-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathmain.yml
526 lines (526 loc) · 20.7 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
---
# defaults file for rhel7_stig
var_aide_scan_notification_email: root@localhost
inactivity_timeout_value: '900'
var_screensaver_lock_delay: '5'
var_sudo_timestamp_timeout: '5'
login_banner_text: ^(You[\s\n]+are[\s\n]+accessing[\s\n]+a[\s\n]+U\.S\.[\s\n]+Government[\s\n]+\(USG\)[\s\n]+Information[\s\n]+System[\s\n]+\(IS\)[\s\n]+that[\s\n]+is[\s\n]+provided[\s\n]+for[\s\n]+USG\-authorized[\s\n]+use[\s\n]+only\.[\s\n]+By[\s\n]+using[\s\n]+this[\s\n]+IS[\s\n]+\(which[\s\n]+includes[\s\n]+any[\s\n]+device[\s\n]+attached[\s\n]+to[\s\n]+this[\s\n]+IS\),[\s\n]+you[\s\n]+consent[\s\n]+to[\s\n]+the[\s\n]+following[\s\n]+conditions\:(?:[\n]+|(?:\\n)+)\-The[\s\n]+USG[\s\n]+routinely[\s\n]+intercepts[\s\n]+and[\s\n]+monitors[\s\n]+communications[\s\n]+on[\s\n]+this[\s\n]+IS[\s\n]+for[\s\n]+purposes[\s\n]+including,[\s\n]+but[\s\n]+not[\s\n]+limited[\s\n]+to,[\s\n]+penetration[\s\n]+testing,[\s\n]+COMSEC[\s\n]+monitoring,[\s\n]+network[\s\n]+operations[\s\n]+and[\s\n]+defense,[\s\n]+personnel[\s\n]+misconduct[\s\n]+\(PM\),[\s\n]+law[\s\n]+enforcement[\s\n]+\(LE\),[\s\n]+and[\s\n]+counterintelligence[\s\n]+\(CI\)[\s\n]+investigations\.(?:[\n]+|(?:\\n)+)\-At[\s\n]+any[\s\n]+time,[\s\n]+the[\s\n]+USG[\s\n]+may[\s\n]+inspect[\s\n]+and[\s\n]+seize[\s\n]+data[\s\n]+stored[\s\n]+on[\s\n]+this[\s\n]+IS\.(?:[\n]+|(?:\\n)+)\-Communications[\s\n]+using,[\s\n]+or[\s\n]+data[\s\n]+stored[\s\n]+on,[\s\n]+this[\s\n]+IS[\s\n]+are[\s\n]+not[\s\n]+private,[\s\n]+are[\s\n]+subject[\s\n]+to[\s\n]+routine[\s\n]+monitoring,[\s\n]+interception,[\s\n]+and[\s\n]+search,[\s\n]+and[\s\n]+may[\s\n]+be[\s\n]+disclosed[\s\n]+or[\s\n]+used[\s\n]+for[\s\n]+any[\s\n]+USG\-authorized[\s\n]+purpose\.(?:[\n]+|(?:\\n)+)\-This[\s\n]+IS[\s\n]+includes[\s\n]+security[\s\n]+measures[\s\n]+\(e\.g\.,[\s\n]+authentication[\s\n]+and[\s\n]+access[\s\n]+controls\)[\s\n]+to[\s\n]+protect[\s\n]+USG[\s\n]+interests\-\-not[\s\n]+for[\s\n]+your[\s\n]+personal[\s\n]+benefit[\s\n]+or[\s\n]+privacy\.(?:[\n]+|(?:\\n)+)\-Notwithstanding[\s\n]+the[\s\n]+above,[\s\n]+using[\s\n]+this[\s\n]+IS[\s\n]+does[\s\n]+not[\s\n]+constitute[\s\n]+consent[\s\n]+to[\s\n]+PM,[\s\n]+LE[\s\n]+or[\s\n]+CI[\s\n]+investigative[\s\n]+searching[\s\n]+or[\s\n]+monitoring[\s\n]+of[\s\n]+the[\s\n]+content[\s\n]+of[\s\n]+privileged[\s\n]+communications,[\s\n]+or[\s\n]+work[\s\n]+product,[\s\n]+related[\s\n]+to[\s\n]+personal[\s\n]+representation[\s\n]+or[\s\n]+services[\s\n]+by[\s\n]+attorneys,[\s\n]+psychotherapists,[\s\n]+or[\s\n]+clergy,[\s\n]+and[\s\n]+their[\s\n]+assistants\.[\s\n]+Such[\s\n]+communications[\s\n]+and[\s\n]+work[\s\n]+product[\s\n]+are[\s\n]+private[\s\n]+and[\s\n]+confidential\.[\s\n]+See[\s\n]+User[\s\n]+Agreement[\s\n]+for[\s\n]+details\.|I've[\s\n]+read[\s\n]+\&[\s\n]+consent[\s\n]+to[\s\n]+terms[\s\n]+in[\s\n]+IS[\s\n]+user[\s\n]+agreem't\.)$
var_password_pam_remember: '5'
var_password_pam_remember_control_flag: requisite
var_accounts_passwords_pam_faillock_deny: '3'
var_accounts_passwords_pam_faillock_fail_interval: '900'
var_accounts_passwords_pam_faillock_unlock_time: '0'
var_password_pam_dcredit: '-1'
var_password_pam_difok: '8'
var_password_pam_lcredit: '-1'
var_password_pam_maxclassrepeat: '4'
var_password_pam_maxrepeat: '3'
var_password_pam_minclass: '4'
var_password_pam_minlen: '15'
var_password_pam_ocredit: '-1'
var_password_pam_retry: '3'
var_password_pam_ucredit: '-1'
var_password_hashing_algorithm: SHA512
var_account_disable_post_pw_expiration: '35'
var_accounts_maximum_age_login_defs: '60'
var_accounts_minimum_age_login_defs: '1'
var_accounts_fail_delay: '4'
var_accounts_max_concurrent_login_sessions: '10'
var_accounts_tmout: '900'
var_user_initialization_files_regex: ^(\.bashrc|\.zshrc|\.cshrc|\.profile|\.bash_login|\.bash_profile)$
var_accounts_user_umask: '077'
var_audit_failure_mode: '2'
var_accounts_passwords_pam_faillock_dir: /var/run/faillock
var_audispd_remote_server: logcollector
var_audispd_disk_full_action: single
var_audispd_network_failure_action: single
var_auditd_action_mail_acct: root
var_auditd_space_left_action: email
var_auditd_space_left_percentage: '25'
var_auditd_name_format: hostname|fqd|numeric
rsyslog_remote_loghost_address: logcollector
sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_rp_filter_value: '1'
sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_default_rp_filter_value: '1'
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
var_removable_partition: /dev/cdrom
var_selinux_policy_name: targeted
var_selinux_state: enforcing
var_ssh_sysadm_login: 'false'
var_time_service_set_maxpoll: '16'
var_tftpd_secure_directory: /var/lib/tftpboot
var_snmpd_ro_string: changemero
var_snmpd_rw_string: changemerw
sshd_idle_timeout_value: '600'
var_sshd_disable_compression: 'no'
var_sshd_priv_separation: sandbox
DISA_STIG_RHEL_07_010010: true
DISA_STIG_RHEL_07_010019: true
DISA_STIG_RHEL_07_010020: true
DISA_STIG_RHEL_07_010030: true
DISA_STIG_RHEL_07_010040: true
DISA_STIG_RHEL_07_010050: true
DISA_STIG_RHEL_07_010060: true
DISA_STIG_RHEL_07_010061: true
DISA_STIG_RHEL_07_010062: true
DISA_STIG_RHEL_07_010063: true
DISA_STIG_RHEL_07_010070: true
DISA_STIG_RHEL_07_010081: true
DISA_STIG_RHEL_07_010082: true
DISA_STIG_RHEL_07_010090: true
DISA_STIG_RHEL_07_010100: true
DISA_STIG_RHEL_07_010101: true
DISA_STIG_RHEL_07_010110: true
DISA_STIG_RHEL_07_010119: true
DISA_STIG_RHEL_07_010120: true
DISA_STIG_RHEL_07_010130: true
DISA_STIG_RHEL_07_010140: true
DISA_STIG_RHEL_07_010150: true
DISA_STIG_RHEL_07_010160: true
DISA_STIG_RHEL_07_010170: true
DISA_STIG_RHEL_07_010180: true
DISA_STIG_RHEL_07_010190: true
DISA_STIG_RHEL_07_010200: true
DISA_STIG_RHEL_07_010210: true
DISA_STIG_RHEL_07_010220: true
DISA_STIG_RHEL_07_010230: true
DISA_STIG_RHEL_07_010240: true
DISA_STIG_RHEL_07_010250: true
DISA_STIG_RHEL_07_010260: true
DISA_STIG_RHEL_07_010270: true
DISA_STIG_RHEL_07_010280: true
DISA_STIG_RHEL_07_010290: true
DISA_STIG_RHEL_07_010291: true
DISA_STIG_RHEL_07_010300: true
DISA_STIG_RHEL_07_010310: true
DISA_STIG_RHEL_07_010320: true
DISA_STIG_RHEL_07_010330: true
DISA_STIG_RHEL_07_010339: true
DISA_STIG_RHEL_07_010340: true
DISA_STIG_RHEL_07_010342: true
DISA_STIG_RHEL_07_010343: true
DISA_STIG_RHEL_07_010344: true
DISA_STIG_RHEL_07_010350: true
DISA_STIG_RHEL_07_010375: true
DISA_STIG_RHEL_07_010430: true
DISA_STIG_RHEL_07_010440: true
DISA_STIG_RHEL_07_010450: true
DISA_STIG_RHEL_07_010460: true
DISA_STIG_RHEL_07_010470: true
DISA_STIG_RHEL_07_010481: true
DISA_STIG_RHEL_07_020000: true
DISA_STIG_RHEL_07_020010: true
DISA_STIG_RHEL_07_020022: true
DISA_STIG_RHEL_07_020028: true
DISA_STIG_RHEL_07_020029: true
DISA_STIG_RHEL_07_020030: true
DISA_STIG_RHEL_07_020040: true
DISA_STIG_RHEL_07_020050: true
DISA_STIG_RHEL_07_020060: true
DISA_STIG_RHEL_07_020100: true
DISA_STIG_RHEL_07_020101: true
DISA_STIG_RHEL_07_020110: true
DISA_STIG_RHEL_07_020111: true
DISA_STIG_RHEL_07_020200: true
DISA_STIG_RHEL_07_020210: true
DISA_STIG_RHEL_07_020220: true
DISA_STIG_RHEL_07_020230: true
DISA_STIG_RHEL_07_020231: true
DISA_STIG_RHEL_07_020240: true
DISA_STIG_RHEL_07_020260: true
DISA_STIG_RHEL_07_020310: true
DISA_STIG_RHEL_07_020610: true
DISA_STIG_RHEL_07_020620: true
DISA_STIG_RHEL_07_020630: true
DISA_STIG_RHEL_07_020640: true
DISA_STIG_RHEL_07_020650: true
DISA_STIG_RHEL_07_020660: true
DISA_STIG_RHEL_07_020670: true
DISA_STIG_RHEL_07_020680: true
DISA_STIG_RHEL_07_020690: true
DISA_STIG_RHEL_07_020700: true
DISA_STIG_RHEL_07_020710: true
DISA_STIG_RHEL_07_021000: true
DISA_STIG_RHEL_07_021010: true
DISA_STIG_RHEL_07_021020: true
DISA_STIG_RHEL_07_021021: true
DISA_STIG_RHEL_07_021024: true
DISA_STIG_RHEL_07_021040: true
DISA_STIG_RHEL_07_021110: true
DISA_STIG_RHEL_07_021120: true
DISA_STIG_RHEL_07_021300: true
DISA_STIG_RHEL_07_021350: true
DISA_STIG_RHEL_07_021600: true
DISA_STIG_RHEL_07_021610: true
DISA_STIG_RHEL_07_021710: true
DISA_STIG_RHEL_07_030000: true
DISA_STIG_RHEL_07_030010: true
DISA_STIG_RHEL_07_030201: true
DISA_STIG_RHEL_07_030210: true
DISA_STIG_RHEL_07_030211: true
DISA_STIG_RHEL_07_030300: true
DISA_STIG_RHEL_07_030310: true
DISA_STIG_RHEL_07_030320: true
DISA_STIG_RHEL_07_030321: true
DISA_STIG_RHEL_07_030330: true
DISA_STIG_RHEL_07_030340: true
DISA_STIG_RHEL_07_030350: true
DISA_STIG_RHEL_07_030360: true
DISA_STIG_RHEL_07_030370: true
DISA_STIG_RHEL_07_030410: true
DISA_STIG_RHEL_07_030440: true
DISA_STIG_RHEL_07_030510: true
DISA_STIG_RHEL_07_030560: true
DISA_STIG_RHEL_07_030570: true
DISA_STIG_RHEL_07_030580: true
DISA_STIG_RHEL_07_030590: true
DISA_STIG_RHEL_07_030610: true
DISA_STIG_RHEL_07_030620: true
DISA_STIG_RHEL_07_030630: true
DISA_STIG_RHEL_07_030640: true
DISA_STIG_RHEL_07_030650: true
DISA_STIG_RHEL_07_030660: true
DISA_STIG_RHEL_07_030670: true
DISA_STIG_RHEL_07_030680: true
DISA_STIG_RHEL_07_030690: true
DISA_STIG_RHEL_07_030700: true
DISA_STIG_RHEL_07_030710: true
DISA_STIG_RHEL_07_030720: true
DISA_STIG_RHEL_07_030740: true
DISA_STIG_RHEL_07_030750: true
DISA_STIG_RHEL_07_030760: true
DISA_STIG_RHEL_07_030770: true
DISA_STIG_RHEL_07_030780: true
DISA_STIG_RHEL_07_030800: true
DISA_STIG_RHEL_07_030810: true
DISA_STIG_RHEL_07_030819: true
DISA_STIG_RHEL_07_030820: true
DISA_STIG_RHEL_07_030830: true
DISA_STIG_RHEL_07_030840: true
DISA_STIG_RHEL_07_030870: true
DISA_STIG_RHEL_07_030871: true
DISA_STIG_RHEL_07_030872: true
DISA_STIG_RHEL_07_030873: true
DISA_STIG_RHEL_07_030874: true
DISA_STIG_RHEL_07_030910: true
DISA_STIG_RHEL_07_031000: true
DISA_STIG_RHEL_07_031010: true
DISA_STIG_RHEL_07_040000: true
DISA_STIG_RHEL_07_040110: true
DISA_STIG_RHEL_07_040160: true
DISA_STIG_RHEL_07_040170: true
DISA_STIG_RHEL_07_040180: true
DISA_STIG_RHEL_07_040190: true
DISA_STIG_RHEL_07_040201: true
DISA_STIG_RHEL_07_040300: true
DISA_STIG_RHEL_07_040310: true
DISA_STIG_RHEL_07_040320: true
DISA_STIG_RHEL_07_040330: true
DISA_STIG_RHEL_07_040340: true
DISA_STIG_RHEL_07_040350: true
DISA_STIG_RHEL_07_040360: true
DISA_STIG_RHEL_07_040370: true
DISA_STIG_RHEL_07_040380: true
DISA_STIG_RHEL_07_040390: true
DISA_STIG_RHEL_07_040400: true
DISA_STIG_RHEL_07_040410: true
DISA_STIG_RHEL_07_040420: true
DISA_STIG_RHEL_07_040430: true
DISA_STIG_RHEL_07_040440: true
DISA_STIG_RHEL_07_040450: true
DISA_STIG_RHEL_07_040460: true
DISA_STIG_RHEL_07_040470: true
DISA_STIG_RHEL_07_040500: true
DISA_STIG_RHEL_07_040520: true
DISA_STIG_RHEL_07_040530: true
DISA_STIG_RHEL_07_040540: true
DISA_STIG_RHEL_07_040550: true
DISA_STIG_RHEL_07_040610: true
DISA_STIG_RHEL_07_040611: true
DISA_STIG_RHEL_07_040612: true
DISA_STIG_RHEL_07_040620: true
DISA_STIG_RHEL_07_040630: true
DISA_STIG_RHEL_07_040640: true
DISA_STIG_RHEL_07_040641: true
DISA_STIG_RHEL_07_040650: true
DISA_STIG_RHEL_07_040660: true
DISA_STIG_RHEL_07_040670: true
DISA_STIG_RHEL_07_040680: true
DISA_STIG_RHEL_07_040690: true
DISA_STIG_RHEL_07_040700: true
DISA_STIG_RHEL_07_040710: true
DISA_STIG_RHEL_07_040711: true
DISA_STIG_RHEL_07_040712: true
DISA_STIG_RHEL_07_040720: true
DISA_STIG_RHEL_07_040730: true
DISA_STIG_RHEL_07_040740: true
DISA_STIG_RHEL_07_040750: true
DISA_STIG_RHEL_07_040800: true
DISA_STIG_RHEL_07_040830: true
DISA_STIG_RHEL_07_041001: true
DISA_STIG_RHEL_07_041003: true
DISA_STIG_RHEL_07_041010: true
DISA_STIG_RHEL_07_910055: true
account_disable_post_pw_expiration: true
accounts_have_homedir_login_defs: true
accounts_logon_fail_delay: true
accounts_max_concurrent_login_sessions: true
accounts_maximum_age_login_defs: true
accounts_minimum_age_login_defs: true
accounts_no_uid_except_zero: true
accounts_password_pam_dcredit: true
accounts_password_pam_difok: true
accounts_password_pam_lcredit: true
accounts_password_pam_maxclassrepeat: true
accounts_password_pam_maxrepeat: true
accounts_password_pam_minclass: true
accounts_password_pam_minlen: true
accounts_password_pam_ocredit: true
accounts_password_pam_pwhistory_remember_password_auth: true
accounts_password_pam_pwhistory_remember_system_auth: true
accounts_password_pam_retry: true
accounts_password_pam_ucredit: true
accounts_password_set_max_life_existing: true
accounts_password_set_min_life_existing: true
accounts_passwords_pam_faillock_deny: true
accounts_passwords_pam_faillock_deny_root: true
accounts_passwords_pam_faillock_interval: true
accounts_passwords_pam_faillock_unlock_time: true
accounts_tmout: true
accounts_umask_etc_login_defs: true
accounts_umask_interactive_users: true
accounts_user_dot_group_ownership: true
accounts_user_dot_user_ownership: true
accounts_user_interactive_home_directory_exists: true
accounts_users_home_files_groupownership: true
accounts_users_home_files_ownership: true
accounts_users_home_files_permissions: true
aide_build_database: true
aide_periodic_cron_checking: true
aide_scan_notification: true
aide_verify_acls: true
aide_verify_ext_attributes: true
audit_rules_dac_modification_chmod: true
audit_rules_dac_modification_chown: true
audit_rules_dac_modification_fchmod: true
audit_rules_dac_modification_fchmodat: true
audit_rules_dac_modification_fchown: true
audit_rules_dac_modification_fchownat: true
audit_rules_dac_modification_fremovexattr: true
audit_rules_dac_modification_fsetxattr: true
audit_rules_dac_modification_lchown: true
audit_rules_dac_modification_lremovexattr: true
audit_rules_dac_modification_lsetxattr: true
audit_rules_dac_modification_removexattr: true
audit_rules_dac_modification_setxattr: true
audit_rules_execution_chcon: true
audit_rules_execution_semanage: true
audit_rules_execution_setfiles: true
audit_rules_execution_setsebool: true
audit_rules_file_deletion_events_rename: true
audit_rules_file_deletion_events_renameat: true
audit_rules_file_deletion_events_rmdir: true
audit_rules_file_deletion_events_unlink: true
audit_rules_file_deletion_events_unlinkat: true
audit_rules_kernel_module_loading_create: true
audit_rules_kernel_module_loading_delete: true
audit_rules_kernel_module_loading_finit: true
audit_rules_kernel_module_loading_init: true
audit_rules_login_events_faillock: true
audit_rules_login_events_lastlog: true
audit_rules_media_export: true
audit_rules_privileged_commands_chage: true
audit_rules_privileged_commands_chsh: true
audit_rules_privileged_commands_crontab: true
audit_rules_privileged_commands_gpasswd: true
audit_rules_privileged_commands_kmod: true
audit_rules_privileged_commands_mount: true
audit_rules_privileged_commands_newgrp: true
audit_rules_privileged_commands_pam_timestamp_check: true
audit_rules_privileged_commands_passwd: true
audit_rules_privileged_commands_postdrop: true
audit_rules_privileged_commands_postqueue: true
audit_rules_privileged_commands_ssh_keysign: true
audit_rules_privileged_commands_su: true
audit_rules_privileged_commands_sudo: true
audit_rules_privileged_commands_umount: true
audit_rules_privileged_commands_unix_chkpwd: true
audit_rules_privileged_commands_userhelper: true
audit_rules_suid_privilege_function: true
audit_rules_sysadmin_actions: true
audit_rules_system_shutdown: true
audit_rules_unsuccessful_file_modification_creat: true
audit_rules_unsuccessful_file_modification_ftruncate: true
audit_rules_unsuccessful_file_modification_open: true
audit_rules_unsuccessful_file_modification_open_by_handle_at: true
audit_rules_unsuccessful_file_modification_openat: true
audit_rules_unsuccessful_file_modification_truncate: true
audit_rules_usergroup_modification_group: true
audit_rules_usergroup_modification_gshadow: true
audit_rules_usergroup_modification_opasswd: true
audit_rules_usergroup_modification_passwd: true
audit_rules_usergroup_modification_shadow: true
auditd_audispd_configure_remote_server: true
auditd_audispd_disk_full_action: true
auditd_audispd_encrypt_sent_records: true
auditd_audispd_network_failure_action: true
auditd_audispd_remote_daemon_activated: true
auditd_audispd_remote_daemon_direction: true
auditd_audispd_remote_daemon_path: true
auditd_audispd_remote_daemon_type: true
auditd_data_retention_action_mail_acct: true
auditd_data_retention_space_left_action: true
auditd_data_retention_space_left_percentage: true
auditd_name_format: true
auditd_overflow_action: true
banner_etc_issue: true
chronyd_or_ntpd_set_maxpoll: true
clean_components_post_updating: true
configure_strategy: true
dconf_db_up_to_date: true
dconf_gnome_banner_enabled: true
dconf_gnome_disable_automount: true
dconf_gnome_disable_automount_open: true
dconf_gnome_disable_autorun: true
dconf_gnome_disable_ctrlaltdel_reboot: true
dconf_gnome_disable_user_list: true
dconf_gnome_enable_smartcard_auth: true
dconf_gnome_login_banner_text: true
dconf_gnome_screensaver_idle_activation_enabled: true
dconf_gnome_screensaver_idle_activation_locked: true
dconf_gnome_screensaver_idle_delay: true
dconf_gnome_screensaver_lock_delay: true
dconf_gnome_screensaver_lock_enabled: true
dconf_gnome_screensaver_lock_locked: true
dconf_gnome_screensaver_user_locks: true
dconf_gnome_session_idle_user_locks: true
disable_ctrlaltdel_reboot: true
disable_host_auth: true
disable_strategy: true
disallow_bypass_password_sudo: true
display_login_attempts: true
enable_strategy: true
ensure_gpgcheck_globally_activated: true
ensure_gpgcheck_local_packages: true
ensure_redhat_gpgkey_installed: true
file_groupowner_cron_allow: true
file_groupownership_home_directories: true
file_owner_cron_allow: true
file_ownership_home_directories: true
file_permission_user_init_files: true
file_permissions_home_directories: true
file_permissions_sshd_private_key: true
file_permissions_sshd_pub_key: true
file_permissions_var_log_audit: true
gnome_gdm_disable_automatic_login: true
gnome_gdm_disable_guest_login: true
grub2_enable_fips_mode: true
high_complexity: true
high_disruption: true
high_severity: true
install_smartcard_packages: true
kernel_module_dccp_disabled: true
low_complexity: true
low_disruption: true
low_severity: true
medium_complexity: true
medium_disruption: true
medium_severity: true
mount_option_dev_shm_nodev: true
mount_option_dev_shm_noexec: true
mount_option_dev_shm_nosuid: true
mount_option_home_nosuid: true
mount_option_krb_sec_remote_filesystems: true
mount_option_noexec_remote_filesystems: true
mount_option_nosuid_remote_filesystems: true
mount_option_nosuid_removable_partitions: true
network_sniffer_disabled: true
no_empty_passwords: true
no_empty_passwords_etc_shadow: true
no_host_based_files: true
no_reboot_needed: true
no_user_host_based_files: true
package_aide_installed: true
package_mailx_installed: true
package_openssh_server_installed: true
package_rsh_server_removed: true
package_screen_installed: true
package_telnet_server_removed: true
package_tftp_server_removed: true
package_vsftpd_removed: true
package_ypserv_removed: true
patch_strategy: true
postfix_prevent_unrestricted_relay: true
reboot_required: true
require_singleuser_auth: true
restrict_strategy: true
rpm_verify_hashes: true
rpm_verify_ownership: true
rpm_verify_permissions: true
rsyslog_nolisten: true
rsyslog_remote_loghost: true
sebool_ssh_sysadm_login: true
security_patches_up_to_date: true
selinux_policytype: true
selinux_state: true
service_auditd_enabled: true
service_autofs_disabled: true
service_firewalld_enabled: true
service_kdump_disabled: true
service_sshd_enabled: true
set_password_hashing_algorithm_libuserconf: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
skip_ansible_lint: true
smartcard_configure_cert_checking: true
snmpd_not_default_password: true
sshd_allow_only_protocol2: true
sshd_disable_compression: true
sshd_disable_empty_passwords: true
sshd_disable_gssapi_auth: true
sshd_disable_kerb_auth: true
sshd_disable_rhosts: true
sshd_disable_rhosts_rsa: true
sshd_disable_root_login: true
sshd_disable_user_known_hosts: true
sshd_disable_x11_forwarding: true
sshd_do_not_permit_user_env: true
sshd_enable_strictmodes: true
sshd_enable_warning_banner: true
sshd_print_last_log: true
sshd_set_idle_timeout: true
sshd_set_keepalive_0: true
sshd_use_approved_ciphers_ordered_stig: true
sshd_use_approved_kex_ordered_stig: true
sshd_use_approved_macs_ordered_stig: true
sshd_use_priv_separation: true
sshd_x11_use_localhost: true
sssd_ldap_configure_tls_reqcert: true
sssd_ldap_start_tls: true
sudo_remove_no_authenticate: true
sudo_remove_nopasswd: true
sudo_require_reauthentication: true
sudoers_default_includedir: true
sudoers_validate_passwd: true
sysctl_kernel_dmesg_restrict: true
sysctl_kernel_randomize_va_space: true
sysctl_net_ipv4_conf_all_accept_redirects: true
sysctl_net_ipv4_conf_all_accept_source_route: true
sysctl_net_ipv4_conf_all_rp_filter: true
sysctl_net_ipv4_conf_all_send_redirects: true
sysctl_net_ipv4_conf_default_accept_redirects: true
sysctl_net_ipv4_conf_default_accept_source_route: true
sysctl_net_ipv4_conf_default_rp_filter: true
sysctl_net_ipv4_conf_default_send_redirects: true
sysctl_net_ipv4_icmp_echo_ignore_broadcasts: true
sysctl_net_ipv4_ip_forward: true
sysctl_net_ipv6_conf_all_accept_source_route: true
tftpd_uses_secure_mode: true
unknown_strategy: true
wireless_disable_interfaces: true
xwindows_remove_packages: true