis_rule_4_1_4: {{ rhel9cis_rule_4_1_4 }}
-rhel9cis_rule_4_1_5: {{ rhel9cis_rule_4_1_5 }}
-rhel9cis_rule_4_1_6: {{ rhel9cis_rule_4_1_6 }}
-rhel9cis_rule_4_1_7: {{ rhel9cis_rule_4_1_7 }}
-rhel9cis_rule_4_1_8: {{ rhel9cis_rule_4_1_8 }}
-rhel9cis_rule_4_1_9: {{ rhel9cis_rule_4_1_9 }}
-rhel9cis_rule_4_1_10: {{ rhel9cis_rule_4_1_10 }}
-rhel9cis_rule_4_1_11: {{ rhel9cis_rule_4_1_11 }}
-rhel9cis_rule_4_1_12: {{ rhel9cis_rule_4_1_12 }}
-rhel9cis_rule_4_1_13: {{ rhel9cis_rule_4_1_13 }}
-rhel9cis_rule_4_1_14: {{ rhel9cis_rule_4_1_14 }}
-rhel9cis_rule_4_1_15: {{ rhel9cis_rule_4_1_15 }}
-rhel9cis_rule_4_1_16: {{ rhel9cis_rule_4_1_16 }}
-rhel9cis_rule_4_1_17: {{ rhel9cis_rule_4_1_17 }}
-rhel9cis_rule_4_2_1_1: {{ rhel9cis_rule_4_2_1_1 }}
-rhel9cis_rule_4_2_1_2: {{ rhel9cis_rule_4_2_1_2 }}
-rhel9cis_rule_4_2_1_3: {{ rhel9cis_rule_4_2_1_3 }}
-rhel9cis_rule_4_2_1_4: {{ rhel9cis_rule_4_2_1_4 }}
-rhel9cis_rule_4_2_1_5: {{ rhel9cis_rule_4_2_1_5 }}
-rhel9cis_rule_4_2_1_6: {{ rhel9cis_rule_4_2_1_6 }}
-rhel9cis_rule_4_2_2_1: {{ rhel9cis_rule_4_2_2_1 }}
-rhel9cis_rule_4_2_2_2: {{ rhel9cis_rule_4_2_2_2 }}
-rhel9cis_rule_4_2_2_3: {{ rhel9cis_rule_4_2_2_3 }}
-rhel9cis_rule_4_2_3: {{ rhel9cis_rule_4_2_3 }}
-rhel9cis_rule_4_3: {{ rhel9cis_rule_4_3 }}
-
-# Section 5
-rhel9cis_rule_5_1_1: {{ rhel9cis_rule_5_1_1 }}
-rhel9cis_rule_5_1_2: {{ rhel9cis_rule_5_1_2 }}
-rhel9cis_rule_5_1_3: {{ rhel9cis_rule_5_1_3 }}
-rhel9cis_rule_5_1_4: {{ rhel9cis_rule_5_1_4 }}
-rhel9cis_rule_5_1_5: {{ rhel9cis_rule_5_1_5 }}
-rhel9cis_rule_5_1_6: {{ rhel9cis_rule_5_1_6 }}
-rhel9cis_rule_5_1_7: {{ rhel9cis_rule_5_1_7 }}
-rhel9cis_rule_5_1_8: {{ rhel9cis_rule_5_1_8 }}
-
-rhel9cis_rule_5_2_1: {{ rhel9cis_rule_5_2_1 }}
-rhel9cis_rule_5_2_2: {{ rhel9cis_rule_5_2_2 }}
-rhel9cis_rule_5_2_3: {{ rhel9cis_rule_5_2_3 }}
-rhel9cis_rule_5_2_4: {{ rhel9cis_rule_5_2_4 }}
-rhel9cis_rule_5_2_5: {{ rhel9cis_rule_5_2_5 }}
-rhel9cis_rule_5_2_6: {{ rhel9cis_rule_5_2_6 }}
-rhel9cis_rule_5_2_7: {{ rhel9cis_rule_5_2_7 }}
-rhel9cis_rule_5_2_8: {{ rhel9cis_rule_5_2_8 }}
-rhel9cis_rule_5_2_9: {{ rhel9cis_rule_5_2_9 }}
-rhel9cis_rule_5_2_10: {{ rhel9cis_rule_5_2_10 }}
-rhel9cis_rule_5_2_11: {{ rhel9cis_rule_5_2_11 }}
-rhel9cis_rule_5_2_12: {{ rhel9cis_rule_5_2_12 }}
-rhel9cis_rule_5_2_13: {{ rhel9cis_rule_5_2_13 }}
-rhel9cis_rule_5_2_14: {{ rhel9cis_rule_5_2_14 }}
-rhel9cis_rule_5_2_15: {{ rhel9cis_rule_5_2_15 }}
-rhel9cis_rule_5_2_16: {{ rhel9cis_rule_5_2_16 }}
-rhel9cis_rule_5_2_17: {{ rhel9cis_rule_5_2_17 }}
-rhel9cis_rule_5_2_18: {{ rhel9cis_rule_5_2_18 }}
-rhel9cis_rule_5_2_19: {{ rhel9cis_rule_5_2_19 }}
-rhel9cis_rule_5_2_20: {{ rhel9cis_rule_5_2_20 }}
-
-rhel9cis_rule_5_3_1: {{ rhel9cis_rule_5_3_1 }}
-rhel9cis_rule_5_3_2: {{ rhel9cis_rule_5_3_2 }}
-rhel9cis_rule_5_3_3: {{ rhel9cis_rule_5_3_3 }}
-
-rhel9cis_rule_5_4_1: {{ rhel9cis_rule_5_4_1 }}
-rhel9cis_rule_5_4_2: {{ rhel9cis_rule_5_4_2 }}
-rhel9cis_rule_5_4_3: {{ rhel9cis_rule_5_4_3 }}
-rhel9cis_rule_5_4_4: {{ rhel9cis_rule_5_4_4 }}
-
-rhel9cis_rule_5_5_1_1: {{ rhel9cis_rule_5_5_1_1 }}
-rhel9cis_rule_5_5_1_2: {{ rhel9cis_rule_5_5_1_2 }}
-rhel9cis_rule_5_5_1_3: {{ rhel9cis_rule_5_5_1_3 }}
-rhel9cis_rule_5_5_1_4: {{ rhel9cis_rule_5_5_1_4 }}
-rhel9cis_rule_5_5_1_5: {{ rhel9cis_rule_5_5_1_5 }}
-
-rhel9cis_rule_5_5_2: {{ rhel9cis_rule_5_5_2 }}
-rhel9cis_rule_5_5_3: {{ rhel9cis_rule_5_5_3 }}
-rhel9cis_rule_5_5_4: {{ rhel9cis_rule_5_5_4 }}
-rhel9cis_rule_5_5_5: {{ rhel9cis_rule_5_5_5 }}
-
-rhel9cis_rule_5_6: {{ rhel9cis_rule_5_6 }}
-rhel9cis_rule_5_7: {{ rhel9cis_rule_5_7 }}
-
-# Section 6
-rhel9cis_rule_6_1_1: {{ rhel9cis_rule_6_1_1 }}
-rhel9cis_rule_6_1_2: {{ rhel9cis_rule_6_1_2 }}
-rhel9cis_rule_6_1_3: {{ rhel9cis_rule_6_1_3 }}
-rhel9cis_rule_6_1_4: {{ rhel9cis_rule_6_1_4 }}
-rhel9cis_rule_6_1_5: {{ rhel9cis_rule_6_1_5 }}
-rhel9cis_rule_6_1_6: {{ rhel9cis_rule_6_1_6 }}
-rhel9cis_rule_6_1_7: {{ rhel9cis_rule_6_1_7 }}
-rhel9cis_rule_6_1_8: {{ rhel9cis_rule_6_1_8 }}
-rhel9cis_rule_6_1_9: {{ rhel9cis_rule_6_1_9 }}
-rhel9cis_rule_6_1_10: {{ rhel9cis_rule_6_1_10 }}
-rhel9cis_rule_6_1_11: {{ rhel9cis_rule_6_1_11 }}
-rhel9cis_rule_6_1_12: {{ rhel9cis_rule_6_1_12 }}
-rhel9cis_rule_6_1_13: {{ rhel9cis_rule_6_1_13 }}
-rhel9cis_rule_6_1_14: {{ rhel9cis_rule_6_1_14 }}
-
-rhel9cis_rule_6_2_1: {{ rhel9cis_rule_6_2_1 }}
-rhel9cis_rule_6_2_2: {{ rhel9cis_rule_6_2_2 }}
-rhel9cis_rule_6_2_3: {{ rhel9cis_rule_6_2_3 }}
-rhel9cis_rule_6_2_4: {{ rhel9cis_rule_6_2_4 }}
-rhel9cis_rule_6_2_5: {{ rhel9cis_rule_6_2_5 }}
-rhel9cis_rule_6_2_6: {{ rhel9cis_rule_6_2_6 }}
-rhel9cis_rule_6_2_7: {{ rhel9cis_rule_6_2_7 }}
-rhel9cis_rule_6_2_8: {{ rhel9cis_rule_6_2_8 }}
-rhel9cis_rule_6_2_9: {{ rhel9cis_rule_6_2_9 }}
-rhel9cis_rule_6_2_10: {{ rhel9cis_rule_6_2_10 }}
-rhel9cis_rule_6_2_11: {{ rhel9cis_rule_6_2_11 }}
-rhel9cis_rule_6_2_12: {{ rhel9cis_rule_6_2_12 }}
-rhel9cis_rule_6_2_13: {{ rhel9cis_rule_6_2_13 }}
-rhel9cis_rule_6_2_14: {{ rhel9cis_rule_6_2_14 }}
-rhel9cis_rule_6_2_15: {{ rhel9cis_rule_6_2_15 }}
-rhel9cis_rule_6_2_16: {{ rhel9cis_rule_6_2_16 }}
-rhel9cis_rule_6_2_17: {{ rhel9cis_rule_6_2_17 }}
-rhel9cis_rule_6_2_18: {{ rhel9cis_rule_6_2_18 }}
-rhel9cis_rule_6_2_19: {{ rhel9cis_rule_6_2_19 }}
-rhel9cis_rule_6_2_20: {{ rhel9cis_rule_6_2_20 }}
-
-
-# Service configuration booleans set true to keep service
-rhel9cis_avahi_server: {{ rhel9cis_avahi_server }}
-rhel9cis_cups_server: {{ rhel9cis_cups_server }}
-rhel9cis_dhcp_server: {{ rhel9cis_dhcp_server }}
-rhel9cis_dns_server: {{ rhel9cis_dns_server }}
-rhel9cis_ftp_server: {{ rhel9cis_ftp_server }}
-rhel9cis_vsftpd_server: {{ rhel9cis_vsftpd_server }}
-rhel9cis_tftp_server: {{ rhel9cis_tftp_server }}
-rhel9cis_httpd_server: {{ rhel9cis_httpd_server }}
-rhel9cis_nginx_server: {{ rhel9cis_nginx_server }}
-rhel9cis_dovecot_cyrus_server: {{ rhel9cis_dovecot_cyrus_server }}
-rhel9cis_samba_server: {{ rhel9cis_samba_server }}
-rhel9cis_squid_server: {{ rhel9cis_squid_server }}
-rhel9cis_snmp_server: {{ rhel9cis_snmp_server }}
-rhel9cis_nis_server: {{ rhel9cis_nis_server }}
-rhel9cis_telnet_server: {{ rhel9cis_telnet_server }}
-rhel9cis_is_mail_server: {{ rhel9cis_is_mail_server }}
-rhel9cis_nfs_server: {{ rhel9cis_nfs_server }}
-rhel9cis_rpc_server: {{ rhel9cis_rpc_server }}
-rhel9cis_rsync_server: {{ rhel9cis_rsync_server }}
-
-
-rhel9cis_allow_autofs: {{ rhel9cis_allow_autofs }}
-
-# client services
-rhel9cis_ypbind_required: {{ rhel9cis_ypbind_required }}
-rhel9cis_rsh_required: {{ rhel9cis_rsh_required }}
-rhel9cis_talk_required: {{ rhel9cis_talk_required }}
-rhel9cis_telnet_required: {{ rhel9cis_telnet_required }}
-rhel9cis_openldap_clients_required: {{ rhel9cis_openldap_clients_required }}
-rhel9cis_tftp_client: {{ rhel9cis_tftp_client }}
-
-
-
-
-# AIDE
-rhel9cis_config_aide: {{ rhel9cis_config_aide }}
-
-# aide setup via - cron, timer
-rhel9_aide_scan: cron
-
-# AIDE cron settings
-rhel9cis_aide_cron:
-  cron_user: {{ rhel9cis_aide_cron.cron_user }}
-  cron_file: '{{ rhel9cis_aide_cron.cron_file }}'
-  aide_job: ' {{ rhel9cis_aide_cron.aide_job }}'
-  aide_minute: '{{ rhel9cis_aide_cron.aide_minute }}'
-  aide_hour: '{{ rhel9cis_aide_cron.aide_hour }}'
-  aide_day: '{{ rhel9cis_aide_cron.aide_day }}'
-  aide_month: '{{ rhel9cis_aide_cron.aide_month }}'
-  aide_weekday: '{{ rhel9cis_aide_cron.aide_weekday }}'
-
-# 1.5.1 Bootloader password
-rhel9cis_bootloader_password: {{ rhel9cis_bootloader_password_hash }}
-rhel9cis_set_boot_pass: {{ rhel9cis_set_boot_pass }}
-
-# 1.10 crypto
-rhel9cis_crypto_policy: {{ rhel9cis_crypto_policy }}
-
-# Warning Banner Content (issue, issue.net, motd)
-rhel9cis_warning_banner: {{ rhel9cis_warning_banner }}
-# End Banner
-
-
-# Whether or not to run tasks related to auditing/patching the desktop environment
-rhel9cis_gui: {{ rhel9cis_gui }}
-
-# xinetd required
-rhel9cis_xinetd_server: {{ rhel9cis_xinetd_server }}
-
-# IPv6 required
-rhel9cis_ipv6_required: {{ rhel9cis_ipv6_required }}
-
-# System network parameters (host only OR host and router)
-rhel9cis_is_router: {{ rhel9cis_is_router }}
-
-
-rhel9cis_firewall: {{ rhel9cis_firewall }}
-#rhel9cis_firewall: iptables
-rhel9cis_default_firewall_zone: {{ rhel9cis_default_zone }}
-rhel9cis_firewall_interface: 
-- enp0s3 
-- enp0s8
-
-rhel9cis_firewall_services: {{ rhel9cis_firewall_services }}
-
-
-### Section 4
-## auditd settings
-rhel9cis_auditd:
-  space_left_action: {{ rhel9cis_auditd.space_left_action}}
-  action_mail_acct: {{ rhel9cis_auditd.action_mail_acct }}
-  admin_space_left_action: {{ rhel9cis_auditd.admin_space_left_action }}
-  max_log_file_action: {{ rhel9cis_auditd.max_log_file_action }}
-  auditd_backlog_limit: {{ rhel9cis_audit_back_log_limit }}
-
-## syslog
-rhel9_cis_rsyslog: true
-
-### Section 5
-rhel9cis_sshd_limited: false
-#Note the following to understand precedence and layout
-rhel9cis_sshd_access:
-  AllowUser:
-  AllowGroup:
-  DenyUser:
-  DenyGroup:
-
-rhel9cis_ssh_aliveinterval: "300"
-rhel9cis_ssh_countmax: "3"
-
-rhel9cis_sudolog_location: {{ rhel9cis_sudolog_location }}
-
-## PAM
-rhel9cis_pam_password: 
-  minlen: {{ rhel9cis_pam_password.minlen }}
-  minclass: {{ rhel9cis_pam_password.minclass }}
-rhel9cis_pam_passwd_retry: "3"
-# faillock or tally2
-rhel9cis_accountlock: faillock
-
-## note this is to skip tests
-skip_rhel9cis_pam_passwd_auth: true
-skip_rhel9cis_pam_system_auth: true
-
-# choose one of below
-rhel9cis_pwhistory_so: "14"
-rhel9cis_unix_so: false
-rhel9cis_passwd_remember: "5"
-
-# logins.def password settings
-rhel9cis_pass:
-  max_days: {{ rhel9cis_pass.max_days }}
-  min_days: {{ rhel9cis_pass.min_days }}
-  warn_age: {{ rhel9cis_pass.warn_age }}
-
-# 5.3.1/5.3.2 Custon authselect profile settings. Settings in place now will fail, they are place holders from the control example
-rhel9cis_authselect:
-  custom_profile_name: {{ rhel9cis_authselect['custom_profile_name'] }}
-  default_file_to_copy: {{ rhel9cis_authselect.default_file_to_copy }}
-  options: {{ rhel9cis_authselect.options }}
-
-# 5.3.1 Enable automation to creat custom profile settings, using the setings above
-rhel9cis_authselect_custom_profile_create: {{ rhel9cis_authselect_custom_profile_create }}
-
-# 5.3.2 Enable automation to select custom profile options, using the settings above
-rhel9cis_authselect_custom_profile_select: {{ rhel9cis_authselect_custom_profile_select }}
-
-# 5.7
-rhel9cis_sugroup: {{ rhel9cis_sugroup| default('wheel') }}
-rhel9cis_sugroup_users: {{ rhel9cis_sugroup_users }}