-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathmain.yml
135 lines (135 loc) · 4.14 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
# defaults file for rhel8_rht_ccp
var_system_crypto_policy: FIPS
var_authselect_profile: sssd
var_password_pam_unix_remember: '5'
var_accounts_passwords_pam_faillock_deny: '5'
var_password_pam_dcredit: '-1'
var_password_pam_difok: '3'
var_password_pam_lcredit: '-2'
var_password_pam_ocredit: '-2'
var_password_pam_retry: '3'
var_password_pam_ucredit: '-2'
var_password_hashing_algorithm: SHA512
var_accounts_minimum_age_login_defs: '7'
var_accounts_password_warn_age_login_defs: '7'
var_selinux_policy_name: targeted
var_selinux_state: enforcing
sshd_idle_timeout_value: '300'
firewalld_sshd_zone: public
DISA_STIG_RHEL_08_010010: true
DISA_STIG_RHEL_08_010019: true
DISA_STIG_RHEL_08_010020: true
DISA_STIG_RHEL_08_010040: true
DISA_STIG_RHEL_08_010110: true
DISA_STIG_RHEL_08_010151: true
DISA_STIG_RHEL_08_010159: true
DISA_STIG_RHEL_08_010160: true
DISA_STIG_RHEL_08_010170: true
DISA_STIG_RHEL_08_010201: true
DISA_STIG_RHEL_08_010287: true
DISA_STIG_RHEL_08_010300: true
DISA_STIG_RHEL_08_010310: true
DISA_STIG_RHEL_08_010330: true
DISA_STIG_RHEL_08_010340: true
DISA_STIG_RHEL_08_010359: true
DISA_STIG_RHEL_08_010370: true
DISA_STIG_RHEL_08_010450: true
DISA_STIG_RHEL_08_010550: true
DISA_STIG_RHEL_08_010830: true
DISA_STIG_RHEL_08_020011: true
DISA_STIG_RHEL_08_020104: true
DISA_STIG_RHEL_08_020110: true
DISA_STIG_RHEL_08_020120: true
DISA_STIG_RHEL_08_020130: true
DISA_STIG_RHEL_08_020170: true
DISA_STIG_RHEL_08_020190: true
DISA_STIG_RHEL_08_020280: true
DISA_STIG_RHEL_08_020330: true
DISA_STIG_RHEL_08_020331: true
DISA_STIG_RHEL_08_020332: true
DISA_STIG_RHEL_08_030070: true
DISA_STIG_RHEL_08_040000: true
DISA_STIG_RHEL_08_040023: true
DISA_STIG_RHEL_08_040101: true
DISA_STIG_RHEL_08_040200: true
accounts_minimum_age_login_defs: true
accounts_no_uid_except_zero: true
accounts_password_pam_dcredit: true
accounts_password_pam_difok: true
accounts_password_pam_lcredit: true
accounts_password_pam_ocredit: true
accounts_password_pam_retry: true
accounts_password_pam_ucredit: true
accounts_password_pam_unix_remember: true
accounts_password_warn_age_login_defs: true
accounts_passwords_pam_faillock_deny: true
configure_crypto_policy: true
configure_ssh_crypto_policy: true
configure_strategy: true
disable_host_auth: true
disable_strategy: true
enable_authselect: true
enable_strategy: true
ensure_gpgcheck_globally_activated: true
ensure_gpgcheck_never_disabled: true
ensure_redhat_gpgkey_installed: true
file_groupowner_etc_group: true
file_groupowner_etc_gshadow: true
file_groupowner_etc_passwd: true
file_groupowner_etc_shadow: true
file_groupowner_grub2_cfg: true
file_owner_etc_group: true
file_owner_etc_gshadow: true
file_owner_etc_passwd: true
file_owner_etc_shadow: true
file_owner_grub2_cfg: true
file_ownership_binary_dirs: true
file_ownership_library_dirs: true
file_permissions_binary_dirs: true
file_permissions_etc_group: true
file_permissions_etc_gshadow: true
file_permissions_etc_passwd: true
file_permissions_etc_shadow: true
file_permissions_grub2_cfg: true
file_permissions_library_dirs: true
file_permissions_var_log_audit: true
firewalld_sshd_port_enabled: true
high_disruption: true
high_severity: true
kernel_module_dccp_disabled: true
kernel_module_sctp_disabled: true
low_complexity: true
low_disruption: true
low_severity: true
medium_complexity: true
medium_disruption: true
medium_severity: true
no_empty_passwords: true
no_reboot_needed: true
no_shelllogin_for_systemaccounts: true
package_aide_installed: true
package_telnet_removed: true
package_telnet_server_removed: true
patch_strategy: true
reboot_required: true
require_singleuser_auth: true
restrict_strategy: true
security_patches_up_to_date: true
selinux_policytype: true
selinux_state: true
service_abrtd_disabled: true
service_firewalld_enabled: true
service_telnet_disabled: true
set_password_hashing_algorithm_libuserconf: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
skip_ansible_lint: true
sshd_allow_only_protocol2: true
sshd_disable_empty_passwords: true
sshd_disable_root_login: true
sshd_do_not_permit_user_env: true
sshd_enable_warning_banner: true
sshd_set_idle_timeout: true
sshd_set_keepalive_0: true