sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

tidy up and realign

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-08-09 13:14:56 +01:00
parent 89345c12f8
commit fd3b9703e3
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
3 changed files with 642 additions and 380 deletions
Download patch file Download diff file Expand all files Collapse all files

15
defaults/main.yml
View file

@ -4,21 +4,6 @@
# These values may be overriden by other vars-setting options(e.g. like the below 'container_vars_file'), as explained here: # These values may be overriden by other vars-setting options(e.g. like the below 'container_vars_file'), as explained here:
# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable # https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable
## Usage on containerized images
# The role discovers dynamically (in tasks/main.yml) whether it
# is executed on a container image and sets the variable
# system_is_container the true. Otherwise, the default value
# 'false' is left unchanged.
system_is_container: false
# The filename of the existing yml file in role's 'vars/' sub-directory
# to be used for managing the role-behavior when a container was detected:
# (de)activating rules or for other tasks(e.g. disabling Selinux or a specific
# firewall-type).
container_vars_file: is_container.yml
# rhel9cis is left off the front of this var for consistency in testing pipeline
# system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
system_is_ec2: false
# Run the OS validation check # Run the OS validation check
# Supported OSs will not need for this to be changed - see README e.g. CentOS # Supported OSs will not need for this to be changed - see README e.g. CentOS
os_check: true os_check: true

990
templates/ansible_vars_goss.yml.j2
View file

File diff suppressed because it is too large Load diff

17
vars/main.yml
View file

@ -28,3 +28,20 @@ gpg_key_package: "{{ ansible_facts.distribution | lower }}-gpg-keys"
# This variable governs if the auditd logic should be executed(if value is true). # This variable governs if the auditd logic should be executed(if value is true).
# NOTE: The current default value is likely to be overriden(via 'set_fact') by other further tasks(in sub-section 'Auditd rules'). # NOTE: The current default value is likely to be overriden(via 'set_fact') by other further tasks(in sub-section 'Auditd rules').
update_audit_template: false update_audit_template: false
# Defaults
## Usage on containerized images
# The role discovers dynamically (in tasks/main.yml) whether it
# is executed on a container image and sets the variable
# system_is_container the true. Otherwise, the default value
# 'false' is left unchanged.
system_is_container: false
# The filename of the existing yml file in role's 'vars/' sub-directory
# to be used for managing the role-behavior when a container was detected:
# (de)activating rules or for other tasks(e.g. disabling Selinux or a specific
# firewall-type).
container_vars_file: is_container.yml
# rhel9cis is left off the front of this var for consistency in testing pipeline
# system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
system_is_ec2: false