1d5824ddc4
In order to fully test hardening role we need to enable as much tasks as we can. So we add extra set of variables, that might be not enabled by default Change-Id: I0d6ba3632962ef1b6ecf865489846a95b46f6a30
30 lines
1.1 KiB
Django/Jinja
30 lines
1.1 KiB
Django/Jinja
---
|
|
|
|
security_disable_account_if_password_expires: yes
|
|
security_enable_firewalld: yes
|
|
security_pwquality_apply_rules: yes
|
|
security_enable_pwquality_password_set: yes
|
|
security_lock_session: yes
|
|
security_pwquality_require_minimum_password_length: yes
|
|
security_package_clean_on_remove: yes
|
|
security_pam_faillock_enable: yes
|
|
security_password_remember_password: 5
|
|
security_reset_perm_ownership: yes
|
|
security_require_grub_authentication: yes
|
|
security_rhel7_automatic_package_updates: yes
|
|
security_rhel7_initialize_aide: yes
|
|
security_rhel7_remove_shosts_files: yes
|
|
security_search_for_invalid_owner: yes
|
|
security_search_for_invalid_group_owner: yes
|
|
security_set_home_directory_permissions_and_owners: yes
|
|
security_set_minimum_password_lifetime: yes
|
|
security_unattended_upgrades_enabled: yes
|
|
security_unattended_upgrades_notifications: yes
|
|
# NOTE(mhayden): clamav is only available if EPEL is installed. There needs
|
|
# to be some work done to figure out how to install EPEL for use with
|
|
# this role without causing disruptions on the system.
|
|
security_enable_virus_scanner: no
|
|
security_run_virus_scanner_update: no
|
|
# Enable the contrib tasks.
|
|
security_contrib_enabled: yes
|