-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.yml
41 lines (41 loc) · 2.79 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
rsyslog_remote_loghost_address: logcollector
var_auditd_max_log_file: '6'
var_auditd_action_mail_acct: root
var_auditd_max_log_file_action: rotate
var_auditd_admin_space_left_action: single
login_banner_text: --[\s\n]+WARNING[\s\n]+--[\s\n]*This[\s\n]+system[\s\n]+is[\s\n]+for[\s\n]+the[\s\n]+use[\s\n]+of[\s\n]+authorized[\s\n]+users[\s\n]+only.[\s\n]+Individuals[\s\n]*using[\s\n]+this[\s\n]+computer[\s\n]+system[\s\n]+without[\s\n]+authority[\s\n]+or[\s\n]+in[\s\n]+excess[\s\n]+of[\s\n]+their[\s\n]*authority[\s\n]+are[\s\n]+subject[\s\n]+to[\s\n]+having[\s\n]+all[\s\n]+their[\s\n]+activities[\s\n]+on[\s\n]+this[\s\n]+system[\s\n]*monitored[\s\n]+and[\s\n]+recorded[\s\n]+by[\s\n]+system[\s\n]+personnel.[\s\n]+Anyone[\s\n]+using[\s\n]+this[\s\n]*system[\s\n]+expressly[\s\n]+consents[\s\n]+to[\s\n]+such[\s\n]+monitoring[\s\n]+and[\s\n]+is[\s\n]+advised[\s\n]+that[\s\n]*if[\s\n]+such[\s\n]+monitoring[\s\n]+reveals[\s\n]+possible[\s\n]+evidence[\s\n]+of[\s\n]+criminal[\s\n]+activity[\s\n]*system[\s\n]+personal[\s\n]+may[\s\n]+provide[\s\n]+the[\s\n]+evidence[\s\n]+of[\s\n]+such[\s\n]+monitoring[\s\n]+to[\s\n]+law[\s\n]*enforcement[\s\n]+officials.
var_account_disable_post_pw_expiration: '30'
var_accounts_maximum_age_login_defs: '90'
var_accounts_minimum_age_login_defs: '7'
var_accounts_password_warn_age_login_defs: '7'
var_password_pam_unix_remember: '5'
var_accounts_passwords_pam_faillock_deny: '5'
var_accounts_passwords_pam_faillock_unlock_time: '900'
var_accounts_passwords_pam_faillock_fail_interval: '900'
var_password_pam_ucredit: '-1'
var_password_pam_minlen: '14'
var_password_pam_retry: '3'
var_password_pam_lcredit: '-1'
var_password_pam_dcredit: '-1'
sysctl_net_ipv6_conf_default_accept_ra_value: '0'
sysctl_net_ipv6_conf_all_accept_ra_value: '0'
sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_rp_filter_value: '1'
sysctl_net_ipv4_conf_all_rp_filter_value: '1'
sysctl_net_ipv4_conf_all_secure_redirects_value: '0'
sysctl_net_ipv4_conf_default_log_martians_value: '1'
sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
sysctl_net_ipv4_tcp_syncookies_value: '1'
sysctl_net_ipv4_conf_all_log_martians_value: '1'
sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: '1'
sysctl_net_ipv4_conf_default_secure_redirects_value: '0'
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
var_selinux_policy_name: targeted
var_selinux_state: enforcing
var_removable_partition: /dev/cdrom
sshd_approved_macs: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
sshd_idle_timeout_value: '300'