-
Notifications
You must be signed in to change notification settings - Fork 11
/
main.yml
581 lines (581 loc) · 20.3 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
---
# defaults file for rhel9_cis
var_system_crypto_policy: DEFAULT
inactivity_timeout_value: '900'
var_screensaver_lock_delay: '5'
var_sudo_logfile: /var/log/sudo.log
var_sudo_timestamp_timeout: '5'
var_authselect_profile: sssd
login_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
remote_login_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
motd_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
var_password_pam_remember: '5'
var_password_pam_remember_control_flag: requisite,required
var_accounts_passwords_pam_faillock_deny: '3'
var_accounts_passwords_pam_faillock_unlock_time: '900'
var_password_pam_minclass: '4'
var_password_pam_minlen: '14'
var_password_pam_retry: '3'
var_password_hashing_algorithm: SHA512
var_account_disable_post_pw_expiration: '30'
var_accounts_maximum_age_login_defs: '365'
var_accounts_minimum_age_login_defs: '1'
var_accounts_password_warn_age_login_defs: '7'
var_pam_wheel_group_for_su: sugroup
var_accounts_tmout: '900'
var_accounts_user_umask: '027'
var_accounts_passwords_pam_faillock_dir: /var/run/faillock
var_auditd_action_mail_acct: root
var_auditd_admin_space_left_action: halt
var_auditd_max_log_file: '6'
var_auditd_max_log_file_action: keep_logs
var_auditd_space_left_action: email
sysctl_net_ipv6_conf_all_accept_ra_value: '0'
sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
sysctl_net_ipv6_conf_all_forwarding_value: '0'
sysctl_net_ipv6_conf_default_accept_ra_value: '0'
sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
sysctl_net_ipv6_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_log_martians_value: '1'
sysctl_net_ipv4_conf_all_rp_filter_value: '1'
sysctl_net_ipv4_conf_all_secure_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_default_log_martians_value: '1'
sysctl_net_ipv4_conf_default_rp_filter_value: '1'
sysctl_net_ipv4_conf_default_secure_redirects_value: '0'
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: '1'
sysctl_net_ipv4_tcp_syncookies_value: '1'
var_nftables_family: inet
var_nftables_table: firewalld
var_selinux_policy_name: targeted
var_selinux_state: enforcing
var_postfix_inet_interfaces: loopback-only
var_multiple_time_servers: 0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org
var_sshd_set_keepalive: '0'
sshd_idle_timeout_value: '900'
var_sshd_set_login_grace_time: '60'
sshd_max_auth_tries_value: '4'
var_sshd_max_sessions: '10'
var_sshd_set_maxstartups: 10:30:60
DISA_STIG_RHEL_09_211020: true
DISA_STIG_RHEL_09_211040: true
DISA_STIG_RHEL_09_212025: true
DISA_STIG_RHEL_09_212030: true
DISA_STIG_RHEL_09_212055: true
DISA_STIG_RHEL_09_213065: true
DISA_STIG_RHEL_09_213070: true
DISA_STIG_RHEL_09_213085: true
DISA_STIG_RHEL_09_213090: true
DISA_STIG_RHEL_09_214015: true
DISA_STIG_RHEL_09_215015: true
DISA_STIG_RHEL_09_215040: true
DISA_STIG_RHEL_09_215060: true
DISA_STIG_RHEL_09_231045: true
DISA_STIG_RHEL_09_231050: true
DISA_STIG_RHEL_09_231110: true
DISA_STIG_RHEL_09_231115: true
DISA_STIG_RHEL_09_231120: true
DISA_STIG_RHEL_09_231125: true
DISA_STIG_RHEL_09_231130: true
DISA_STIG_RHEL_09_231135: true
DISA_STIG_RHEL_09_231140: true
DISA_STIG_RHEL_09_231145: true
DISA_STIG_RHEL_09_231150: true
DISA_STIG_RHEL_09_231155: true
DISA_STIG_RHEL_09_231160: true
DISA_STIG_RHEL_09_231165: true
DISA_STIG_RHEL_09_231170: true
DISA_STIG_RHEL_09_231175: true
DISA_STIG_RHEL_09_231180: true
DISA_STIG_RHEL_09_231185: true
DISA_STIG_RHEL_09_232040: true
DISA_STIG_RHEL_09_232050: true
DISA_STIG_RHEL_09_232055: true
DISA_STIG_RHEL_09_232060: true
DISA_STIG_RHEL_09_232065: true
DISA_STIG_RHEL_09_232070: true
DISA_STIG_RHEL_09_232075: true
DISA_STIG_RHEL_09_232080: true
DISA_STIG_RHEL_09_232085: true
DISA_STIG_RHEL_09_232090: true
DISA_STIG_RHEL_09_232095: true
DISA_STIG_RHEL_09_232100: true
DISA_STIG_RHEL_09_232105: true
DISA_STIG_RHEL_09_232110: true
DISA_STIG_RHEL_09_232115: true
DISA_STIG_RHEL_09_232120: true
DISA_STIG_RHEL_09_232125: true
DISA_STIG_RHEL_09_232130: true
DISA_STIG_RHEL_09_232135: true
DISA_STIG_RHEL_09_232140: true
DISA_STIG_RHEL_09_232145: true
DISA_STIG_RHEL_09_232150: true
DISA_STIG_RHEL_09_232155: true
DISA_STIG_RHEL_09_232160: true
DISA_STIG_RHEL_09_232165: true
DISA_STIG_RHEL_09_232230: true
DISA_STIG_RHEL_09_232235: true
DISA_STIG_RHEL_09_232245: true
DISA_STIG_RHEL_09_232265: true
DISA_STIG_RHEL_09_232270: true
DISA_STIG_RHEL_09_251010: true
DISA_STIG_RHEL_09_251015: true
DISA_STIG_RHEL_09_253010: true
DISA_STIG_RHEL_09_253015: true
DISA_STIG_RHEL_09_253020: true
DISA_STIG_RHEL_09_253025: true
DISA_STIG_RHEL_09_253030: true
DISA_STIG_RHEL_09_253035: true
DISA_STIG_RHEL_09_253040: true
DISA_STIG_RHEL_09_253045: true
DISA_STIG_RHEL_09_253050: true
DISA_STIG_RHEL_09_253055: true
DISA_STIG_RHEL_09_253060: true
DISA_STIG_RHEL_09_253065: true
DISA_STIG_RHEL_09_253070: true
DISA_STIG_RHEL_09_254010: true
DISA_STIG_RHEL_09_254015: true
DISA_STIG_RHEL_09_254020: true
DISA_STIG_RHEL_09_254025: true
DISA_STIG_RHEL_09_254030: true
DISA_STIG_RHEL_09_254035: true
DISA_STIG_RHEL_09_254040: true
DISA_STIG_RHEL_09_255030: true
DISA_STIG_RHEL_09_255040: true
DISA_STIG_RHEL_09_255045: true
DISA_STIG_RHEL_09_255050: true
DISA_STIG_RHEL_09_255055: true
DISA_STIG_RHEL_09_255080: true
DISA_STIG_RHEL_09_255085: true
DISA_STIG_RHEL_09_255095: true
DISA_STIG_RHEL_09_255100: true
DISA_STIG_RHEL_09_255105: true
DISA_STIG_RHEL_09_255110: true
DISA_STIG_RHEL_09_255115: true
DISA_STIG_RHEL_09_255120: true
DISA_STIG_RHEL_09_255125: true
DISA_STIG_RHEL_09_255145: true
DISA_STIG_RHEL_09_255155: true
DISA_STIG_RHEL_09_271010: true
DISA_STIG_RHEL_09_271015: true
DISA_STIG_RHEL_09_271020: true
DISA_STIG_RHEL_09_271025: true
DISA_STIG_RHEL_09_271030: true
DISA_STIG_RHEL_09_271035: true
DISA_STIG_RHEL_09_271065: true
DISA_STIG_RHEL_09_271070: true
DISA_STIG_RHEL_09_271075: true
DISA_STIG_RHEL_09_271080: true
DISA_STIG_RHEL_09_271090: true
DISA_STIG_RHEL_09_271115: true
DISA_STIG_RHEL_09_291010: true
DISA_STIG_RHEL_09_291040: true
DISA_STIG_RHEL_09_411010: true
DISA_STIG_RHEL_09_411015: true
DISA_STIG_RHEL_09_411035: true
DISA_STIG_RHEL_09_411050: true
DISA_STIG_RHEL_09_411065: true
DISA_STIG_RHEL_09_411070: true
DISA_STIG_RHEL_09_411075: true
DISA_STIG_RHEL_09_411090: true
DISA_STIG_RHEL_09_411100: true
DISA_STIG_RHEL_09_412035: true
DISA_STIG_RHEL_09_412055: true
DISA_STIG_RHEL_09_412065: true
DISA_STIG_RHEL_09_412070: true
DISA_STIG_RHEL_09_431010: true
DISA_STIG_RHEL_09_431015: true
DISA_STIG_RHEL_09_432010: true
DISA_STIG_RHEL_09_432015: true
DISA_STIG_RHEL_09_611010: true
DISA_STIG_RHEL_09_611015: true
DISA_STIG_RHEL_09_611020: true
DISA_STIG_RHEL_09_611025: true
DISA_STIG_RHEL_09_611075: true
DISA_STIG_RHEL_09_611080: true
DISA_STIG_RHEL_09_611090: true
DISA_STIG_RHEL_09_611130: true
DISA_STIG_RHEL_09_611140: true
DISA_STIG_RHEL_09_611155: true
DISA_STIG_RHEL_09_651010: true
DISA_STIG_RHEL_09_651015: true
DISA_STIG_RHEL_09_651025: true
DISA_STIG_RHEL_09_652010: true
DISA_STIG_RHEL_09_652020: true
DISA_STIG_RHEL_09_652025: true
DISA_STIG_RHEL_09_653010: true
DISA_STIG_RHEL_09_653015: true
DISA_STIG_RHEL_09_653040: true
DISA_STIG_RHEL_09_653050: true
DISA_STIG_RHEL_09_653070: true
DISA_STIG_RHEL_09_653090: true
DISA_STIG_RHEL_09_653120: true
DISA_STIG_RHEL_09_654015: true
DISA_STIG_RHEL_09_654020: true
DISA_STIG_RHEL_09_654025: true
DISA_STIG_RHEL_09_654035: true
DISA_STIG_RHEL_09_654040: true
DISA_STIG_RHEL_09_654045: true
DISA_STIG_RHEL_09_654065: true
DISA_STIG_RHEL_09_654070: true
DISA_STIG_RHEL_09_654075: true
DISA_STIG_RHEL_09_654080: true
DISA_STIG_RHEL_09_654105: true
DISA_STIG_RHEL_09_654175: true
DISA_STIG_RHEL_09_654225: true
DISA_STIG_RHEL_09_654230: true
DISA_STIG_RHEL_09_654235: true
DISA_STIG_RHEL_09_654240: true
DISA_STIG_RHEL_09_654245: true
DISA_STIG_RHEL_09_654250: true
DISA_STIG_RHEL_09_654255: true
DISA_STIG_RHEL_09_654275: true
DISA_STIG_RHEL_09_671010: true
DISA_STIG_RHEL_09_671025: true
DISA_STIG_RHEL_09_672030: true
DISA_STIG_RHEL_09_672045: true
account_disable_post_pw_expiration: true
accounts_maximum_age_login_defs: true
accounts_minimum_age_login_defs: true
accounts_no_uid_except_zero: true
accounts_password_pam_minclass: true
accounts_password_pam_minlen: true
accounts_password_pam_pwhistory_remember_password_auth: true
accounts_password_pam_pwhistory_remember_system_auth: true
accounts_password_pam_retry: true
accounts_password_set_max_life_existing: true
accounts_password_set_min_life_existing: true
accounts_password_set_warn_age_existing: true
accounts_password_warn_age_login_defs: true
accounts_passwords_pam_faillock_deny: true
accounts_passwords_pam_faillock_unlock_time: true
accounts_root_path_dirs_no_write: true
accounts_set_post_pw_existing: true
accounts_tmout: true
accounts_umask_etc_bashrc: true
accounts_umask_etc_login_defs: true
accounts_umask_etc_profile: true
accounts_user_interactive_home_directory_exists: true
aide_build_database: true
aide_check_audit_tools: true
aide_periodic_cron_checking: true
audit_rules_dac_modification_chmod: true
audit_rules_dac_modification_chown: true
audit_rules_dac_modification_fchmod: true
audit_rules_dac_modification_fchmodat: true
audit_rules_dac_modification_fchown: true
audit_rules_dac_modification_fchownat: true
audit_rules_dac_modification_fremovexattr: true
audit_rules_dac_modification_fsetxattr: true
audit_rules_dac_modification_lchown: true
audit_rules_dac_modification_lremovexattr: true
audit_rules_dac_modification_lsetxattr: true
audit_rules_dac_modification_removexattr: true
audit_rules_dac_modification_setxattr: true
audit_rules_execution_chacl: true
audit_rules_execution_chcon: true
audit_rules_execution_setfacl: true
audit_rules_file_deletion_events_rename: true
audit_rules_file_deletion_events_renameat: true
audit_rules_file_deletion_events_unlink: true
audit_rules_file_deletion_events_unlinkat: true
audit_rules_immutable: true
audit_rules_kernel_module_loading_create: true
audit_rules_kernel_module_loading_delete: true
audit_rules_kernel_module_loading_finit: true
audit_rules_kernel_module_loading_init: true
audit_rules_kernel_module_loading_query: true
audit_rules_login_events_faillock: true
audit_rules_login_events_lastlog: true
audit_rules_mac_modification: true
audit_rules_mac_modification_usr_share: true
audit_rules_media_export: true
audit_rules_networkconfig_modification: true
audit_rules_privileged_commands: true
audit_rules_privileged_commands_kmod: true
audit_rules_privileged_commands_usermod: true
audit_rules_session_events: true
audit_rules_suid_auid_privilege_function: true
audit_rules_sysadmin_actions: true
audit_rules_time_adjtimex: true
audit_rules_time_clock_settime: true
audit_rules_time_settimeofday: true
audit_rules_time_stime: true
audit_rules_time_watch_localtime: true
audit_rules_unsuccessful_file_modification_creat: true
audit_rules_unsuccessful_file_modification_ftruncate: true
audit_rules_unsuccessful_file_modification_open: true
audit_rules_unsuccessful_file_modification_openat: true
audit_rules_unsuccessful_file_modification_truncate: true
audit_rules_usergroup_modification_group: true
audit_rules_usergroup_modification_gshadow: true
audit_rules_usergroup_modification_opasswd: true
audit_rules_usergroup_modification_passwd: true
audit_rules_usergroup_modification_shadow: true
audit_sudo_log_events: true
auditd_data_retention_action_mail_acct: true
auditd_data_retention_admin_space_left_action: true
auditd_data_retention_max_log_file: true
auditd_data_retention_max_log_file_action: true
auditd_data_retention_space_left_action: true
banner_etc_issue: true
banner_etc_issue_net: true
banner_etc_motd: true
chronyd_specify_remote_server: true
configure_crypto_policy: true
configure_ssh_crypto_policy: true
configure_strategy: true
coredump_disable_backtraces: true
coredump_disable_storage: true
dconf_db_up_to_date: true
dconf_gnome_banner_enabled: true
dconf_gnome_disable_automount: true
dconf_gnome_disable_automount_open: true
dconf_gnome_disable_autorun: true
dconf_gnome_disable_user_list: true
dconf_gnome_login_banner_text: true
dconf_gnome_screensaver_idle_delay: true
dconf_gnome_screensaver_lock_delay: true
dconf_gnome_screensaver_user_locks: true
dconf_gnome_session_idle_user_locks: true
dir_perms_world_writable_sticky_bits: true
disable_host_auth: true
disable_strategy: true
enable_authselect: true
enable_strategy: true
ensure_gpgcheck_globally_activated: true
ensure_pam_wheel_group_empty: true
file_at_deny_not_exist: true
file_cron_allow_exists: true
file_cron_deny_not_exist: true
file_groupowner_at_allow: true
file_groupowner_backup_etc_group: true
file_groupowner_backup_etc_gshadow: true
file_groupowner_backup_etc_passwd: true
file_groupowner_backup_etc_shadow: true
file_groupowner_cron_allow: true
file_groupowner_cron_d: true
file_groupowner_cron_daily: true
file_groupowner_cron_hourly: true
file_groupowner_cron_monthly: true
file_groupowner_cron_weekly: true
file_groupowner_crontab: true
file_groupowner_etc_group: true
file_groupowner_etc_gshadow: true
file_groupowner_etc_issue: true
file_groupowner_etc_issue_net: true
file_groupowner_etc_motd: true
file_groupowner_etc_passwd: true
file_groupowner_etc_shadow: true
file_groupowner_grub2_cfg: true
file_groupowner_sshd_config: true
file_groupowner_user_cfg: true
file_groupownership_audit_binaries: true
file_groupownership_audit_configuration: true
file_groupownership_home_directories: true
file_groupownership_sshd_private_key: true
file_groupownership_sshd_pub_key: true
file_owner_backup_etc_group: true
file_owner_backup_etc_gshadow: true
file_owner_backup_etc_passwd: true
file_owner_backup_etc_shadow: true
file_owner_cron_allow: true
file_owner_cron_d: true
file_owner_cron_daily: true
file_owner_cron_hourly: true
file_owner_cron_monthly: true
file_owner_cron_weekly: true
file_owner_crontab: true
file_owner_etc_group: true
file_owner_etc_gshadow: true
file_owner_etc_issue: true
file_owner_etc_issue_net: true
file_owner_etc_motd: true
file_owner_etc_passwd: true
file_owner_etc_shadow: true
file_owner_grub2_cfg: true
file_owner_sshd_config: true
file_owner_user_cfg: true
file_ownership_audit_binaries: true
file_ownership_audit_configuration: true
file_ownership_sshd_private_key: true
file_ownership_sshd_pub_key: true
file_permissions_at_allow: true
file_permissions_audit_binaries: true
file_permissions_audit_configuration: true
file_permissions_backup_etc_group: true
file_permissions_backup_etc_gshadow: true
file_permissions_backup_etc_passwd: true
file_permissions_backup_etc_shadow: true
file_permissions_cron_allow: true
file_permissions_cron_d: true
file_permissions_cron_daily: true
file_permissions_cron_hourly: true
file_permissions_cron_monthly: true
file_permissions_cron_weekly: true
file_permissions_crontab: true
file_permissions_etc_group: true
file_permissions_etc_gshadow: true
file_permissions_etc_issue: true
file_permissions_etc_issue_net: true
file_permissions_etc_motd: true
file_permissions_etc_passwd: true
file_permissions_etc_shadow: true
file_permissions_grub2_cfg: true
file_permissions_home_directories: true
file_permissions_sshd_config: true
file_permissions_sshd_private_key: true
file_permissions_sshd_pub_key: true
file_permissions_user_cfg: true
file_permissions_var_log_audit: true
firewalld_loopback_traffic_restricted: true
firewalld_loopback_traffic_trusted: true
gnome_gdm_disable_xdmcp: true
grub2_audit_argument: true
grub2_audit_backlog_limit_argument: true
grub2_enable_selinux: true
high_disruption: true
high_severity: true
journald_compress: true
journald_forward_to_syslog: true
journald_storage: true
kernel_module_squashfs_disabled: true
kernel_module_tipc_disabled: true
kernel_module_udf_disabled: true
low_complexity: true
low_disruption: true
low_severity: true
medium_complexity: true
medium_disruption: true
medium_severity: true
mount_option_dev_shm_nodev: true
mount_option_dev_shm_noexec: true
mount_option_dev_shm_nosuid: true
mount_option_home_nodev: true
mount_option_home_nosuid: true
mount_option_tmp_nodev: true
mount_option_tmp_noexec: true
mount_option_tmp_nosuid: true
mount_option_var_log_audit_nodev: true
mount_option_var_log_audit_noexec: true
mount_option_var_log_audit_nosuid: true
mount_option_var_log_nodev: true
mount_option_var_log_noexec: true
mount_option_var_log_nosuid: true
mount_option_var_nodev: true
mount_option_var_nosuid: true
mount_option_var_tmp_nodev: true
mount_option_var_tmp_noexec: true
mount_option_var_tmp_nosuid: true
no_empty_passwords: true
no_empty_passwords_etc_shadow: true
no_password_auth_for_systemaccounts: true
no_reboot_needed: true
no_rsh_trust_files: true
no_shelllogin_for_systemaccounts: true
package_aide_installed: true
package_audit_installed: true
package_avahi_removed: true
package_bind_removed: true
package_cups_removed: true
package_cyrus_imapd_removed: true
package_dhcp_removed: true
package_dnsmasq_removed: true
package_dovecot_removed: true
package_firewalld_installed: true
package_ftp_removed: true
package_gdm_removed: true
package_httpd_removed: true
package_libselinux_installed: true
package_mcstrans_removed: true
package_net_snmp_removed: true
package_nftables_installed: true
package_nginx_removed: true
package_openldap_clients_removed: true
package_rsync_removed: true
package_rsyslog_installed: true
package_samba_removed: true
package_setroubleshoot_removed: true
package_squid_removed: true
package_sudo_installed: true
package_telnet_removed: true
package_telnet_server_removed: true
package_tftp_removed: true
package_tftp_server_removed: true
package_vsftpd_removed: true
package_xorg_x11_server_common_removed: true
postfix_network_listening_disabled: true
reboot_required: true
restrict_strategy: true
rsyslog_filecreatemode: true
rsyslog_files_groupownership: true
rsyslog_files_ownership: true
rsyslog_files_permissions: true
rsyslog_nolisten: true
selinux_not_disabled: true
selinux_policytype: true
selinux_state: true
service_auditd_enabled: true
service_crond_enabled: true
service_firewalld_enabled: true
service_nfs_disabled: true
service_nftables_disabled: true
service_rpcbind_disabled: true
service_rsyslog_enabled: true
service_systemd_journald_enabled: true
set_nftables_table: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
sshd_disable_empty_passwords: true
sshd_disable_rhosts: true
sshd_disable_root_login: true
sshd_disable_tcp_forwarding: true
sshd_disable_x11_forwarding: true
sshd_do_not_permit_user_env: true
sshd_enable_pam: true
sshd_enable_warning_banner_net: true
sshd_set_idle_timeout: true
sshd_set_keepalive: true
sshd_set_login_grace_time: true
sshd_set_loglevel_verbose: true
sshd_set_max_auth_tries: true
sshd_set_max_sessions: true
sshd_set_maxstartups: true
sudo_add_use_pty: true
sudo_custom_logfile: true
sudo_require_authentication: true
sudo_require_reauthentication: true
sysctl_kernel_randomize_va_space: true
sysctl_net_ipv4_conf_all_accept_redirects: true
sysctl_net_ipv4_conf_all_accept_source_route: true
sysctl_net_ipv4_conf_all_log_martians: true
sysctl_net_ipv4_conf_all_rp_filter: true
sysctl_net_ipv4_conf_all_secure_redirects: true
sysctl_net_ipv4_conf_all_send_redirects: true
sysctl_net_ipv4_conf_default_accept_redirects: true
sysctl_net_ipv4_conf_default_accept_source_route: true
sysctl_net_ipv4_conf_default_log_martians: true
sysctl_net_ipv4_conf_default_rp_filter: true
sysctl_net_ipv4_conf_default_secure_redirects: true
sysctl_net_ipv4_conf_default_send_redirects: true
sysctl_net_ipv4_icmp_echo_ignore_broadcasts: true
sysctl_net_ipv4_icmp_ignore_bogus_error_responses: true
sysctl_net_ipv4_ip_forward: true
sysctl_net_ipv4_tcp_syncookies: true
sysctl_net_ipv6_conf_all_accept_ra: true
sysctl_net_ipv6_conf_all_accept_redirects: true
sysctl_net_ipv6_conf_all_accept_source_route: true
sysctl_net_ipv6_conf_all_forwarding: true
sysctl_net_ipv6_conf_default_accept_ra: true
sysctl_net_ipv6_conf_default_accept_redirects: true
sysctl_net_ipv6_conf_default_accept_source_route: true
unknown_severity: true
unknown_strategy: true
use_pam_wheel_group_for_su: true
wireless_disable_interfaces: true