Skip to content

Commit b6ff597

Browse files
author
Douglas Rapp
authored
Merge pull request #1 from sscpac/update_from_bitbucket_config
Applied all changes that had been made previously in our BitBucket pull
2 parents 307348b + 0c9ac02 commit b6ff597

File tree

1 file changed

+62
-29
lines changed

1 file changed

+62
-29
lines changed

defaults/main.yml

+62-29
Original file line numberDiff line numberDiff line change
@@ -36,31 +36,47 @@ rhel7stig_system_is_container: no
3636
# These variables correspond with the STIG IDs defined in the STIG and allows you to enable/disable specific rules.
3737
# PLEASE NOTE: These work in coordination with the cat1, cat2, cat3 group variables. You must enable an entire group
3838
# in order for the variables below to take effect.
39+
#
40+
# ACS: For each item that is turned off, a comment will be inserted with rationale
41+
#
3942
# CAT 1 rules
40-
rhel_07_010010: true
41-
rhel_07_010020: true
43+
# ACS: (??)
44+
rhel_07_010010: false
45+
# ACS: (??)
46+
rhel_07_010020: false
4247
rhel_07_010290: true
4348
rhel_07_010300: true
44-
rhel_07_010440: true
49+
# ACS: GNOME not used
50+
rhel_07_010440: false
51+
# ACS: (??)
4552
rhel_07_010450: true
46-
rhel_07_010480: true
47-
rhel_07_010482: true
48-
rhel_07_010490: true
49-
rhel_07_010491: true
53+
# ACS: Not applicable for RHEL 7.2+
54+
rhel_07_010480: false
55+
# ACS: (??)
56+
rhel_07_010482: false
57+
# ACS: (??)
58+
rhel_07_010490: false
59+
# ACS: (??)
60+
rhel_07_010491: false
5061
rhel_07_020000: true
5162
rhel_07_020010: true
5263
rhel_07_020050: true
5364
rhel_07_020060: true
54-
rhel_07_020210: true
55-
rhel_07_020220: true
56-
rhel_07_020230: true
65+
# ACS: (??)
66+
rhel_07_020210: false
67+
# ACS: (??)
68+
rhel_07_020220: false
69+
# ACS: N/A as ACS does not allow Ctrl-Alt-Del and the fix in the STIG playbook is not correct
70+
rhel_07_020230: false
5771
# Not an automated task
5872
rhel_07_020250: true
5973
rhel_07_020310: true
60-
rhel_07_021350: true
74+
# ACS: (??)
75+
rhel_07_021350: false
6176
rhel_07_021710: true
6277
rhel_07_030000: true
63-
rhel_07_032000: true
78+
# ACS: (??)
79+
rhel_07_032000: false
6480
rhel_07_040390: true
6581
rhel_07_040540: true
6682
rhel_07_040550: true
@@ -112,12 +128,14 @@ rhel_07_010500: true
112128
rhel_07_020020: true
113129
rhel_07_020030: true
114130
# Send AIDE reports as mail notifications - Disabled by default as this is a non-ideal way to do notifications
115-
rhel_07_020040: "{{ rhel7stig_disruption_high }}"
131+
# ACS: set to true
132+
rhel_07_020040: true
116133
rhel_07_020100: true
117134
rhel_07_020101: true
118135
rhel_07_020110: true
119136
rhel_07_020240: true
120-
rhel_07_020260: true
137+
# ACS: (??)
138+
rhel_07_020260: false
121139
rhel_07_020270: true
122140
rhel_07_020320: true
123141
rhel_07_020330: true
@@ -140,7 +158,8 @@ rhel_07_021000: true
140158
rhel_07_021010: true
141159
rhel_07_021020: true
142160
rhel_07_021021: true
143-
rhel_07_021030: true
161+
# ACS: (??)
162+
rhel_07_021030: false
144163
rhel_07_021040: true
145164
rhel_07_021100: true
146165
rhel_07_021110: true
@@ -169,9 +188,12 @@ rhel_07_030430: true
169188
rhel_07_030440: true
170189
rhel_07_030450: true
171190
rhel_07_030460: true
172-
rhel_07_030470: true
173-
rhel_07_030480: true
174-
rhel_07_030490: true
191+
# ACS: (??)
192+
rhel_07_030470: false
193+
# ACS: (??)
194+
rhel_07_030480: false
195+
# ACS: (??)
196+
rhel_07_030490: false
175197
rhel_07_030500: true
176198
rhel_07_030510: true
177199
rhel_07_030520: true
@@ -223,18 +245,23 @@ rhel_07_040100: true
223245
rhel_07_040110: true
224246
rhel_07_040160: true
225247
rhel_07_040170: true
226-
rhel_07_040180: true
248+
# ACS: (??)
249+
rhel_07_040180: false
227250
rhel_07_040190: true
228251
rhel_07_040200: true
229252
rhel_07_040201: true
230253
rhel_07_040300: true
231254
rhel_07_040310: true
232-
rhel_07_040320: true
233-
rhel_07_040330: true
234-
rhel_07_040340: true
255+
# ACS: (??)
256+
rhel_07_040320: false
257+
# ACS: Not applicable for RHEL 7.4+
258+
rhel_07_040330: false
259+
# ACS: (??)
260+
rhel_07_040340: false
235261
rhel_07_040350: true
236262
rhel_07_040360: true
237-
rhel_07_040370: true
263+
# ACS: (??)
264+
rhel_07_040370: false
238265
rhel_07_040380: true
239266
rhel_07_040400: true
240267
rhel_07_040410: true
@@ -255,10 +282,12 @@ rhel_07_040641: true
255282
rhel_07_040650: true
256283
rhel_07_040660: true
257284
rhel_07_040670: true
258-
rhel_07_040680: true
285+
# ACS: (??)
286+
rhel_07_040680: false
259287
rhel_07_040720: true
260288
rhel_07_040730: true
261-
rhel_07_040740: true
289+
# ACS: (??)
290+
rhel_07_040740: false
262291
rhel_07_040750: true
263292
rhel_07_040810: true
264293
rhel_07_040820: true
@@ -274,9 +303,12 @@ rhel_07_021022: true
274303
rhel_07_021023: true
275304
rhel_07_021024: true
276305
rhel_07_021310: true
277-
rhel_07_021320: true
278-
rhel_07_021330: true
279-
rhel_07_021340: true
306+
# ACS: (??)
307+
rhel_07_021320: false
308+
# ACS: (??)
309+
rhel_07_021330: false
310+
# ACS: (??)
311+
rhel_07_021340: false
280312
rhel_07_021600: true
281313
rhel_07_021610: true
282314
rhel_07_040000: true
@@ -314,7 +346,8 @@ rhel7stig_av_package:
314346
- clamav-server
315347
service: clamav-daemon
316348

317-
rhel7stig_time_service: chronyd
349+
# ACS: changed from chronyd -> ntpd (??)
350+
rhel7stig_time_service: ntpd
318351
rhel7stig_time_service_configs:
319352
chronyd:
320353
conf: /etc/chrony.conf

0 commit comments

Comments
 (0)