Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 21:21:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

move hidepid vars into defaults so theyre overwritable (#285)

Browse source 
fixes #284

Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
This commit is contained in:
Sebastian Gumprich 2020-07-22 21:27:25 +02:00 committed by GitHub
parent 994ea81e64
commit 65a8fa0c6c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml
View file

@ -278,3 +278,6 @@ os_auditd_max_log_file_action: keep_logs
os_selinux_state: enforcing
# Set the SELinux polixy.
os_selinux_policy: targeted
hidepid_option: '2' # allowed values: 0, 1, 2
proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}'

3
vars/main.yml
View file

@ -109,6 +109,3 @@ os_security_suid_sgid_system_whitelist:
# system accounts that do not get their login disabled and pasword changed
os_always_ignore_users: ['root', 'sync', 'shutdown', 'halt']
hidepid_option: '2' # allowed values: 0, 1, 2
proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}'