From 65a8fa0c6c8526c7ec2ea9ea235017b2812dab1a Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Wed, 22 Jul 2020 21:27:25 +0200 Subject: [PATCH] move hidepid vars into defaults so theyre overwritable (#285) fixes #284 Signed-off-by: Sebastian Gumprich --- defaults/main.yml | 3 +++ vars/main.yml | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index e047f499..db879485 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -278,3 +278,6 @@ os_auditd_max_log_file_action: keep_logs os_selinux_state: enforcing # Set the SELinux polixy. os_selinux_policy: targeted + +hidepid_option: '2' # allowed values: 0, 1, 2 +proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}' diff --git a/vars/main.yml b/vars/main.yml index a246c20f..7c8a1164 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -109,6 +109,3 @@ os_security_suid_sgid_system_whitelist: # system accounts that do not get their login disabled and pasword changed os_always_ignore_users: ['root', 'sync', 'shutdown', 'halt'] - -hidepid_option: '2' # allowed values: 0, 1, 2 -proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}'