-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f3290fe
commit 0d82679
Showing
1 changed file
with
149 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,133 +1,237 @@ | ||
| --- | ||
| # defaults file for rhel8_ospp | ||
|
|
||
| sshd_idle_timeout_value: true | ||
| sysctl_net_ipv4_conf_all_accept_redirects_value: true | ||
| sysctl_net_ipv4_conf_all_accept_source_route_value: true | ||
| sysctl_net_ipv4_conf_all_log_martians_value: true | ||
| sysctl_net_ipv4_conf_all_rp_filter_value: true | ||
| sysctl_net_ipv4_conf_all_secure_redirects_value: true | ||
| sysctl_net_ipv4_conf_default_accept_redirects_value: true | ||
| sysctl_net_ipv4_conf_default_accept_source_route_value: true | ||
| sysctl_net_ipv4_conf_default_log_martians_value: true | ||
| sysctl_net_ipv4_conf_default_rp_filter_value: true | ||
| sysctl_net_ipv4_conf_default_secure_redirects_value: true | ||
| sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: true | ||
| sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: true | ||
| sysctl_net_ipv4_tcp_syncookies_value: true | ||
| sysctl_net_ipv6_conf_all_accept_ra_value: true | ||
| sysctl_net_ipv6_conf_all_accept_redirects_value: true | ||
| sysctl_net_ipv6_conf_all_accept_source_route_value: true | ||
| sysctl_net_ipv6_conf_default_accept_ra_value: true | ||
| sysctl_net_ipv6_conf_default_accept_redirects_value: true | ||
| sysctl_net_ipv6_conf_default_accept_source_route_value: true | ||
| var_accounts_max_concurrent_login_sessions: true | ||
| var_accounts_password_minlen_login_defs: true | ||
| var_accounts_passwords_pam_faillock_deny: true | ||
| var_accounts_passwords_pam_faillock_fail_interval: true | ||
| var_accounts_passwords_pam_faillock_unlock_time: true | ||
| var_accounts_user_umask: true | ||
| var_auditd_flush: true | ||
| var_password_pam_dcredit: true | ||
| var_password_pam_difok: true | ||
| var_password_pam_lcredit: true | ||
| var_password_pam_maxclassrepeat: true | ||
| var_password_pam_maxrepeat: true | ||
| var_password_pam_minlen: true | ||
| var_password_pam_ocredit: true | ||
| var_password_pam_ucredit: true | ||
| var_password_pam_unix_remember: true | ||
| var_selinux_policy_name: true | ||
| var_selinux_state: true | ||
| var_sshd_set_keepalive: true | ||
| accounts_max_concurrent_login_sessions: true | ||
| accounts_password_minlen_login_defs: true | ||
| accounts_password_pam_dcredit: true | ||
| accounts_password_pam_difok: true | ||
| accounts_password_pam_lcredit: true | ||
| accounts_password_pam_maxclassrepeat: true | ||
| accounts_password_pam_maxrepeat: true | ||
| accounts_password_pam_minlen: true | ||
| accounts_password_pam_ocredit: true | ||
| accounts_password_pam_retry: true | ||
| accounts_password_pam_ucredit: true | ||
| accounts_password_pam_unix_remember: true | ||
| accounts_passwords_pam_faillock_deny: true | ||
| accounts_passwords_pam_faillock_deny_root: true | ||
| accounts_passwords_pam_faillock_interval: true | ||
| accounts_passwords_pam_faillock_unlock_time: true | ||
| accounts_tmout: true | ||
| audit_rules_etc_group_open: true | ||
| audit_rules_etc_group_open_by_handle_at: true | ||
| audit_rules_etc_group_openat: true | ||
| audit_rules_etc_gshadow_open: true | ||
| audit_rules_etc_gshadow_open_by_handle_at: true | ||
| audit_rules_etc_gshadow_openat: true | ||
| accounts_umask_etc_bashrc: true | ||
| accounts_umask_etc_csh_cshrc: true | ||
| accounts_umask_etc_profile: true | ||
| audit_rules_etc_passwd_open: true | ||
| audit_rules_etc_passwd_open_by_handle_at: true | ||
| audit_rules_etc_passwd_openat: true | ||
| audit_rules_etc_shadow_open: true | ||
| audit_rules_etc_shadow_open_by_handle_at: true | ||
| audit_rules_etc_shadow_openat: true | ||
| audit_rules_execution_seunshare: true | ||
| audit_rules_kernel_module_loading_delete: true | ||
| audit_rules_kernel_module_loading_finit: true | ||
| audit_rules_kernel_module_loading_init: true | ||
| audit_rules_login_events_faillock: true | ||
| audit_rules_login_events_lastlog: true | ||
| audit_rules_login_events_tallylog: true | ||
| audit_rules_privileged_commands_at: true | ||
| audit_rules_privileged_commands_crontab: true | ||
| audit_rules_privileged_commands_gpasswd: true | ||
| audit_rules_privileged_commands_mount: true | ||
| audit_rules_privileged_commands_newgidmap: true | ||
| audit_rules_privileged_commands_newgrp: true | ||
| audit_rules_privileged_commands_newuidmap: true | ||
| audit_rules_privileged_commands_ssh_keysign: true | ||
| audit_rules_privileged_commands_su: true | ||
| audit_rules_privileged_commands_sudo: true | ||
| audit_rules_privileged_commands_sudoedit: true | ||
| audit_rules_privileged_commands_passwd: true | ||
| audit_rules_privileged_commands_umount: true | ||
| audit_rules_privileged_commands_unix_chkpwd: true | ||
| audit_rules_privileged_commands_userhelper: true | ||
| audit_rules_privileged_commands_usernetctl: true | ||
| audit_rules_unsuccessful_file_modification_chmod: true | ||
| audit_rules_unsuccessful_file_modification_chown: true | ||
| audit_rules_unsuccessful_file_modification_creat: true | ||
| audit_rules_unsuccessful_file_modification_fchmod: true | ||
| audit_rules_unsuccessful_file_modification_fchmodat: true | ||
| audit_rules_unsuccessful_file_modification_fchown: true | ||
| audit_rules_unsuccessful_file_modification_fchownat: true | ||
| audit_rules_unsuccessful_file_modification_fremovexattr: true | ||
| audit_rules_unsuccessful_file_modification_fsetxattr: true | ||
| audit_rules_unsuccessful_file_modification_ftruncate: true | ||
| audit_rules_unsuccessful_file_modification_lchown: true | ||
| audit_rules_unsuccessful_file_modification_lremovexattr: true | ||
| audit_rules_unsuccessful_file_modification_lsetxattr: true | ||
| audit_rules_unsuccessful_file_modification_open: true | ||
| audit_rules_unsuccessful_file_modification_open_by_handle_at: true | ||
| audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat: true | ||
| audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write: true | ||
| audit_rules_unsuccessful_file_modification_open_o_creat: true | ||
| audit_rules_unsuccessful_file_modification_open_o_trunc_write: true | ||
| audit_rules_unsuccessful_file_modification_openat: true | ||
| audit_rules_unsuccessful_file_modification_openat_o_creat: true | ||
| audit_rules_unsuccessful_file_modification_openat_o_trunc_write: true | ||
| audit_rules_unsuccessful_file_modification_removexattr: true | ||
| audit_rules_unsuccessful_file_modification_rename: true | ||
| audit_rules_unsuccessful_file_modification_renameat: true | ||
| audit_rules_unsuccessful_file_modification_setxattr: true | ||
| audit_rules_unsuccessful_file_modification_truncate: true | ||
| audit_rules_unsuccessful_file_modification_unlink: true | ||
| audit_rules_unsuccessful_file_modification_unlinkat: true | ||
| audit_rules_usergroup_modification_group: true | ||
| audit_rules_usergroup_modification_gshadow: true | ||
| audit_rules_usergroup_modification_opasswd: true | ||
| audit_rules_usergroup_modification_passwd: true | ||
| audit_rules_usergroup_modification_shadow: true | ||
| configure_crypto_policy: true | ||
| configure_kerberos_crypto_policy: true | ||
| configure_libreswan_crypto_policy: true | ||
| configure_ssh_crypto_policy: true | ||
| auditd_audispd_syslog_plugin_activated: true | ||
| auditd_data_retention_flush: true | ||
| configure_strategy: true | ||
| dconf_gnome_banner_enabled: true | ||
| dconf_gnome_disable_user_admin: true | ||
| dconf_gnome_login_banner_text: true | ||
| dconf_gnome_login_retries: true | ||
| dconf_gnome_screensaver_idle_activation_enabled: true | ||
| dconf_gnome_screensaver_idle_delay: true | ||
| dconf_gnome_screensaver_lock_delay: true | ||
| dconf_gnome_screensaver_lock_enabled: true | ||
| dconf_gnome_screensaver_mode_blank: true | ||
| dconf_gnome_screensaver_user_info: true | ||
| dconf_gnome_screensaver_user_locks: true | ||
| dconf_gnome_session_idle_user_locks: true | ||
| dconf_use_text_backend: true | ||
| configure_tmux_lock_command: true | ||
| directory_access_var_log_audit: true | ||
| disable_ctrlaltdel_burstaction: true | ||
| disable_ctrlaltdel_reboot: true | ||
| disable_host_auth: true | ||
| disable_strategy: true | ||
| disable_users_coredumps: true | ||
| enable_fips_mode: true | ||
| enable_strategy: true | ||
| ensure_gpgcheck_globally_activated: true | ||
| ensure_gpgcheck_local_packages: true | ||
| ensure_gpgcheck_never_disabled: true | ||
| ensure_redhat_gpgkey_installed: true | ||
| gnome_gdm_disable_automatic_login: true | ||
| gnome_gdm_disable_guest_login: true | ||
| grub2_audit_argument: true | ||
| grub2_audit_backlog_limit_argument: true | ||
| grub2_disable_interactive_boot: true | ||
| high_complexity: true | ||
| grub2_page_poison_argument: true | ||
| grub2_pti_argument: true | ||
| grub2_slub_debug_argument: true | ||
| grub2_vsyscall_argument: true | ||
| high_disruption: true | ||
| high_severity: true | ||
| kernel_module_atm_disabled: true | ||
| kernel_module_bluetooth_disabled: true | ||
| kernel_module_can_disabled: true | ||
| kernel_module_cramfs_disabled: true | ||
| kernel_module_tipc_disabled: true | ||
| low_complexity: true | ||
| low_disruption: true | ||
| low_severity: true | ||
| medium_complexity: true | ||
| medium_disruption: true | ||
| medium_severity: true | ||
| mount_option_boot_nodev: true | ||
| mount_option_boot_nosuid: true | ||
| mount_option_dev_shm_nodev: true | ||
| mount_option_dev_shm_noexec: true | ||
| mount_option_dev_shm_nosuid: true | ||
| mount_option_home_nodev: true | ||
| mount_option_home_nosuid: true | ||
| mount_option_tmp_nodev: true | ||
| mount_option_tmp_noexec: true | ||
| mount_option_tmp_nosuid: true | ||
| mount_option_var_log_audit_nodev: true | ||
| mount_option_var_log_audit_noexec: true | ||
| mount_option_var_log_audit_nosuid: true | ||
| mount_option_var_log_nodev: true | ||
| mount_option_var_log_noexec: true | ||
| mount_option_var_log_nosuid: true | ||
| mount_option_var_nodev: true | ||
| mount_option_var_tmp_nodev: true | ||
| mount_option_var_tmp_noexec: true | ||
| mount_option_var_tmp_nosuid: true | ||
| no_empty_passwords: true | ||
| no_reboot_needed: true | ||
| package_abrt_removed: true | ||
| package_aide_installed: true | ||
| package_fapolicyd_installed: true | ||
| package_firewalld_installed: true | ||
| package_gssproxy_removed: true | ||
| package_iprutils_removed: true | ||
| package_iptables_installed: true | ||
| package_libreswan_installed: true | ||
| package_policycoreutils_installed: true | ||
| package_sendmail_removed: true | ||
| package_sudo_installed: true | ||
| package_tmux_installed: true | ||
| patch_strategy: true | ||
| package_usbguard_installed: true | ||
| reboot_required: true | ||
| require_singleuser_auth: true | ||
| restrict_strategy: true | ||
| rpm_verify_hashes: true | ||
| rsyslog_remote_loghost: true | ||
| security_patches_up_to_date: true | ||
| securetty_root_login_console_only: true | ||
| selinux_policytype: true | ||
| selinux_state: true | ||
| service_auditd_enabled: true | ||
| service_fapolicyd_enabled: true | ||
| service_firewalld_enabled: true | ||
| skip_ansible_lint: true | ||
| service_usbguard_enabled: true | ||
| sshd_disable_empty_passwords: true | ||
| sshd_disable_gssapi_auth: true | ||
| sshd_disable_kerb_auth: true | ||
| sshd_disable_rhosts: true | ||
| sshd_disable_rhosts_rsa: true | ||
| sshd_disable_root_login: true | ||
| sshd_disable_user_known_hosts: true | ||
| sshd_enable_strictmodes: true | ||
| sshd_enable_warning_banner: true | ||
| sssd_memcache_timeout: true | ||
| sssd_offline_cred_expiration: true | ||
| sshd_set_idle_timeout: true | ||
| sshd_set_keepalive: true | ||
| sysctl_kernel_core_pattern: true | ||
| sysctl_kernel_dmesg_restrict: true | ||
| sysctl_kernel_kexec_load_disabled: true | ||
| sysctl_kernel_kptr_restrict: true | ||
| sysctl_kernel_perf_event_paranoid: true | ||
| sysctl_kernel_unprivileged_bpf_disabled: true | ||
| sysctl_kernel_yama_ptrace_scope: true | ||
| sysctl_net_core_bpf_jit_harden: true | ||
| sysctl_net_ipv4_conf_all_accept_redirects: true | ||
| sysctl_net_ipv4_conf_all_accept_source_route: true | ||
| sysctl_net_ipv4_conf_all_log_martians: true | ||
| sysctl_net_ipv4_conf_all_rp_filter: true | ||
| sysctl_net_ipv4_conf_all_secure_redirects: true | ||
| sysctl_net_ipv4_conf_all_send_redirects: true | ||
| sysctl_net_ipv4_conf_default_accept_redirects: true | ||
| sysctl_net_ipv4_conf_default_accept_source_route: true | ||
| sysctl_net_ipv4_conf_default_log_martians: true | ||
| sysctl_net_ipv4_conf_default_rp_filter: true | ||
| sysctl_net_ipv4_conf_default_secure_redirects: true | ||
| sysctl_net_ipv4_conf_default_send_redirects: true | ||
| sysctl_net_ipv4_icmp_echo_ignore_broadcasts: true | ||
| sysctl_net_ipv4_icmp_ignore_bogus_error_responses: true | ||
| sysctl_net_ipv4_ip_forward: true | ||
| sysctl_net_ipv4_tcp_syncookies: true | ||
| sysctl_net_ipv6_conf_all_accept_ra: true | ||
| sysctl_net_ipv6_conf_all_accept_redirects: true | ||
| sysctl_net_ipv6_conf_all_accept_source_route: true | ||
| sysctl_net_ipv6_conf_default_accept_ra: true | ||
| sysctl_net_ipv6_conf_default_accept_redirects: true | ||
| sysctl_net_ipv6_conf_default_accept_source_route: true | ||
| unknown_severity: true | ||
| unknown_strategy: true |