Add support for Rocky Linux 8 (#454)

Signed-off-by: Sherwin Daganato <sherwin@daganato.com>

roles/mysql_hardening/vars/Rocky_8.yml

@@ -0,0 +1,10 @@
+---
+mysql_daemon: mariadb
+mysql_hardening_mysql_conf_file: '/etc/my.cnf'
+mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
+mysql_hardening_log_file: '/var/log/mariadb/mariadb.log'
+
+mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
+mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
+
+mysql_hardening_group: 'mysql'

roles/os_hardening/vars/Rocky_8.yml

@@ -0,0 +1,37 @@
+---
+
+os_packages_pam_ccreds: 'pam_ccreds'
+os_nologin_shell_path: '/sbin/nologin'
+
+# Different distros use different standards for /etc/shadow perms, e.g.
+# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
+# You must provide key/value pairs for owner, group, and mode if overriding.
+os_shadow_perms:
+  owner: root
+  group: root
+  mode: '0000'
+
+os_passwd_perms:
+  owner: root
+  group: root
+  mode: '0644'
+
+os_env_umask: '077'
+
+os_auth_uid_min: 1000
+os_auth_gid_min: 1000
+os_auth_sys_uid_min: 201
+os_auth_sys_uid_max: 999
+os_auth_sys_gid_min: 201
+os_auth_sys_gid_max: 999
+
+os_auth_pam_sssd_enable: true
+
+# defaults for useradd
+os_useradd_mail_dir: /var/spool/mail
+os_useradd_create_home: true
+
+modprobe_package: 'module-init-tools'
+auditd_package: 'audit'
+
+hidepid_option: '2'  # allowed values: 0, 1, 2

roles/ssh_hardening/vars/Rocky_8.yml

@@ -0,0 +1,23 @@
+---
+sshd_path: /usr/sbin/sshd
+ssh_host_keys_dir: '/etc/ssh'
+sshd_service_name: sshd
+ssh_owner: root
+ssh_group: root
+ssh_host_keys_owner: 'root'
+ssh_host_keys_group: 'ssh_keys'
+ssh_selinux_packages:
+  - python3-policycoreutils
+  - checkpolicy
+
+# true if SSH support Kerberos
+ssh_kerberos_support: true
+
+# true if SSH has PAM support
+ssh_pam_support: true
+
+sshd_moduli_file: '/etc/ssh/moduli'
+
+# disable CRYPTO_POLICY to take settings from sshd configuration
+# see: https://access.redhat.com/solutions/4410591
+sshd_disable_crypto_policy: true