sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

section 1.8 alignment v1.0.0

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-20 10:29:50 +00:00
parent 45435dd2ba
commit de88c96f24
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
9 changed files with 198 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

5
templates/ansible_vars_goss.yml.j2
View file

@ -387,6 +387,11 @@ rhel9cis_warning_banner: {{ rhel9cis_warning_banner }}
# aide setup via - cron, timer
rhel9_aide_scan: cron
# 1.8 Gnome Desktop
rhel9cis_dconf_db_name: {{ rhel9cis_dconf_db_name }}
rhel9cis_screensaver_idle_delay: {{ rhel9cis_screensaver_idle_delay }} # Set max value for idle-delay in seconds (between 1 and 900)
rhel9cis_screensaver_lock_delay: {{ rhel9cis_screensaver_lock_delay }} # Set max value for lock-delay in seconds (between 0 and 5)
# Section 2
## 2.2 Special Purposes
# Set to 'true' if X Windows is needed in your environment

9
templates/etc/dconf/db/00-automount_lock.j2 Normal file
View file

@ -0,0 +1,9 @@
## Ansible controlled file
# Added as part of CIS
# provided by MindPointGroup LLC
# Lock desktop media-handling automount setting
/org/gnome/desktop/media-handling/automount
# Lock desktop media-handling automount-open
/org/gnome/desktop/media-handling/automount-open

6
templates/etc/dconf/db/00-autorun_lock.j2 Normal file
View file

@ -0,0 +1,6 @@
## Ansible controlled file
# Added as part of CIS
# provided by MindPointGroup LLC
# Lock desktop media-handling settings
/org/gnome/desktop/media-handling/autorun-never

7
templates/etc/dconf/db/00-media-automount.j2 Normal file
View file

@ -0,0 +1,7 @@
## Ansible controlled file
# Added as part of CIS
# provided by MindPointGroup LLC
[org/gnome/desktop/media-handling]
automount=false
automount-open=false

6
templates/etc/dconf/db/00-media-autorun.j2 Normal file
View file

@ -0,0 +1,6 @@
## Ansible controlled file
# Added as part of CIS
# provided by MindPointGroup LLC
[org/gnome/desktop/media-handling]
autorun-never=true

17
templates/etc/dconf/db/00-screensaver.j2 Normal file
View file

@ -0,0 +1,17 @@
## Ansible controlled file
# Added as part of CIS
# provided by MindPointGroup LLC
# Specify the dconf path
[org/gnome/desktop/session]
# Number of seconds of inactivity before the screen goes blank
# Set to 0 seconds if you want to deactivate the screensaver.
idle-delay=uint32 {{ ubtu22cis_screensaver_idle_delay }}
# Specify the dconf path
[org/gnome/desktop/screensaver]
# Number of seconds after the screen is blank before locking the screen
lock-delay=uint32 {{ ubtu22cis_screensaver_lock_delay }}

9
templates/etc/dconf/db/00-screensaver_lock.j2 Normal file
View file

@ -0,0 +1,9 @@
## Ansible controlled file
# Added as part of CIS
# provided by MindPointGroup LLC
# Lock desktop screensaver idle-delay setting
/org/gnome/desktop/session/idle-delay
# Lock desktop screensaver lock-delay setting
/org/gnome/desktop/screensaver/lock-delay