Updates defaults/main.yml

defaults/main.yml

@@ -40,6 +40,7 @@ var_password_pam_unix_remember: true
 var_selinux_policy_name: true
 var_selinux_state: true
 var_sshd_set_keepalive: true
+var_system_crypto_policy: true
 accounts_max_concurrent_login_sessions: true
 accounts_password_minlen_login_defs: true
 accounts_password_pam_dcredit: true
@@ -57,66 +58,21 @@ accounts_passwords_pam_faillock_unlock_time: true
 accounts_umask_etc_bashrc: true
 accounts_umask_etc_csh_cshrc: true
 accounts_umask_etc_profile: true
-audit_rules_etc_passwd_open: true
-audit_rules_etc_passwd_open_by_handle_at: true
-audit_rules_etc_passwd_openat: true
-audit_rules_etc_shadow_open: true
-audit_rules_etc_shadow_open_by_handle_at: true
-audit_rules_etc_shadow_openat: true
-audit_rules_execution_seunshare: true
-audit_rules_kernel_module_loading_delete: true
-audit_rules_kernel_module_loading_finit: true
-audit_rules_kernel_module_loading_init: true
-audit_rules_privileged_commands_at: true
-audit_rules_privileged_commands_crontab: true
-audit_rules_privileged_commands_gpasswd: true
-audit_rules_privileged_commands_mount: true
-audit_rules_privileged_commands_newgidmap: true
-audit_rules_privileged_commands_newgrp: true
-audit_rules_privileged_commands_newuidmap: true
-audit_rules_privileged_commands_passwd: true
-audit_rules_privileged_commands_umount: true
-audit_rules_privileged_commands_unix_chkpwd: true
-audit_rules_privileged_commands_userhelper: true
-audit_rules_privileged_commands_usernetctl: true
-audit_rules_unsuccessful_file_modification_chmod: true
-audit_rules_unsuccessful_file_modification_chown: true
-audit_rules_unsuccessful_file_modification_creat: true
-audit_rules_unsuccessful_file_modification_fchmod: true
-audit_rules_unsuccessful_file_modification_fchmodat: true
-audit_rules_unsuccessful_file_modification_fchown: true
-audit_rules_unsuccessful_file_modification_fchownat: true
-audit_rules_unsuccessful_file_modification_fremovexattr: true
-audit_rules_unsuccessful_file_modification_fsetxattr: true
-audit_rules_unsuccessful_file_modification_ftruncate: true
-audit_rules_unsuccessful_file_modification_lchown: true
-audit_rules_unsuccessful_file_modification_lremovexattr: true
-audit_rules_unsuccessful_file_modification_lsetxattr: true
-audit_rules_unsuccessful_file_modification_open: true
-audit_rules_unsuccessful_file_modification_open_by_handle_at: true
-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat: true
-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write: true
-audit_rules_unsuccessful_file_modification_open_o_creat: true
-audit_rules_unsuccessful_file_modification_open_o_trunc_write: true
-audit_rules_unsuccessful_file_modification_openat: true
-audit_rules_unsuccessful_file_modification_openat_o_creat: true
-audit_rules_unsuccessful_file_modification_openat_o_trunc_write: true
-audit_rules_unsuccessful_file_modification_removexattr: true
-audit_rules_unsuccessful_file_modification_rename: true
-audit_rules_unsuccessful_file_modification_renameat: true
-audit_rules_unsuccessful_file_modification_setxattr: true
-audit_rules_unsuccessful_file_modification_truncate: true
-audit_rules_unsuccessful_file_modification_unlink: true
-audit_rules_unsuccessful_file_modification_unlinkat: true
-audit_rules_usergroup_modification_group: true
-audit_rules_usergroup_modification_gshadow: true
-audit_rules_usergroup_modification_passwd: true
-audit_rules_usergroup_modification_shadow: true
 auditd_audispd_syslog_plugin_activated: true
 auditd_data_retention_flush: true
+auditd_freq: true
+auditd_local_events: true
+auditd_log_format: true
+auditd_name_format: true
+auditd_write_logs: true
+configure_crypto_policy: true
+configure_kerberos_crypto_policy: true
+configure_libreswan_crypto_policy: true
 configure_strategy: true
+configure_tmux_lock_after_time: true
 configure_tmux_lock_command: true
-directory_access_var_log_audit: true
+coredump_disable_backtraces: true
+coredump_disable_storage: true
 disable_ctrlaltdel_burstaction: true
 disable_ctrlaltdel_reboot: true
 disable_host_auth: true
@@ -141,6 +97,7 @@ kernel_module_atm_disabled: true
 kernel_module_bluetooth_disabled: true
 kernel_module_can_disabled: true
 kernel_module_cramfs_disabled: true
+kernel_module_sctp_disabled: true
 kernel_module_tipc_disabled: true
 low_complexity: true
 low_disruption: true
@@ -172,16 +129,19 @@ no_empty_passwords: true
 no_reboot_needed: true
 package_abrt_removed: true
 package_aide_installed: true
+package_audit_installed: true
 package_fapolicyd_installed: true
 package_firewalld_installed: true
 package_gssproxy_removed: true
 package_iprutils_removed: true
 package_iptables_installed: true
 package_libreswan_installed: true
 package_policycoreutils_installed: true
+package_rsyslog_installed: true
 package_sendmail_removed: true
 package_sudo_installed: true
 package_tmux_installed: true
+package_tuned_removed: true
 package_usbguard_installed: true
 reboot_required: true
 require_singleuser_auth: true
@@ -190,19 +150,20 @@ securetty_root_login_console_only: true
 selinux_policytype: true
 selinux_state: true
 service_auditd_enabled: true
-service_fapolicyd_enabled: true
 service_firewalld_enabled: true
+service_rngd_enabled: true
 service_usbguard_enabled: true
 sshd_disable_empty_passwords: true
 sshd_disable_gssapi_auth: true
 sshd_disable_kerb_auth: true
-sshd_disable_rhosts: true
 sshd_disable_root_login: true
-sshd_disable_user_known_hosts: true
 sshd_enable_strictmodes: true
 sshd_enable_warning_banner: true
+sshd_rekey_limit: true
 sshd_set_idle_timeout: true
 sshd_set_keepalive: true
+sysctl_fs_protected_hardlinks: true
+sysctl_fs_protected_symlinks: true
 sysctl_kernel_core_pattern: true
 sysctl_kernel_dmesg_restrict: true
 sysctl_kernel_kexec_load_disabled: true
@@ -233,5 +194,6 @@ sysctl_net_ipv6_conf_all_accept_source_route: true
 sysctl_net_ipv6_conf_default_accept_ra: true
 sysctl_net_ipv6_conf_default_accept_redirects: true
 sysctl_net_ipv6_conf_default_accept_source_route: true
+sysctl_user_max_user_namespaces: true
 unknown_severity: true
 unknown_strategy: true