-
Notifications
You must be signed in to change notification settings - Fork 24
/
main.yml
574 lines (574 loc) · 20.6 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
---
# defaults file for rhel8_cis
var_system_crypto_policy: DEFAULT
inactivity_timeout_value: '900'
var_screensaver_lock_delay: '5'
var_sudo_logfile: /var/log/sudo.log
var_sudo_timestamp_timeout: '5'
var_authselect_profile: sssd
login_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
remote_login_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
motd_banner_text: ^(Authorized[\s\n]+uses[\s\n]+only\.[\s\n]+All[\s\n]+activity[\s\n]+may[\s\n]+be[\s\n]+monitored[\s\n]+and[\s\n]+reported\.|^(?!.*(\\|fedora|rhel|sle|ubuntu)).*)$
var_password_pam_remember: '24'
var_password_pam_remember_control_flag: requisite,required
var_accounts_passwords_pam_faillock_deny: '5'
var_accounts_passwords_pam_faillock_unlock_time: '900'
var_password_pam_dictcheck: '1'
var_password_pam_difok: '2'
var_password_pam_maxrepeat: '3'
var_password_pam_minclass: '4'
var_password_pam_minlen: '14'
var_password_hashing_algorithm: SHA512
var_account_disable_post_pw_expiration: '30'
var_accounts_maximum_age_login_defs: '365'
var_accounts_password_warn_age_login_defs: '7'
var_pam_wheel_group_for_su: sugroup
var_accounts_tmout: '900'
var_user_initialization_files_regex: ^\.[\w\- ]+$
var_accounts_user_umask: '027'
var_accounts_passwords_pam_faillock_dir: /var/run/faillock
var_auditd_disk_error_action: syslog|single|halt
var_auditd_disk_full_action: syslog|single|halt
var_auditd_action_mail_acct: root
var_auditd_admin_space_left_action: single|halt
var_auditd_max_log_file: '6'
var_auditd_max_log_file_action: keep_logs
var_auditd_space_left_action: email|exec|single|halt
sysctl_net_ipv6_conf_all_accept_ra_value: '0'
sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
sysctl_net_ipv6_conf_all_forwarding_value: '0'
sysctl_net_ipv6_conf_default_accept_ra_value: '0'
sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
sysctl_net_ipv6_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_log_martians_value: '1'
sysctl_net_ipv4_conf_all_rp_filter_value: '1'
sysctl_net_ipv4_conf_all_secure_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_default_log_martians_value: '1'
sysctl_net_ipv4_conf_default_rp_filter_value: '1'
sysctl_net_ipv4_conf_default_secure_redirects_value: '0'
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: '1'
sysctl_net_ipv4_tcp_syncookies_value: '1'
var_selinux_policy_name: targeted
var_selinux_state: enforcing
var_postfix_inet_interfaces: loopback-only
var_multiple_time_servers: 0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org
var_sshd_set_keepalive: '1'
sshd_idle_timeout_value: '300'
var_sshd_set_login_grace_time: '60'
sshd_max_auth_tries_value: '4'
var_sshd_max_sessions: '10'
var_sshd_set_maxstartups: 10:30:60
sshd_approved_ciphers: -3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,[email protected]
sshd_strong_kex: -diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
sshd_strong_macs: -hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]
DISA_STIG_RHEL_08_010020: true
DISA_STIG_RHEL_08_010049: true
DISA_STIG_RHEL_08_010050: true
DISA_STIG_RHEL_08_010060: true
DISA_STIG_RHEL_08_010110: true
DISA_STIG_RHEL_08_010121: true
DISA_STIG_RHEL_08_010159: true
DISA_STIG_RHEL_08_010160: true
DISA_STIG_RHEL_08_010170: true
DISA_STIG_RHEL_08_010190: true
DISA_STIG_RHEL_08_010200: true
DISA_STIG_RHEL_08_010201: true
DISA_STIG_RHEL_08_010287: true
DISA_STIG_RHEL_08_010359: true
DISA_STIG_RHEL_08_010370: true
DISA_STIG_RHEL_08_010384: true
DISA_STIG_RHEL_08_010430: true
DISA_STIG_RHEL_08_010450: true
DISA_STIG_RHEL_08_010480: true
DISA_STIG_RHEL_08_010490: true
DISA_STIG_RHEL_08_010550: true
DISA_STIG_RHEL_08_010561: true
DISA_STIG_RHEL_08_010570: true
DISA_STIG_RHEL_08_010674: true
DISA_STIG_RHEL_08_010675: true
DISA_STIG_RHEL_08_010730: true
DISA_STIG_RHEL_08_010750: true
DISA_STIG_RHEL_08_010770: true
DISA_STIG_RHEL_08_010830: true
DISA_STIG_RHEL_08_020011: true
DISA_STIG_RHEL_08_020014: true
DISA_STIG_RHEL_08_020015: true
DISA_STIG_RHEL_08_020023: true
DISA_STIG_RHEL_08_020031: true
DISA_STIG_RHEL_08_020032: true
DISA_STIG_RHEL_08_020060: true
DISA_STIG_RHEL_08_020080: true
DISA_STIG_RHEL_08_020081: true
DISA_STIG_RHEL_08_020150: true
DISA_STIG_RHEL_08_020160: true
DISA_STIG_RHEL_08_020170: true
DISA_STIG_RHEL_08_020200: true
DISA_STIG_RHEL_08_020210: true
DISA_STIG_RHEL_08_020220: true
DISA_STIG_RHEL_08_020221: true
DISA_STIG_RHEL_08_020230: true
DISA_STIG_RHEL_08_020260: true
DISA_STIG_RHEL_08_020300: true
DISA_STIG_RHEL_08_020330: true
DISA_STIG_RHEL_08_020331: true
DISA_STIG_RHEL_08_020332: true
DISA_STIG_RHEL_08_020351: true
DISA_STIG_RHEL_08_020353: true
DISA_STIG_RHEL_08_030020: true
DISA_STIG_RHEL_08_030040: true
DISA_STIG_RHEL_08_030060: true
DISA_STIG_RHEL_08_030070: true
DISA_STIG_RHEL_08_030121: true
DISA_STIG_RHEL_08_030130: true
DISA_STIG_RHEL_08_030140: true
DISA_STIG_RHEL_08_030150: true
DISA_STIG_RHEL_08_030160: true
DISA_STIG_RHEL_08_030170: true
DISA_STIG_RHEL_08_030180: true
DISA_STIG_RHEL_08_030181: true
DISA_STIG_RHEL_08_030200: true
DISA_STIG_RHEL_08_030260: true
DISA_STIG_RHEL_08_030302: true
DISA_STIG_RHEL_08_030330: true
DISA_STIG_RHEL_08_030360: true
DISA_STIG_RHEL_08_030361: true
DISA_STIG_RHEL_08_030390: true
DISA_STIG_RHEL_08_030420: true
DISA_STIG_RHEL_08_030480: true
DISA_STIG_RHEL_08_030490: true
DISA_STIG_RHEL_08_030560: true
DISA_STIG_RHEL_08_030570: true
DISA_STIG_RHEL_08_030580: true
DISA_STIG_RHEL_08_030590: true
DISA_STIG_RHEL_08_030600: true
DISA_STIG_RHEL_08_030601: true
DISA_STIG_RHEL_08_030602: true
DISA_STIG_RHEL_08_030650: true
DISA_STIG_RHEL_08_030670: true
DISA_STIG_RHEL_08_030731: true
DISA_STIG_RHEL_08_040000: true
DISA_STIG_RHEL_08_040023: true
DISA_STIG_RHEL_08_040024: true
DISA_STIG_RHEL_08_040025: true
DISA_STIG_RHEL_08_040070: true
DISA_STIG_RHEL_08_040080: true
DISA_STIG_RHEL_08_040100: true
DISA_STIG_RHEL_08_040101: true
DISA_STIG_RHEL_08_040110: true
DISA_STIG_RHEL_08_040120: true
DISA_STIG_RHEL_08_040121: true
DISA_STIG_RHEL_08_040122: true
DISA_STIG_RHEL_08_040123: true
DISA_STIG_RHEL_08_040124: true
DISA_STIG_RHEL_08_040125: true
DISA_STIG_RHEL_08_040126: true
DISA_STIG_RHEL_08_040127: true
DISA_STIG_RHEL_08_040128: true
DISA_STIG_RHEL_08_040129: true
DISA_STIG_RHEL_08_040130: true
DISA_STIG_RHEL_08_040131: true
DISA_STIG_RHEL_08_040132: true
DISA_STIG_RHEL_08_040133: true
DISA_STIG_RHEL_08_040134: true
DISA_STIG_RHEL_08_040190: true
DISA_STIG_RHEL_08_040200: true
DISA_STIG_RHEL_08_040209: true
DISA_STIG_RHEL_08_040210: true
DISA_STIG_RHEL_08_040220: true
DISA_STIG_RHEL_08_040230: true
DISA_STIG_RHEL_08_040239: true
DISA_STIG_RHEL_08_040240: true
DISA_STIG_RHEL_08_040249: true
DISA_STIG_RHEL_08_040250: true
DISA_STIG_RHEL_08_040260: true
DISA_STIG_RHEL_08_040261: true
DISA_STIG_RHEL_08_040262: true
DISA_STIG_RHEL_08_040270: true
DISA_STIG_RHEL_08_040279: true
DISA_STIG_RHEL_08_040280: true
DISA_STIG_RHEL_08_040282: true
DISA_STIG_RHEL_08_040285: true
DISA_STIG_RHEL_08_040321: true
DISA_STIG_RHEL_08_040360: true
account_disable_post_pw_expiration: true
accounts_maximum_age_login_defs: true
accounts_no_uid_except_zero: true
accounts_password_pam_dictcheck: true
accounts_password_pam_difok: true
accounts_password_pam_enforce_root: true
accounts_password_pam_maxrepeat: true
accounts_password_pam_minclass: true
accounts_password_pam_minlen: true
accounts_password_pam_pwhistory_remember_password_auth: true
accounts_password_pam_pwhistory_remember_system_auth: true
accounts_password_set_max_life_existing: true
accounts_password_set_warn_age_existing: true
accounts_password_warn_age_login_defs: true
accounts_passwords_pam_faillock_deny: true
accounts_passwords_pam_faillock_deny_root: true
accounts_passwords_pam_faillock_unlock_time: true
accounts_root_path_dirs_no_write: true
accounts_set_post_pw_existing: true
accounts_tmout: true
accounts_umask_etc_bashrc: true
accounts_umask_etc_login_defs: true
accounts_umask_etc_profile: true
accounts_user_dot_group_ownership: true
accounts_user_dot_user_ownership: true
accounts_user_interactive_home_directory_exists: true
accounts_users_netrc_file_permissions: true
aide_build_database: true
aide_check_audit_tools: true
aide_periodic_cron_checking: true
audit_rules_dac_modification_chmod: true
audit_rules_dac_modification_chown: true
audit_rules_dac_modification_fchmod: true
audit_rules_dac_modification_fchmodat: true
audit_rules_dac_modification_fchown: true
audit_rules_dac_modification_fchownat: true
audit_rules_dac_modification_fremovexattr: true
audit_rules_dac_modification_fsetxattr: true
audit_rules_dac_modification_lchown: true
audit_rules_dac_modification_lremovexattr: true
audit_rules_dac_modification_lsetxattr: true
audit_rules_dac_modification_removexattr: true
audit_rules_dac_modification_setxattr: true
audit_rules_execution_chacl: true
audit_rules_execution_chcon: true
audit_rules_execution_setfacl: true
audit_rules_file_deletion_events_rename: true
audit_rules_file_deletion_events_renameat: true
audit_rules_file_deletion_events_unlink: true
audit_rules_file_deletion_events_unlinkat: true
audit_rules_immutable: true
audit_rules_kernel_module_loading_create: true
audit_rules_kernel_module_loading_delete: true
audit_rules_kernel_module_loading_finit: true
audit_rules_kernel_module_loading_init: true
audit_rules_kernel_module_loading_query: true
audit_rules_login_events_faillock: true
audit_rules_login_events_lastlog: true
audit_rules_mac_modification: true
audit_rules_mac_modification_usr_share: true
audit_rules_media_export: true
audit_rules_networkconfig_modification: true
audit_rules_privileged_commands: true
audit_rules_privileged_commands_kmod: true
audit_rules_privileged_commands_usermod: true
audit_rules_session_events: true
audit_rules_suid_auid_privilege_function: true
audit_rules_sysadmin_actions: true
audit_rules_time_adjtimex: true
audit_rules_time_clock_settime: true
audit_rules_time_settimeofday: true
audit_rules_time_stime: true
audit_rules_time_watch_localtime: true
audit_rules_unsuccessful_file_modification_creat: true
audit_rules_unsuccessful_file_modification_ftruncate: true
audit_rules_unsuccessful_file_modification_open: true
audit_rules_unsuccessful_file_modification_openat: true
audit_rules_unsuccessful_file_modification_truncate: true
audit_rules_usergroup_modification_group: true
audit_rules_usergroup_modification_gshadow: true
audit_rules_usergroup_modification_opasswd: true
audit_rules_usergroup_modification_passwd: true
audit_rules_usergroup_modification_shadow: true
audit_sudo_log_events: true
auditd_data_disk_error_action: true
auditd_data_disk_full_action: true
auditd_data_retention_action_mail_acct: true
auditd_data_retention_admin_space_left_action: true
auditd_data_retention_max_log_file: true
auditd_data_retention_max_log_file_action: true
auditd_data_retention_space_left_action: true
banner_etc_issue: true
banner_etc_issue_net: true
banner_etc_motd: true
chronyd_run_as_chrony_user: true
chronyd_specify_remote_server: true
configure_crypto_policy: true
configure_ssh_crypto_policy: true
configure_strategy: true
coredump_disable_backtraces: true
coredump_disable_storage: true
dconf_db_up_to_date: true
dconf_gnome_banner_enabled: true
dconf_gnome_disable_automount: true
dconf_gnome_disable_automount_open: true
dconf_gnome_disable_autorun: true
dconf_gnome_disable_user_list: true
dconf_gnome_login_banner_text: true
dconf_gnome_screensaver_idle_delay: true
dconf_gnome_screensaver_lock_delay: true
dconf_gnome_screensaver_user_locks: true
dconf_gnome_session_idle_user_locks: true
dir_perms_world_writable_sticky_bits: true
disable_host_auth: true
disable_strategy: true
enable_authselect: true
enable_strategy: true
ensure_gpgcheck_globally_activated: true
ensure_gpgcheck_never_disabled: true
ensure_pam_wheel_group_empty: true
file_at_deny_not_exist: true
file_cron_allow_exists: true
file_cron_deny_not_exist: true
file_groupowner_at_allow: true
file_groupowner_backup_etc_group: true
file_groupowner_backup_etc_gshadow: true
file_groupowner_backup_etc_passwd: true
file_groupowner_backup_etc_shadow: true
file_groupowner_cron_allow: true
file_groupowner_cron_d: true
file_groupowner_cron_daily: true
file_groupowner_cron_hourly: true
file_groupowner_cron_monthly: true
file_groupowner_cron_weekly: true
file_groupowner_crontab: true
file_groupowner_efi_grub2_cfg: true
file_groupowner_efi_user_cfg: true
file_groupowner_etc_group: true
file_groupowner_etc_gshadow: true
file_groupowner_etc_issue: true
file_groupowner_etc_issue_net: true
file_groupowner_etc_motd: true
file_groupowner_etc_passwd: true
file_groupowner_etc_shadow: true
file_groupowner_etc_shells: true
file_groupowner_grub2_cfg: true
file_groupowner_sshd_config: true
file_groupowner_user_cfg: true
file_groupownership_audit_binaries: true
file_groupownership_audit_configuration: true
file_groupownership_sshd_private_key: true
file_groupownership_sshd_pub_key: true
file_owner_backup_etc_group: true
file_owner_backup_etc_gshadow: true
file_owner_backup_etc_passwd: true
file_owner_backup_etc_shadow: true
file_owner_cron_allow: true
file_owner_cron_d: true
file_owner_cron_daily: true
file_owner_cron_hourly: true
file_owner_cron_monthly: true
file_owner_cron_weekly: true
file_owner_crontab: true
file_owner_efi_grub2_cfg: true
file_owner_efi_user_cfg: true
file_owner_etc_group: true
file_owner_etc_gshadow: true
file_owner_etc_issue: true
file_owner_etc_issue_net: true
file_owner_etc_motd: true
file_owner_etc_passwd: true
file_owner_etc_shadow: true
file_owner_etc_shells: true
file_owner_grub2_cfg: true
file_owner_sshd_config: true
file_owner_user_cfg: true
file_ownership_audit_binaries: true
file_ownership_audit_configuration: true
file_ownership_home_directories: true
file_ownership_sshd_private_key: true
file_ownership_sshd_pub_key: true
file_permission_user_init_files: true
file_permissions_at_allow: true
file_permissions_audit_binaries: true
file_permissions_audit_configuration: true
file_permissions_backup_etc_group: true
file_permissions_backup_etc_gshadow: true
file_permissions_backup_etc_passwd: true
file_permissions_backup_etc_shadow: true
file_permissions_cron_allow: true
file_permissions_cron_d: true
file_permissions_cron_daily: true
file_permissions_cron_hourly: true
file_permissions_cron_monthly: true
file_permissions_cron_weekly: true
file_permissions_crontab: true
file_permissions_efi_grub2_cfg: true
file_permissions_efi_user_cfg: true
file_permissions_etc_group: true
file_permissions_etc_gshadow: true
file_permissions_etc_issue: true
file_permissions_etc_issue_net: true
file_permissions_etc_motd: true
file_permissions_etc_passwd: true
file_permissions_etc_shadow: true
file_permissions_etc_shells: true
file_permissions_grub2_cfg: true
file_permissions_home_directories: true
file_permissions_sshd_config: true
file_permissions_sshd_private_key: true
file_permissions_sshd_pub_key: true
file_permissions_user_cfg: true
file_permissions_var_log_audit: true
firewalld_loopback_traffic_restricted: true
firewalld_loopback_traffic_trusted: true
gnome_gdm_disable_xdmcp: true
grub2_audit_argument: true
grub2_audit_backlog_limit_argument: true
grub2_enable_selinux: true
high_disruption: true
high_severity: true
journald_compress: true
journald_forward_to_syslog: true
journald_storage: true
kernel_module_cramfs_disabled: true
kernel_module_dccp_disabled: true
kernel_module_freevxfs_disabled: true
kernel_module_hfs_disabled: true
kernel_module_hfsplus_disabled: true
kernel_module_jffs2_disabled: true
kernel_module_rds_disabled: true
kernel_module_sctp_disabled: true
kernel_module_squashfs_disabled: true
kernel_module_tipc_disabled: true
kernel_module_udf_disabled: true
low_complexity: true
low_disruption: true
low_severity: true
medium_complexity: true
medium_disruption: true
medium_severity: true
mount_option_dev_shm_nodev: true
mount_option_dev_shm_noexec: true
mount_option_dev_shm_nosuid: true
mount_option_home_nodev: true
mount_option_home_nosuid: true
mount_option_tmp_nodev: true
mount_option_tmp_noexec: true
mount_option_tmp_nosuid: true
mount_option_var_log_audit_nodev: true
mount_option_var_log_audit_noexec: true
mount_option_var_log_audit_nosuid: true
mount_option_var_log_nodev: true
mount_option_var_log_noexec: true
mount_option_var_log_nosuid: true
mount_option_var_nodev: true
mount_option_var_nosuid: true
mount_option_var_tmp_nodev: true
mount_option_var_tmp_noexec: true
mount_option_var_tmp_nosuid: true
no_empty_passwords: true
no_empty_passwords_etc_shadow: true
no_password_auth_for_systemaccounts: true
no_reboot_needed: true
no_rsh_trust_files: true
no_shelllogin_for_systemaccounts: true
package_aide_installed: true
package_audit_installed: true
package_avahi_removed: true
package_bind_removed: true
package_chrony_installed: true
package_cups_removed: true
package_cyrus_imapd_removed: true
package_dhcp_removed: true
package_dovecot_removed: true
package_firewalld_installed: true
package_ftp_removed: true
package_gdm_removed: true
package_httpd_removed: true
package_libselinux_installed: true
package_mcstrans_removed: true
package_net_snmp_removed: true
package_nftables_installed: true
package_nginx_removed: true
package_openldap_clients_removed: true
package_pam_pwquality_installed: true
package_rsync_removed: true
package_rsyslog_installed: true
package_samba_removed: true
package_setroubleshoot_removed: true
package_squid_removed: true
package_sudo_installed: true
package_telnet_removed: true
package_telnet_server_removed: true
package_tftp_removed: true
package_tftp_server_removed: true
package_vsftpd_removed: true
package_xinetd_removed: true
package_xorg_x11_server_common_removed: true
package_ypbind_removed: true
package_ypserv_removed: true
postfix_network_listening_disabled: true
reboot_required: true
restrict_strategy: true
rsyslog_filecreatemode: true
rsyslog_files_groupownership: true
rsyslog_files_ownership: true
rsyslog_files_permissions: true
rsyslog_nolisten: true
selinux_not_disabled: true
selinux_policytype: true
selinux_state: true
service_auditd_enabled: true
service_autofs_disabled: true
service_bluetooth_disabled: true
service_crond_enabled: true
service_firewalld_enabled: true
service_nfs_disabled: true
service_nftables_disabled: true
service_rpcbind_disabled: true
service_rsyslog_enabled: true
service_systemd_journald_enabled: true
set_password_hashing_algorithm_libuserconf: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
sshd_disable_empty_passwords: true
sshd_disable_rhosts: true
sshd_disable_root_login: true
sshd_do_not_permit_user_env: true
sshd_enable_pam: true
sshd_enable_warning_banner_net: true
sshd_set_idle_timeout: true
sshd_set_keepalive: true
sshd_set_login_grace_time: true
sshd_set_loglevel_verbose: true
sshd_set_max_auth_tries: true
sshd_set_max_sessions: true
sshd_set_maxstartups: true
sshd_use_approved_ciphers: true
sshd_use_strong_kex: true
sshd_use_strong_macs: true
sudo_add_use_pty: true
sudo_custom_logfile: true
sudo_require_authentication: true
sudo_require_reauthentication: true
sysctl_kernel_randomize_va_space: true
sysctl_kernel_yama_ptrace_scope: true
sysctl_net_ipv4_conf_all_accept_redirects: true
sysctl_net_ipv4_conf_all_accept_source_route: true
sysctl_net_ipv4_conf_all_log_martians: true
sysctl_net_ipv4_conf_all_rp_filter: true
sysctl_net_ipv4_conf_all_secure_redirects: true
sysctl_net_ipv4_conf_all_send_redirects: true
sysctl_net_ipv4_conf_default_accept_redirects: true
sysctl_net_ipv4_conf_default_accept_source_route: true
sysctl_net_ipv4_conf_default_log_martians: true
sysctl_net_ipv4_conf_default_rp_filter: true
sysctl_net_ipv4_conf_default_secure_redirects: true
sysctl_net_ipv4_conf_default_send_redirects: true
sysctl_net_ipv4_icmp_echo_ignore_broadcasts: true
sysctl_net_ipv4_icmp_ignore_bogus_error_responses: true
sysctl_net_ipv4_ip_forward: true
sysctl_net_ipv4_tcp_syncookies: true
sysctl_net_ipv6_conf_all_accept_ra: true
sysctl_net_ipv6_conf_all_accept_redirects: true
sysctl_net_ipv6_conf_all_accept_source_route: true
sysctl_net_ipv6_conf_all_forwarding: true
sysctl_net_ipv6_conf_default_accept_ra: true
sysctl_net_ipv6_conf_default_accept_redirects: true
sysctl_net_ipv6_conf_default_accept_source_route: true
unknown_severity: true
unknown_strategy: true
use_pam_wheel_group_for_su: true
wireless_disable_interfaces: true
xwindows_runlevel_target: true