782bb48c14
This patch updates the tasks to match the changes in Version 1, Release 3 of the RHEL 7 STIG. It adds four new configurations: - V-77819 (docs only, manual intervention req'd) - V-77821 (disabling DCCP, implemented) - V-77823 (docs only, manual intervention req'd) - V-77825 (enabling ASLR, implemented) Closes-Bug: 1729344 Change-Id: I009fb31139e654f839d94781baf3d392c6613f46
16 lines
592 B
YAML
16 lines
592 B
YAML
---
|
|
features:
|
|
- |
|
|
The tasks within the ansible-hardening role are now based on Version 1,
|
|
Release 3 of the Red Hat Enteprise Linux Security Technical Implementation
|
|
Guide.
|
|
- |
|
|
The ``sysctl`` parameter ``kernel.randomize_va_space`` is now set to
|
|
``2`` by default. This matches the default of most modern Linux
|
|
distributions and it ensures that Address Space Layout Randomization
|
|
(ASLR) is enabled.
|
|
- |
|
|
The Datagram Congestion Control Protocol (DCCP) kernel module is now
|
|
disabled by default, but a reboot is required to make the change
|
|
effective.
|