forked from RedHatOfficial/ansible-role-rhel8-stig
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
772 lines (772 loc) · 29.2 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
---
# defaults file for rhel8_stig
var_aide_scan_notification_email: root@localhost
var_system_crypto_policy: FIPS
sshd_approved_ciphers: aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected]
sshd_approved_macs: hmac-sha2-512,hmac-sha2-256,[email protected],[email protected]
inactivity_timeout_value: '900'
var_screensaver_lock_delay: '5'
var_sudo_timestamp_timeout: '0'
var_authselect_profile: sssd
login_banner_text: ^(You[\s\n]+are[\s\n]+accessing[\s\n]+a[\s\n]+U\.S\.[\s\n]+Government[\s\n]+\(USG\)[\s\n]+Information[\s\n]+System[\s\n]+\(IS\)[\s\n]+that[\s\n]+is[\s\n]+provided[\s\n]+for[\s\n]+USG\-authorized[\s\n]+use[\s\n]+only\.[\s\n]+By[\s\n]+using[\s\n]+this[\s\n]+IS[\s\n]+\(which[\s\n]+includes[\s\n]+any[\s\n]+device[\s\n]+attached[\s\n]+to[\s\n]+this[\s\n]+IS\),[\s\n]+you[\s\n]+consent[\s\n]+to[\s\n]+the[\s\n]+following[\s\n]+conditions\:(?:[\n]+|(?:\\n)+)\-The[\s\n]+USG[\s\n]+routinely[\s\n]+intercepts[\s\n]+and[\s\n]+monitors[\s\n]+communications[\s\n]+on[\s\n]+this[\s\n]+IS[\s\n]+for[\s\n]+purposes[\s\n]+including,[\s\n]+but[\s\n]+not[\s\n]+limited[\s\n]+to,[\s\n]+penetration[\s\n]+testing,[\s\n]+COMSEC[\s\n]+monitoring,[\s\n]+network[\s\n]+operations[\s\n]+and[\s\n]+defense,[\s\n]+personnel[\s\n]+misconduct[\s\n]+\(PM\),[\s\n]+law[\s\n]+enforcement[\s\n]+\(LE\),[\s\n]+and[\s\n]+counterintelligence[\s\n]+\(CI\)[\s\n]+investigations\.(?:[\n]+|(?:\\n)+)\-At[\s\n]+any[\s\n]+time,[\s\n]+the[\s\n]+USG[\s\n]+may[\s\n]+inspect[\s\n]+and[\s\n]+seize[\s\n]+data[\s\n]+stored[\s\n]+on[\s\n]+this[\s\n]+IS\.(?:[\n]+|(?:\\n)+)\-Communications[\s\n]+using,[\s\n]+or[\s\n]+data[\s\n]+stored[\s\n]+on,[\s\n]+this[\s\n]+IS[\s\n]+are[\s\n]+not[\s\n]+private,[\s\n]+are[\s\n]+subject[\s\n]+to[\s\n]+routine[\s\n]+monitoring,[\s\n]+interception,[\s\n]+and[\s\n]+search,[\s\n]+and[\s\n]+may[\s\n]+be[\s\n]+disclosed[\s\n]+or[\s\n]+used[\s\n]+for[\s\n]+any[\s\n]+USG\-authorized[\s\n]+purpose\.(?:[\n]+|(?:\\n)+)\-This[\s\n]+IS[\s\n]+includes[\s\n]+security[\s\n]+measures[\s\n]+\(e\.g\.,[\s\n]+authentication[\s\n]+and[\s\n]+access[\s\n]+controls\)[\s\n]+to[\s\n]+protect[\s\n]+USG[\s\n]+interests\-\-not[\s\n]+for[\s\n]+your[\s\n]+personal[\s\n]+benefit[\s\n]+or[\s\n]+privacy\.(?:[\n]+|(?:\\n)+)\-Notwithstanding[\s\n]+the[\s\n]+above,[\s\n]+using[\s\n]+this[\s\n]+IS[\s\n]+does[\s\n]+not[\s\n]+constitute[\s\n]+consent[\s\n]+to[\s\n]+PM,[\s\n]+LE[\s\n]+or[\s\n]+CI[\s\n]+investigative[\s\n]+searching[\s\n]+or[\s\n]+monitoring[\s\n]+of[\s\n]+the[\s\n]+content[\s\n]+of[\s\n]+privileged[\s\n]+communications,[\s\n]+or[\s\n]+work[\s\n]+product,[\s\n]+related[\s\n]+to[\s\n]+personal[\s\n]+representation[\s\n]+or[\s\n]+services[\s\n]+by[\s\n]+attorneys,[\s\n]+psychotherapists,[\s\n]+or[\s\n]+clergy,[\s\n]+and[\s\n]+their[\s\n]+assistants\.[\s\n]+Such[\s\n]+communications[\s\n]+and[\s\n]+work[\s\n]+product[\s\n]+are[\s\n]+private[\s\n]+and[\s\n]+confidential\.[\s\n]+See[\s\n]+User[\s\n]+Agreement[\s\n]+for[\s\n]+details\.|I've[\s\n]+read[\s\n]+\&[\s\n]+consent[\s\n]+to[\s\n]+terms[\s\n]+in[\s\n]+IS[\s\n]+user[\s\n]+agreem't\.)$
var_password_pam_remember: '5'
var_password_pam_remember_control_flag: requisite,required
var_accounts_passwords_pam_faillock_deny: '3'
var_accounts_passwords_pam_faillock_dir: /var/log/faillock
var_accounts_passwords_pam_faillock_fail_interval: '900'
var_accounts_passwords_pam_faillock_unlock_time: '0'
var_password_pam_dcredit: '-1'
var_password_pam_dictcheck: '1'
var_password_pam_difok: '8'
var_password_pam_lcredit: '-1'
var_password_pam_maxclassrepeat: '4'
var_password_pam_maxrepeat: '3'
var_password_pam_minclass: '4'
var_password_pam_minlen: '15'
var_password_pam_ocredit: '-1'
var_password_pam_retry: '3'
var_password_pam_ucredit: '-1'
var_password_hashing_algorithm: SHA512
var_logind_session_timeout: '300'
var_account_disable_post_pw_expiration: '35'
var_accounts_maximum_age_login_defs: '60'
var_accounts_minimum_age_login_defs: '1'
var_accounts_password_minlen_login_defs: '15'
var_accounts_fail_delay: '4'
var_accounts_max_concurrent_login_sessions: '10'
var_user_initialization_files_regex: ^(\.bashrc|\.zshrc|\.cshrc|\.profile|\.bash_login|\.bash_profile)$
var_accounts_user_umask: '077'
var_auditd_disk_error_action: syslog|single|halt
var_auditd_disk_full_action: syslog|single|halt
var_auditd_action_mail_acct: root
var_auditd_space_left_action: email
var_auditd_space_left_percentage: '25'
var_auditd_name_format: hostname|fqd|numeric
rsyslog_remote_loghost_address: logcollector
sysctl_net_ipv6_conf_all_accept_ra_value: '0'
sysctl_net_ipv6_conf_all_accept_redirects_value: '0'
sysctl_net_ipv6_conf_all_accept_source_route_value: '0'
sysctl_net_ipv6_conf_all_forwarding_value: '0'
sysctl_net_ipv6_conf_default_accept_ra_value: '0'
sysctl_net_ipv6_conf_default_accept_redirects_value: '0'
sysctl_net_ipv6_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_accept_redirects_value: '0'
sysctl_net_ipv4_conf_all_accept_source_route_value: '0'
sysctl_net_ipv4_conf_all_forwarding_value: '0'
sysctl_net_ipv4_conf_all_rp_filter_value: '1'
sysctl_net_ipv4_conf_default_accept_redirects_value: '0'
sysctl_net_ipv4_conf_default_accept_source_route_value: '0'
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value: '1'
var_removable_partition: /dev/cdrom
sysctl_kernel_kptr_restrict_value: '1'
var_slub_debug_options: P
var_selinux_policy_name: targeted
var_selinux_state: enforcing
var_time_service_set_maxpoll: '16'
var_tftpd_secure_directory: /var/lib/tftpboot
var_sshd_set_keepalive: '1'
sshd_idle_timeout_value: '600'
var_rekey_limit_size: 1G
var_rekey_limit_time: 1h
var_sssd_certificate_verification_digest_function: sha1
DISA_STIG_RHEL_08_010010: true
DISA_STIG_RHEL_08_010019: true
DISA_STIG_RHEL_08_010020: true
DISA_STIG_RHEL_08_010040: true
DISA_STIG_RHEL_08_010049: true
DISA_STIG_RHEL_08_010050: true
DISA_STIG_RHEL_08_010060: true
DISA_STIG_RHEL_08_010070: true
DISA_STIG_RHEL_08_010110: true
DISA_STIG_RHEL_08_010121: true
DISA_STIG_RHEL_08_010130: true
DISA_STIG_RHEL_08_010151: true
DISA_STIG_RHEL_08_010152: true
DISA_STIG_RHEL_08_010159: true
DISA_STIG_RHEL_08_010160: true
DISA_STIG_RHEL_08_010161: true
DISA_STIG_RHEL_08_010162: true
DISA_STIG_RHEL_08_010163: true
DISA_STIG_RHEL_08_010170: true
DISA_STIG_RHEL_08_010171: true
DISA_STIG_RHEL_08_010190: true
DISA_STIG_RHEL_08_010200: true
DISA_STIG_RHEL_08_010201: true
DISA_STIG_RHEL_08_010210: true
DISA_STIG_RHEL_08_010220: true
DISA_STIG_RHEL_08_010230: true
DISA_STIG_RHEL_08_010240: true
DISA_STIG_RHEL_08_010250: true
DISA_STIG_RHEL_08_010260: true
DISA_STIG_RHEL_08_010287: true
DISA_STIG_RHEL_08_010290: true
DISA_STIG_RHEL_08_010291: true
DISA_STIG_RHEL_08_010292: true
DISA_STIG_RHEL_08_010293: true
DISA_STIG_RHEL_08_010295: true
DISA_STIG_RHEL_08_010300: true
DISA_STIG_RHEL_08_010310: true
DISA_STIG_RHEL_08_010320: true
DISA_STIG_RHEL_08_010330: true
DISA_STIG_RHEL_08_010331: true
DISA_STIG_RHEL_08_010340: true
DISA_STIG_RHEL_08_010341: true
DISA_STIG_RHEL_08_010350: true
DISA_STIG_RHEL_08_010351: true
DISA_STIG_RHEL_08_010358: true
DISA_STIG_RHEL_08_010359: true
DISA_STIG_RHEL_08_010360: true
DISA_STIG_RHEL_08_010370: true
DISA_STIG_RHEL_08_010371: true
DISA_STIG_RHEL_08_010372: true
DISA_STIG_RHEL_08_010373: true
DISA_STIG_RHEL_08_010374: true
DISA_STIG_RHEL_08_010375: true
DISA_STIG_RHEL_08_010376: true
DISA_STIG_RHEL_08_010379: true
DISA_STIG_RHEL_08_010380: true
DISA_STIG_RHEL_08_010381: true
DISA_STIG_RHEL_08_010383: true
DISA_STIG_RHEL_08_010384: true
DISA_STIG_RHEL_08_010385: true
DISA_STIG_RHEL_08_010390: true
DISA_STIG_RHEL_08_010400: true
DISA_STIG_RHEL_08_010410: true
DISA_STIG_RHEL_08_010421: true
DISA_STIG_RHEL_08_010422: true
DISA_STIG_RHEL_08_010423: true
DISA_STIG_RHEL_08_010430: true
DISA_STIG_RHEL_08_010440: true
DISA_STIG_RHEL_08_010450: true
DISA_STIG_RHEL_08_010460: true
DISA_STIG_RHEL_08_010470: true
DISA_STIG_RHEL_08_010471: true
DISA_STIG_RHEL_08_010472: true
DISA_STIG_RHEL_08_010480: true
DISA_STIG_RHEL_08_010490: true
DISA_STIG_RHEL_08_010500: true
DISA_STIG_RHEL_08_010520: true
DISA_STIG_RHEL_08_010521: true
DISA_STIG_RHEL_08_010522: true
DISA_STIG_RHEL_08_010550: true
DISA_STIG_RHEL_08_010561: true
DISA_STIG_RHEL_08_010570: true
DISA_STIG_RHEL_08_010571: true
DISA_STIG_RHEL_08_010572: true
DISA_STIG_RHEL_08_010580: true
DISA_STIG_RHEL_08_010590: true
DISA_STIG_RHEL_08_010600: true
DISA_STIG_RHEL_08_010610: true
DISA_STIG_RHEL_08_010620: true
DISA_STIG_RHEL_08_010630: true
DISA_STIG_RHEL_08_010640: true
DISA_STIG_RHEL_08_010650: true
DISA_STIG_RHEL_08_010670: true
DISA_STIG_RHEL_08_010671: true
DISA_STIG_RHEL_08_010672: true
DISA_STIG_RHEL_08_010673: true
DISA_STIG_RHEL_08_010674: true
DISA_STIG_RHEL_08_010675: true
DISA_STIG_RHEL_08_010700: true
DISA_STIG_RHEL_08_010720: true
DISA_STIG_RHEL_08_010730: true
DISA_STIG_RHEL_08_010731: true
DISA_STIG_RHEL_08_010740: true
DISA_STIG_RHEL_08_010741: true
DISA_STIG_RHEL_08_010750: true
DISA_STIG_RHEL_08_010760: true
DISA_STIG_RHEL_08_010770: true
DISA_STIG_RHEL_08_010820: true
DISA_STIG_RHEL_08_010830: true
DISA_STIG_RHEL_08_020011: true
DISA_STIG_RHEL_08_020012: true
DISA_STIG_RHEL_08_020013: true
DISA_STIG_RHEL_08_020014: true
DISA_STIG_RHEL_08_020015: true
DISA_STIG_RHEL_08_020016: true
DISA_STIG_RHEL_08_020017: true
DISA_STIG_RHEL_08_020018: true
DISA_STIG_RHEL_08_020019: true
DISA_STIG_RHEL_08_020021: true
DISA_STIG_RHEL_08_020023: true
DISA_STIG_RHEL_08_020024: true
DISA_STIG_RHEL_08_020030: true
DISA_STIG_RHEL_08_020031: true
DISA_STIG_RHEL_08_020032: true
DISA_STIG_RHEL_08_020035: true
DISA_STIG_RHEL_08_020039: true
DISA_STIG_RHEL_08_020040: true
DISA_STIG_RHEL_08_020041: true
DISA_STIG_RHEL_08_020050: true
DISA_STIG_RHEL_08_020060: true
DISA_STIG_RHEL_08_020070: true
DISA_STIG_RHEL_08_020080: true
DISA_STIG_RHEL_08_020081: true
DISA_STIG_RHEL_08_020082: true
DISA_STIG_RHEL_08_020100: true
DISA_STIG_RHEL_08_020101: true
DISA_STIG_RHEL_08_020104: true
DISA_STIG_RHEL_08_020110: true
DISA_STIG_RHEL_08_020120: true
DISA_STIG_RHEL_08_020130: true
DISA_STIG_RHEL_08_020140: true
DISA_STIG_RHEL_08_020150: true
DISA_STIG_RHEL_08_020160: true
DISA_STIG_RHEL_08_020170: true
DISA_STIG_RHEL_08_020180: true
DISA_STIG_RHEL_08_020190: true
DISA_STIG_RHEL_08_020200: true
DISA_STIG_RHEL_08_020210: true
DISA_STIG_RHEL_08_020220: true
DISA_STIG_RHEL_08_020221: true
DISA_STIG_RHEL_08_020230: true
DISA_STIG_RHEL_08_020231: true
DISA_STIG_RHEL_08_020250: true
DISA_STIG_RHEL_08_020260: true
DISA_STIG_RHEL_08_020280: true
DISA_STIG_RHEL_08_020290: true
DISA_STIG_RHEL_08_020300: true
DISA_STIG_RHEL_08_020310: true
DISA_STIG_RHEL_08_020330: true
DISA_STIG_RHEL_08_020331: true
DISA_STIG_RHEL_08_020332: true
DISA_STIG_RHEL_08_020340: true
DISA_STIG_RHEL_08_020350: true
DISA_STIG_RHEL_08_020351: true
DISA_STIG_RHEL_08_020352: true
DISA_STIG_RHEL_08_020353: true
DISA_STIG_RHEL_08_030000: true
DISA_STIG_RHEL_08_030020: true
DISA_STIG_RHEL_08_030030: true
DISA_STIG_RHEL_08_030040: true
DISA_STIG_RHEL_08_030060: true
DISA_STIG_RHEL_08_030061: true
DISA_STIG_RHEL_08_030062: true
DISA_STIG_RHEL_08_030063: true
DISA_STIG_RHEL_08_030070: true
DISA_STIG_RHEL_08_030100: true
DISA_STIG_RHEL_08_030110: true
DISA_STIG_RHEL_08_030121: true
DISA_STIG_RHEL_08_030122: true
DISA_STIG_RHEL_08_030130: true
DISA_STIG_RHEL_08_030140: true
DISA_STIG_RHEL_08_030150: true
DISA_STIG_RHEL_08_030160: true
DISA_STIG_RHEL_08_030170: true
DISA_STIG_RHEL_08_030171: true
DISA_STIG_RHEL_08_030172: true
DISA_STIG_RHEL_08_030180: true
DISA_STIG_RHEL_08_030181: true
DISA_STIG_RHEL_08_030190: true
DISA_STIG_RHEL_08_030200: true
DISA_STIG_RHEL_08_030250: true
DISA_STIG_RHEL_08_030260: true
DISA_STIG_RHEL_08_030280: true
DISA_STIG_RHEL_08_030290: true
DISA_STIG_RHEL_08_030300: true
DISA_STIG_RHEL_08_030301: true
DISA_STIG_RHEL_08_030302: true
DISA_STIG_RHEL_08_030310: true
DISA_STIG_RHEL_08_030311: true
DISA_STIG_RHEL_08_030312: true
DISA_STIG_RHEL_08_030313: true
DISA_STIG_RHEL_08_030314: true
DISA_STIG_RHEL_08_030315: true
DISA_STIG_RHEL_08_030316: true
DISA_STIG_RHEL_08_030317: true
DISA_STIG_RHEL_08_030320: true
DISA_STIG_RHEL_08_030330: true
DISA_STIG_RHEL_08_030340: true
DISA_STIG_RHEL_08_030350: true
DISA_STIG_RHEL_08_030360: true
DISA_STIG_RHEL_08_030361: true
DISA_STIG_RHEL_08_030370: true
DISA_STIG_RHEL_08_030390: true
DISA_STIG_RHEL_08_030400: true
DISA_STIG_RHEL_08_030410: true
DISA_STIG_RHEL_08_030420: true
DISA_STIG_RHEL_08_030480: true
DISA_STIG_RHEL_08_030490: true
DISA_STIG_RHEL_08_030550: true
DISA_STIG_RHEL_08_030560: true
DISA_STIG_RHEL_08_030570: true
DISA_STIG_RHEL_08_030580: true
DISA_STIG_RHEL_08_030590: true
DISA_STIG_RHEL_08_030600: true
DISA_STIG_RHEL_08_030601: true
DISA_STIG_RHEL_08_030602: true
DISA_STIG_RHEL_08_030610: true
DISA_STIG_RHEL_08_030620: true
DISA_STIG_RHEL_08_030630: true
DISA_STIG_RHEL_08_030640: true
DISA_STIG_RHEL_08_030650: true
DISA_STIG_RHEL_08_030670: true
DISA_STIG_RHEL_08_030680: true
DISA_STIG_RHEL_08_030690: true
DISA_STIG_RHEL_08_030700: true
DISA_STIG_RHEL_08_030710: true
DISA_STIG_RHEL_08_030720: true
DISA_STIG_RHEL_08_030730: true
DISA_STIG_RHEL_08_030731: true
DISA_STIG_RHEL_08_030740: true
DISA_STIG_RHEL_08_030741: true
DISA_STIG_RHEL_08_030742: true
DISA_STIG_RHEL_08_040000: true
DISA_STIG_RHEL_08_040001: true
DISA_STIG_RHEL_08_040002: true
DISA_STIG_RHEL_08_040004: true
DISA_STIG_RHEL_08_040010: true
DISA_STIG_RHEL_08_040020: true
DISA_STIG_RHEL_08_040021: true
DISA_STIG_RHEL_08_040022: true
DISA_STIG_RHEL_08_040023: true
DISA_STIG_RHEL_08_040024: true
DISA_STIG_RHEL_08_040025: true
DISA_STIG_RHEL_08_040026: true
DISA_STIG_RHEL_08_040070: true
DISA_STIG_RHEL_08_040080: true
DISA_STIG_RHEL_08_040100: true
DISA_STIG_RHEL_08_040101: true
DISA_STIG_RHEL_08_040110: true
DISA_STIG_RHEL_08_040111: true
DISA_STIG_RHEL_08_040120: true
DISA_STIG_RHEL_08_040121: true
DISA_STIG_RHEL_08_040122: true
DISA_STIG_RHEL_08_040123: true
DISA_STIG_RHEL_08_040124: true
DISA_STIG_RHEL_08_040125: true
DISA_STIG_RHEL_08_040126: true
DISA_STIG_RHEL_08_040127: true
DISA_STIG_RHEL_08_040128: true
DISA_STIG_RHEL_08_040129: true
DISA_STIG_RHEL_08_040130: true
DISA_STIG_RHEL_08_040131: true
DISA_STIG_RHEL_08_040132: true
DISA_STIG_RHEL_08_040133: true
DISA_STIG_RHEL_08_040134: true
DISA_STIG_RHEL_08_040135: true
DISA_STIG_RHEL_08_040136: true
DISA_STIG_RHEL_08_040137: true
DISA_STIG_RHEL_08_040139: true
DISA_STIG_RHEL_08_040140: true
DISA_STIG_RHEL_08_040141: true
DISA_STIG_RHEL_08_040150: true
DISA_STIG_RHEL_08_040159: true
DISA_STIG_RHEL_08_040160: true
DISA_STIG_RHEL_08_040161: true
DISA_STIG_RHEL_08_040170: true
DISA_STIG_RHEL_08_040171: true
DISA_STIG_RHEL_08_040172: true
DISA_STIG_RHEL_08_040180: true
DISA_STIG_RHEL_08_040190: true
DISA_STIG_RHEL_08_040200: true
DISA_STIG_RHEL_08_040209: true
DISA_STIG_RHEL_08_040210: true
DISA_STIG_RHEL_08_040220: true
DISA_STIG_RHEL_08_040230: true
DISA_STIG_RHEL_08_040239: true
DISA_STIG_RHEL_08_040240: true
DISA_STIG_RHEL_08_040249: true
DISA_STIG_RHEL_08_040250: true
DISA_STIG_RHEL_08_040259: true
DISA_STIG_RHEL_08_040260: true
DISA_STIG_RHEL_08_040261: true
DISA_STIG_RHEL_08_040262: true
DISA_STIG_RHEL_08_040270: true
DISA_STIG_RHEL_08_040279: true
DISA_STIG_RHEL_08_040280: true
DISA_STIG_RHEL_08_040281: true
DISA_STIG_RHEL_08_040282: true
DISA_STIG_RHEL_08_040283: true
DISA_STIG_RHEL_08_040284: true
DISA_STIG_RHEL_08_040285: true
DISA_STIG_RHEL_08_040286: true
DISA_STIG_RHEL_08_040290: true
DISA_STIG_RHEL_08_040300: true
DISA_STIG_RHEL_08_040310: true
DISA_STIG_RHEL_08_040320: true
DISA_STIG_RHEL_08_040321: true
DISA_STIG_RHEL_08_040330: true
DISA_STIG_RHEL_08_040340: true
DISA_STIG_RHEL_08_040341: true
DISA_STIG_RHEL_08_040350: true
DISA_STIG_RHEL_08_040360: true
DISA_STIG_RHEL_08_040370: true
DISA_STIG_RHEL_08_040380: true
DISA_STIG_RHEL_08_040390: true
account_disable_post_pw_expiration: true
accounts_have_homedir_login_defs: true
accounts_logon_fail_delay: true
accounts_max_concurrent_login_sessions: true
accounts_maximum_age_login_defs: true
accounts_minimum_age_login_defs: true
accounts_no_uid_except_zero: true
accounts_password_minlen_login_defs: true
accounts_password_pam_dcredit: true
accounts_password_pam_dictcheck: true
accounts_password_pam_difok: true
accounts_password_pam_lcredit: true
accounts_password_pam_maxclassrepeat: true
accounts_password_pam_maxrepeat: true
accounts_password_pam_minclass: true
accounts_password_pam_minlen: true
accounts_password_pam_ocredit: true
accounts_password_pam_pwhistory_remember_password_auth: true
accounts_password_pam_pwhistory_remember_system_auth: true
accounts_password_pam_pwquality_password_auth: true
accounts_password_pam_pwquality_system_auth: true
accounts_password_pam_retry: true
accounts_password_pam_ucredit: true
accounts_password_set_max_life_existing: true
accounts_password_set_min_life_existing: true
accounts_passwords_pam_faillock_audit: true
accounts_passwords_pam_faillock_deny: true
accounts_passwords_pam_faillock_deny_root: true
accounts_passwords_pam_faillock_dir: true
accounts_passwords_pam_faillock_interval: true
accounts_passwords_pam_faillock_silent: true
accounts_passwords_pam_faillock_unlock_time: true
accounts_umask_etc_bashrc: true
accounts_umask_etc_csh_cshrc: true
accounts_umask_etc_login_defs: true
accounts_umask_etc_profile: true
accounts_umask_interactive_users: true
accounts_user_interactive_home_directory_defined: true
accounts_user_interactive_home_directory_exists: true
accounts_users_home_files_groupownership: true
accounts_users_home_files_permissions: true
aide_build_database: true
aide_check_audit_tools: true
aide_scan_notification: true
aide_verify_acls: true
aide_verify_ext_attributes: true
audit_rules_dac_modification_chmod: true
audit_rules_dac_modification_chown: true
audit_rules_dac_modification_fchmod: true
audit_rules_dac_modification_fchmodat: true
audit_rules_dac_modification_fchown: true
audit_rules_dac_modification_fchownat: true
audit_rules_dac_modification_fremovexattr: true
audit_rules_dac_modification_fsetxattr: true
audit_rules_dac_modification_lchown: true
audit_rules_dac_modification_lremovexattr: true
audit_rules_dac_modification_lsetxattr: true
audit_rules_dac_modification_removexattr: true
audit_rules_dac_modification_setxattr: true
audit_rules_execution_chacl: true
audit_rules_execution_chcon: true
audit_rules_execution_semanage: true
audit_rules_execution_setfacl: true
audit_rules_execution_setfiles: true
audit_rules_execution_setsebool: true
audit_rules_file_deletion_events_rename: true
audit_rules_file_deletion_events_renameat: true
audit_rules_file_deletion_events_rmdir: true
audit_rules_file_deletion_events_unlink: true
audit_rules_file_deletion_events_unlinkat: true
audit_rules_immutable: true
audit_rules_immutable_login_uids: true
audit_rules_kernel_module_loading_delete: true
audit_rules_kernel_module_loading_finit: true
audit_rules_kernel_module_loading_init: true
audit_rules_login_events_faillock: true
audit_rules_login_events_lastlog: true
audit_rules_media_export: true
audit_rules_privileged_commands_chage: true
audit_rules_privileged_commands_chsh: true
audit_rules_privileged_commands_crontab: true
audit_rules_privileged_commands_gpasswd: true
audit_rules_privileged_commands_kmod: true
audit_rules_privileged_commands_mount: true
audit_rules_privileged_commands_newgrp: true
audit_rules_privileged_commands_pam_timestamp_check: true
audit_rules_privileged_commands_passwd: true
audit_rules_privileged_commands_postdrop: true
audit_rules_privileged_commands_postqueue: true
audit_rules_privileged_commands_ssh_agent: true
audit_rules_privileged_commands_ssh_keysign: true
audit_rules_privileged_commands_su: true
audit_rules_privileged_commands_sudo: true
audit_rules_privileged_commands_umount: true
audit_rules_privileged_commands_unix_chkpwd: true
audit_rules_privileged_commands_unix_update: true
audit_rules_privileged_commands_userhelper: true
audit_rules_privileged_commands_usermod: true
audit_rules_sudoers: true
audit_rules_sudoers_d: true
audit_rules_suid_privilege_function: true
audit_rules_unsuccessful_file_modification_creat: true
audit_rules_unsuccessful_file_modification_ftruncate: true
audit_rules_unsuccessful_file_modification_open: true
audit_rules_unsuccessful_file_modification_open_by_handle_at: true
audit_rules_unsuccessful_file_modification_openat: true
audit_rules_unsuccessful_file_modification_truncate: true
audit_rules_usergroup_modification_group: true
audit_rules_usergroup_modification_gshadow: true
audit_rules_usergroup_modification_opasswd: true
audit_rules_usergroup_modification_passwd: true
audit_rules_usergroup_modification_shadow: true
auditd_data_disk_error_action: true
auditd_data_disk_full_action: true
auditd_data_retention_action_mail_acct: true
auditd_data_retention_space_left_action: true
auditd_data_retention_space_left_percentage: true
auditd_local_events: true
auditd_log_format: true
auditd_name_format: true
auditd_overflow_action: true
banner_etc_issue: true
chronyd_client_only: true
chronyd_no_chronyc_network: true
chronyd_or_ntpd_set_maxpoll: true
clean_components_post_updating: true
configure_bashrc_tmux: true
configure_crypto_policy: true
configure_gnutls_tls_crypto_policy: true
configure_kerberos_crypto_policy: true
configure_libreswan_crypto_policy: true
configure_openssl_crypto_policy: true
configure_ssh_crypto_policy: true
configure_strategy: true
configure_tmux_lock_after_time: true
configure_tmux_lock_command: true
configure_tmux_lock_keybinding: true
coredump_disable_backtraces: true
coredump_disable_storage: true
dconf_gnome_banner_enabled: true
dconf_gnome_disable_ctrlaltdel_reboot: true
dconf_gnome_disable_user_list: true
dconf_gnome_lock_screen_on_smartcard_removal: true
dconf_gnome_login_banner_text: true
dconf_gnome_screensaver_idle_delay: true
dconf_gnome_screensaver_lock_delay: true
dconf_gnome_screensaver_lock_enabled: true
dconf_gnome_screensaver_lock_locked: true
dconf_gnome_screensaver_user_locks: true
dconf_gnome_session_idle_user_locks: true
dir_group_ownership_library_dirs: true
dir_ownership_library_dirs: true
dir_permissions_library_dirs: true
dir_perms_world_writable_root_owned: true
dir_perms_world_writable_sticky_bits: true
directory_group_ownership_var_log_audit: true
directory_ownership_var_log_audit: true
disable_ctrlaltdel_burstaction: true
disable_ctrlaltdel_reboot: true
disable_strategy: true
disable_users_coredumps: true
disallow_bypass_password_sudo: true
display_login_attempts: true
enable_authselect: true
enable_dracut_fips_module: true
enable_fips_mode: true
enable_strategy: true
ensure_gpgcheck_globally_activated: true
ensure_gpgcheck_local_packages: true
ensure_gpgcheck_never_disabled: true
ensure_redhat_gpgkey_installed: true
fapolicy_default_deny: true
file_audit_tools_group_ownership: true
file_audit_tools_ownership: true
file_audit_tools_permissions: true
file_groupowner_var_log: true
file_groupowner_var_log_messages: true
file_groupownership_home_directories: true
file_groupownership_system_commands_dirs: true
file_owner_var_log: true
file_owner_var_log_messages: true
file_ownership_binary_dirs: true
file_ownership_library_dirs: true
file_permission_user_init_files: true
file_permissions_binary_dirs: true
file_permissions_etc_audit_auditd: true
file_permissions_etc_audit_rulesd: true
file_permissions_home_directories: true
file_permissions_library_dirs: true
file_permissions_sshd_private_key: true
file_permissions_sshd_pub_key: true
file_permissions_var_log: true
file_permissions_var_log_audit: true
file_permissions_var_log_messages: true
gnome_gdm_disable_automatic_login: true
grub2_audit_argument: true
grub2_audit_backlog_limit_argument: true
grub2_page_poison_argument: true
grub2_pti_argument: true
grub2_slub_debug_argument: true
grub2_vsyscall_argument: true
harden_sshd_ciphers_openssh_conf_crypto_policy: true
harden_sshd_ciphers_opensshserver_conf_crypto_policy: true
harden_sshd_macs_openssh_conf_crypto_policy: true
harden_sshd_macs_opensshserver_conf_crypto_policy: true
high_disruption: true
high_severity: true
install_smartcard_packages: true
kerberos_disable_no_keytab: true
kernel_module_atm_disabled: true
kernel_module_bluetooth_disabled: true
kernel_module_can_disabled: true
kernel_module_cramfs_disabled: true
kernel_module_sctp_disabled: true
kernel_module_tipc_disabled: true
kernel_module_uvcvideo_disabled: true
logind_session_timeout: true
low_complexity: true
low_disruption: true
low_severity: true
medium_complexity: true
medium_disruption: true
medium_severity: true
mount_option_boot_efi_nosuid: true
mount_option_boot_nosuid: true
mount_option_dev_shm_nodev: true
mount_option_dev_shm_noexec: true
mount_option_dev_shm_nosuid: true
mount_option_home_noexec: true
mount_option_home_nosuid: true
mount_option_nodev_nonroot_local_partitions: true
mount_option_nodev_remote_filesystems: true
mount_option_nodev_removable_partitions: true
mount_option_noexec_remote_filesystems: true
mount_option_noexec_removable_partitions: true
mount_option_nosuid_remote_filesystems: true
mount_option_nosuid_removable_partitions: true
mount_option_tmp_nodev: true
mount_option_tmp_noexec: true
mount_option_tmp_nosuid: true
mount_option_var_log_audit_nodev: true
mount_option_var_log_audit_noexec: true
mount_option_var_log_audit_nosuid: true
mount_option_var_log_nodev: true
mount_option_var_log_noexec: true
mount_option_var_log_nosuid: true
mount_option_var_tmp_nodev: true
mount_option_var_tmp_noexec: true
mount_option_var_tmp_nosuid: true
network_sniffer_disabled: true
no_empty_passwords: true
no_empty_passwords_etc_shadow: true
no_host_based_files: true
no_reboot_needed: true
no_user_host_based_files: true
package_abrt_addon_ccpp_removed: true
package_abrt_addon_kerneloops_removed: true
package_abrt_cli_removed: true
package_abrt_plugin_sosreport_removed: true
package_abrt_removed: true
package_aide_installed: true
package_audit_installed: true
package_fapolicyd_installed: true
package_firewalld_installed: true
package_gssproxy_removed: true
package_iprutils_removed: true
package_krb5_server_removed: true
package_krb5_workstation_removed: true
package_libreport_plugin_logger_removed: true
package_libreport_plugin_rhtsupport_removed: true
package_mailx_installed: true
package_opensc_installed: true
package_openssh_server_installed: true
package_policycoreutils_installed: true
package_postfix_installed: true
package_python3_abrt_addon_removed: true
package_rng_tools_installed: true
package_rsh_server_removed: true
package_rsyslog_gnutls_installed: true
package_rsyslog_installed: true
package_sendmail_removed: true
package_telnet_server_removed: true
package_tftp_server_removed: true
package_tmux_installed: true
package_tuned_removed: true
package_usbguard_installed: true
package_vsftpd_removed: true
patch_strategy: true
postfix_client_configure_mail_alias_postmaster: true
postfix_prevent_unrestricted_relay: true
reboot_required: true
require_emergency_target_auth: true
require_singleuser_auth: true
restrict_strategy: true
root_permissions_syslibrary_files: true
rsyslog_encrypt_offload_actionsendstreamdriverauthmode: true
rsyslog_encrypt_offload_actionsendstreamdrivermode: true
rsyslog_encrypt_offload_defaultnetstreamdriver: true
rsyslog_remote_access_monitoring: true
rsyslog_remote_loghost: true
security_patches_up_to_date: true
selinux_policytype: true
selinux_state: true
service_auditd_enabled: true
service_autofs_disabled: true
service_debug_shell_disabled: true
service_fapolicyd_enabled: true
service_firewalld_enabled: true
service_kdump_disabled: true
service_rngd_enabled: true
service_rsyslog_enabled: true
service_sshd_enabled: true
service_systemd_coredump_disabled: true
service_usbguard_enabled: true
set_password_hashing_algorithm_logindefs: true
set_password_hashing_algorithm_passwordauth: true
set_password_hashing_algorithm_systemauth: true
set_password_hashing_min_rounds_logindefs: true
skip_ansible_lint: true
sshd_disable_empty_passwords: true
sshd_disable_gssapi_auth: true
sshd_disable_kerb_auth: true
sshd_disable_root_login: true
sshd_disable_user_known_hosts: true
sshd_disable_x11_forwarding: true
sshd_do_not_permit_user_env: true
sshd_enable_strictmodes: true
sshd_enable_warning_banner: true
sshd_print_last_log: true
sshd_rekey_limit: true
sshd_set_idle_timeout: true
sshd_set_keepalive: true
sshd_use_strong_rng: true
sshd_x11_use_localhost: true
sssd_certificate_verification: true
sssd_enable_smartcards: true
sssd_offline_cred_expiration: true
sudo_remove_no_authenticate: true
sudo_remove_nopasswd: true
sudo_require_reauthentication: true
sudoers_default_includedir: true
sudoers_validate_passwd: true
sysctl_fs_protected_hardlinks: true
sysctl_fs_protected_symlinks: true
sysctl_kernel_core_pattern: true
sysctl_kernel_dmesg_restrict: true
sysctl_kernel_kexec_load_disabled: true
sysctl_kernel_kptr_restrict: true
sysctl_kernel_perf_event_paranoid: true
sysctl_kernel_randomize_va_space: true
sysctl_kernel_unprivileged_bpf_disabled: true
sysctl_kernel_yama_ptrace_scope: true
sysctl_net_core_bpf_jit_harden: true
sysctl_net_ipv4_conf_all_accept_redirects: true
sysctl_net_ipv4_conf_all_accept_source_route: true
sysctl_net_ipv4_conf_all_forwarding: true
sysctl_net_ipv4_conf_all_rp_filter: true
sysctl_net_ipv4_conf_all_send_redirects: true
sysctl_net_ipv4_conf_default_accept_redirects: true
sysctl_net_ipv4_conf_default_accept_source_route: true
sysctl_net_ipv4_conf_default_send_redirects: true
sysctl_net_ipv4_icmp_echo_ignore_broadcasts: true
sysctl_net_ipv6_conf_all_accept_ra: true
sysctl_net_ipv6_conf_all_accept_redirects: true
sysctl_net_ipv6_conf_all_accept_source_route: true
sysctl_net_ipv6_conf_all_forwarding: true
sysctl_net_ipv6_conf_default_accept_ra: true
sysctl_net_ipv6_conf_default_accept_redirects: true
sysctl_net_ipv6_conf_default_accept_source_route: true
sysctl_user_max_user_namespaces: true
tftpd_uses_secure_mode: true
unknown_strategy: true
usbguard_generate_policy: true
wireless_disable_interfaces: true
xwindows_remove_packages: true
xwindows_runlevel_target: true