-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yml
182 lines (182 loc) · 6.11 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
---
# defaults file for rhel8_cjis
var_system_crypto_policy: FIPS
inactivity_timeout_value: '1800'
var_authselect_profile: sssd
var_password_pam_difok: '6'
var_password_pam_minlen: '12'
var_password_hashing_algorithm: SHA512
var_account_disable_post_pw_expiration: '0'
var_accounts_minimum_age_login_defs: '1'
var_accounts_max_concurrent_login_sessions: '3'
var_auditd_action_mail_acct: root
var_auditd_admin_space_left_action: single
var_auditd_max_log_file: '6'
var_auditd_max_log_file_action: rotate
var_auditd_num_logs: '5'
var_auditd_space_left_action: email
sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
sysctl_net_ipv4_tcp_syncookies_value: '1'
sshd_idle_timeout_value: '1800'
firewalld_sshd_zone: public
DISA_STIG_RHEL_08_010010: true
DISA_STIG_RHEL_08_010019: true
DISA_STIG_RHEL_08_010020: true
DISA_STIG_RHEL_08_010040: true
DISA_STIG_RHEL_08_010110: true
DISA_STIG_RHEL_08_010159: true
DISA_STIG_RHEL_08_010160: true
DISA_STIG_RHEL_08_010201: true
DISA_STIG_RHEL_08_010287: true
DISA_STIG_RHEL_08_010359: true
DISA_STIG_RHEL_08_010370: true
DISA_STIG_RHEL_08_010550: true
DISA_STIG_RHEL_08_010830: true
DISA_STIG_RHEL_08_020024: true
DISA_STIG_RHEL_08_020030: true
DISA_STIG_RHEL_08_020060: true
DISA_STIG_RHEL_08_020081: true
DISA_STIG_RHEL_08_020170: true
DISA_STIG_RHEL_08_020190: true
DISA_STIG_RHEL_08_020230: true
DISA_STIG_RHEL_08_020260: true
DISA_STIG_RHEL_08_020330: true
DISA_STIG_RHEL_08_020331: true
DISA_STIG_RHEL_08_020332: true
DISA_STIG_RHEL_08_020340: true
DISA_STIG_RHEL_08_030020: true
DISA_STIG_RHEL_08_030070: true
DISA_STIG_RHEL_08_030121: true
DISA_STIG_RHEL_08_030181: true
DISA_STIG_RHEL_08_030200: true
DISA_STIG_RHEL_08_030302: true
DISA_STIG_RHEL_08_030480: true
DISA_STIG_RHEL_08_030490: true
DISA_STIG_RHEL_08_030601: true
DISA_STIG_RHEL_08_030731: true
DISA_STIG_RHEL_08_040023: true
DISA_STIG_RHEL_08_040101: true
DISA_STIG_RHEL_08_040111: true
DISA_STIG_RHEL_08_040209: true
DISA_STIG_RHEL_08_040220: true
DISA_STIG_RHEL_08_040230: true
DISA_STIG_RHEL_08_040249: true
DISA_STIG_RHEL_08_040270: true
DISA_STIG_RHEL_08_040279: true
account_disable_post_pw_expiration: true
accounts_max_concurrent_login_sessions: true
accounts_minimum_age_login_defs: true
accounts_password_pam_difok: true
accounts_password_pam_minlen: true
aide_build_database: true
aide_periodic_cron_checking: true
audit_rules_dac_modification_chmod: true
audit_rules_dac_modification_chown: true
audit_rules_dac_modification_fchmod: true
audit_rules_dac_modification_fchmodat: true
audit_rules_dac_modification_fchown: true
audit_rules_dac_modification_fchownat: true
audit_rules_dac_modification_fremovexattr: true
audit_rules_dac_modification_fsetxattr: true
audit_rules_dac_modification_lchown: true
audit_rules_dac_modification_lremovexattr: true
audit_rules_dac_modification_lsetxattr: true
audit_rules_dac_modification_removexattr: true
audit_rules_dac_modification_setxattr: true
audit_rules_immutable: true
audit_rules_kernel_module_loading: true
audit_rules_mac_modification: true
audit_rules_media_export: true
audit_rules_networkconfig_modification: true
audit_rules_privileged_commands: true
audit_rules_session_events: true
audit_rules_sysadmin_actions: true
audit_rules_time_adjtimex: true
audit_rules_time_clock_settime: true
audit_rules_time_settimeofday: true
audit_rules_time_stime: true
audit_rules_time_watch_localtime: true
auditd_audispd_syslog_plugin_activated: true
auditd_data_retention_action_mail_acct: true
auditd_data_retention_admin_space_left_action: true
auditd_data_retention_max_log_file: true
auditd_data_retention_max_log_file_action: true
auditd_data_retention_num_logs: true
auditd_data_retention_space_left_action: true
configure_crypto_policy: true
configure_ssh_crypto_policy: true
configure_strategy: true
dconf_db_up_to_date: true
dconf_gnome_screensaver_idle_activation_enabled: true
dconf_gnome_screensaver_idle_delay: true
dconf_gnome_screensaver_lock_enabled: true
dconf_gnome_screensaver_mode_blank: true
dconf_gnome_session_idle_user_locks: true
disable_host_auth: true
disable_strategy: true
display_login_attempts: true
enable_authselect: true
enable_strategy: true
ensure_gpgcheck_globally_activated: true
ensure_gpgcheck_never_disabled: true
ensure_redhat_gpgkey_installed: true
file_groupowner_etc_group: true
file_groupowner_etc_passwd: true
file_groupowner_etc_shadow: true
file_groupowner_grub2_cfg: true
file_owner_etc_group: true
file_owner_etc_passwd: true
file_owner_etc_shadow: true
file_owner_grub2_cfg: true
file_permissions_etc_group: true
file_permissions_etc_passwd: true
file_permissions_etc_shadow: true
file_permissions_var_log_audit: true
firewalld_sshd_port_enabled: true
grub2_audit_argument: true
high_complexity: true
high_disruption: true
high_severity: true
kernel_module_bluetooth_disabled: true
kernel_module_dccp_disabled: true
kernel_module_sctp_disabled: true
low_complexity: true
low_disruption: true
low_severity: true
medium_complexity: true
medium_disruption: true
medium_severity: true
no_empty_passwords: true
no_reboot_needed: true
package_aide_installed: true
patch_strategy: true
reboot_required: true
restrict_strategy: true
rpm_verify_hashes: true
rpm_verify_permissions: true
security_patches_up_to_date: true
service_auditd_enabled: true
service_firewalld_enabled: true
set_password_hashing_algorithm_libuserconf: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
skip_ansible_lint: true
sshd_allow_only_protocol2: true
sshd_disable_empty_passwords: true
sshd_disable_root_login: true
sshd_do_not_permit_user_env: true
sshd_enable_warning_banner: true
sshd_set_idle_timeout: true
sshd_set_keepalive_0: true
sysctl_net_ipv4_conf_all_accept_redirects: true
sysctl_net_ipv4_conf_all_send_redirects: true
sysctl_net_ipv4_conf_default_accept_redirects: true
sysctl_net_ipv4_conf_default_accept_source_route: true
sysctl_net_ipv4_conf_default_send_redirects: true
sysctl_net_ipv4_icmp_echo_ignore_broadcasts: true
sysctl_net_ipv4_tcp_syncookies: true
unknown_strategy: true