mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-09-20 21:21:54 +00:00
move hidepid vars into defaults so theyre overwritable (#285)
fixes #284 Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
This commit is contained in:
parent
994ea81e64
commit
65a8fa0c6c
2 changed files with 3 additions and 3 deletions
|
@ -278,3 +278,6 @@ os_auditd_max_log_file_action: keep_logs
|
|||
os_selinux_state: enforcing
|
||||
# Set the SELinux polixy.
|
||||
os_selinux_policy: targeted
|
||||
|
||||
hidepid_option: '2' # allowed values: 0, 1, 2
|
||||
proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}'
|
||||
|
|
|
@ -109,6 +109,3 @@ os_security_suid_sgid_system_whitelist:
|
|||
|
||||
# system accounts that do not get their login disabled and pasword changed
|
||||
os_always_ignore_users: ['root', 'sync', 'shutdown', 'halt']
|
||||
|
||||
hidepid_option: '2' # allowed values: 0, 1, 2
|
||||
proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}'
|
||||
|
|
Loading…
Reference in a new issue