Updates defaults/main.yml

RedHatOfficial · Nov 7, 2019 · 071520a · 071520a
1 parent 0648a79
commit 071520a
Showing 1 changed file with 41 additions and 42 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,46 +1,45 @@
 ---
 # defaults file for rhel8_ospp
-
-sshd_idle_timeout_value: true
-sysctl_net_ipv4_conf_all_accept_redirects_value: true
-sysctl_net_ipv4_conf_all_accept_source_route_value: true
-sysctl_net_ipv4_conf_all_log_martians_value: true
-sysctl_net_ipv4_conf_all_rp_filter_value: true
-sysctl_net_ipv4_conf_all_secure_redirects_value: true
-sysctl_net_ipv4_conf_default_accept_redirects_value: true
-sysctl_net_ipv4_conf_default_accept_source_route_value: true
-sysctl_net_ipv4_conf_default_log_martians_value: true
-sysctl_net_ipv4_conf_default_rp_filter_value: true
-sysctl_net_ipv4_conf_default_secure_redirects_value: true
-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: true
-sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: true
-sysctl_net_ipv4_tcp_syncookies_value: true
-sysctl_net_ipv6_conf_all_accept_ra_value: true
-sysctl_net_ipv6_conf_all_accept_redirects_value: true
-sysctl_net_ipv6_conf_all_accept_source_route_value: true
-sysctl_net_ipv6_conf_default_accept_ra_value: true
-sysctl_net_ipv6_conf_default_accept_redirects_value: true
-sysctl_net_ipv6_conf_default_accept_source_route_value: true
-var_accounts_max_concurrent_login_sessions: true
-var_accounts_password_minlen_login_defs: true
-var_accounts_passwords_pam_faillock_deny: true
-var_accounts_passwords_pam_faillock_fail_interval: true
-var_accounts_passwords_pam_faillock_unlock_time: true
-var_accounts_user_umask: true
-var_auditd_flush: true
-var_password_pam_dcredit: true
-var_password_pam_difok: true
-var_password_pam_lcredit: true
-var_password_pam_maxclassrepeat: true
-var_password_pam_maxrepeat: true
-var_password_pam_minlen: true
-var_password_pam_ocredit: true
-var_password_pam_ucredit: true
-var_password_pam_unix_remember: true
-var_selinux_policy_name: true
-var_selinux_state: true
-var_sshd_set_keepalive: true
-var_system_crypto_policy: true
+var_system_crypto_policy: FIPS
+var_selinux_state: enforcing
+var_selinux_policy_name: targeted
+sysctl_net_ipv6_conf_all_accept_ra_value: '0'
+sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
+sysctl_net_ipv6_conf_default_accept_source_route_value: '0'
+sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
+sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
+sysctl_net_ipv6_conf_default_accept_ra_value: '0'
+sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
+sysctl_net_ipv4_conf_all_rp_filter_value: '1'
+sysctl_net_ipv4_tcp_syncookies_value: '1'
+sysctl_net_ipv4_conf_all_log_martians_value: '1'
+sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
+sysctl_net_ipv4_conf_all_secure_redirects_value: '0'
+sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
+sysctl_net_ipv4_conf_default_rp_filter_value: '1'
+sysctl_net_ipv4_conf_default_log_martians_value: '1'
+sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
+sysctl_net_ipv4_conf_default_secure_redirects_value: '0'
+sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
+sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value: '1'
+var_auditd_flush: incremental_async
+var_accounts_max_concurrent_login_sessions: '10'
+var_accounts_user_umask: '027'
+var_password_pam_maxrepeat: '3'
+var_password_pam_dcredit: '-1'
+var_password_pam_lcredit: '-1'
+var_password_pam_ocredit: '-1'
+var_password_pam_minlen: '12'
+var_password_pam_difok: '4'
+var_password_pam_maxclassrepeat: '4'
+var_password_pam_ucredit: '-1'
+var_accounts_passwords_pam_faillock_unlock_time: '0'
+var_accounts_passwords_pam_faillock_deny: '3'
+var_accounts_passwords_pam_faillock_fail_interval: '900'
+var_password_pam_unix_remember: '5'
+var_accounts_password_minlen_login_defs: '12'
+sshd_idle_timeout_value: '840'
+var_sshd_set_keepalive: '0'
 accounts_max_concurrent_login_sessions: true
 accounts_password_minlen_login_defs: true
 accounts_password_pam_dcredit: true
@@ -135,7 +134,7 @@ package_firewalld_installed: true
 package_gssproxy_removed: true
 package_iprutils_removed: true
 package_iptables_installed: true
-package_libreswan_installed: true
+package_pigz_removed: true
 package_policycoreutils_installed: true
 package_rsyslog_installed: true
 package_sendmail_removed: true