Updates defaults/main.yml

RedHatOfficial · Feb 12, 2020 · 293ecfe · 293ecfe
1 parent bb1daed
commit 293ecfe
Showing 1 changed file with 33 additions and 32 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,45 +1,45 @@
 ---
 # defaults file for rhel8_ospp
-var_system_crypto_policy: FIPS
-var_selinux_state: enforcing
-var_selinux_policy_name: targeted
-sysctl_net_ipv6_conf_all_accept_ra_value: '0'
-sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
-sysctl_net_ipv6_conf_default_accept_source_route_value: '0'
-sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
-sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
-sysctl_net_ipv6_conf_default_accept_ra_value: '0'
-sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
-sysctl_net_ipv4_conf_all_rp_filter_value: '1'
+var_auditd_flush: incremental_async
+sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
+sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: '1'
 sysctl_net_ipv4_tcp_syncookies_value: '1'
-sysctl_net_ipv4_conf_all_log_martians_value: '1'
-sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
+sysctl_net_ipv4_conf_default_secure_redirects_value: '0'
 sysctl_net_ipv4_conf_all_secure_redirects_value: '0'
-sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
+sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
+sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
+sysctl_net_ipv4_conf_all_rp_filter_value: '1'
+sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
 sysctl_net_ipv4_conf_default_rp_filter_value: '1'
+sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
 sysctl_net_ipv4_conf_default_log_martians_value: '1'
-sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
-sysctl_net_ipv4_conf_default_secure_redirects_value: '0'
-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: '1'
-var_auditd_flush: incremental_async
-var_accounts_max_concurrent_login_sessions: '10'
-var_accounts_user_umask: '027'
-var_password_pam_maxrepeat: '3'
-var_password_pam_dcredit: '-1'
+sysctl_net_ipv4_conf_all_log_martians_value: '1'
+sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
+sysctl_net_ipv6_conf_default_accept_ra_value: '0'
+sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
+sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
+sysctl_net_ipv6_conf_all_accept_ra_value: '0'
+sysctl_net_ipv6_conf_default_accept_source_route_value: '0'
+var_selinux_policy_name: targeted
+var_selinux_state: enforcing
+var_system_crypto_policy: FIPS:OSPP
+var_accounts_password_minlen_login_defs: '12'
+var_password_pam_unix_remember: '5'
+var_accounts_passwords_pam_faillock_fail_interval: '900'
+var_accounts_passwords_pam_faillock_deny: '3'
+var_accounts_passwords_pam_faillock_unlock_time: '0'
+var_password_pam_ucredit: '-1'
 var_password_pam_lcredit: '-1'
-var_password_pam_ocredit: '-1'
-var_password_pam_minlen: '12'
+var_password_pam_dcredit: '-1'
 var_password_pam_difok: '4'
 var_password_pam_maxclassrepeat: '4'
-var_password_pam_ucredit: '-1'
-var_accounts_passwords_pam_faillock_unlock_time: '0'
-var_accounts_passwords_pam_faillock_deny: '3'
-var_accounts_passwords_pam_faillock_fail_interval: '900'
-var_password_pam_unix_remember: '5'
-var_accounts_password_minlen_login_defs: '12'
-sshd_idle_timeout_value: '840'
+var_password_pam_maxrepeat: '3'
+var_password_pam_minlen: '12'
+var_password_pam_ocredit: '-1'
+var_accounts_max_concurrent_login_sessions: '10'
+var_accounts_user_umask: '027'
 var_sshd_set_keepalive: '0'
+sshd_idle_timeout_value: '840'
 accounts_max_concurrent_login_sessions: true
 accounts_password_minlen_login_defs: true
 accounts_password_pam_dcredit: true
@@ -149,6 +149,7 @@ securetty_root_login_console_only: true
 selinux_policytype: true
 selinux_state: true
 service_auditd_enabled: true
+service_fapolicyd_enabled: true
 service_firewalld_enabled: true
 service_rngd_enabled: true
 service_usbguard_enabled: true