simplify OS-vars files

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

roles/mysql_hardening/vars/RedHat_8.yml

@@ -1,9 +0,0 @@
----
-mysql_daemon: mariadb
-mysql_hardening_mysql_conf_file: '/etc/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'mysql'

roles/mysql_hardening/vars/RedHat_9.yml

@@ -1,9 +0,0 @@
----
-mysql_daemon: mariadb
-mysql_hardening_mysql_conf_file: '/etc/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'mysql'

roles/mysql_hardening/vars/Rocky_8.yml

@@ -1,9 +0,0 @@
----
-mysql_daemon: mariadb
-mysql_hardening_mysql_conf_file: '/etc/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'mysql'

roles/mysql_hardening/vars/Rocky_9.yml

@@ -1,9 +0,0 @@
----
-mysql_daemon: mariadb
-mysql_hardening_mysql_conf_file: '/etc/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'mysql'

roles/mysql_hardening/vars/Ubuntu_18.yml

@@ -1,10 +0,0 @@
----
-mysql_daemon: mysql
-
-mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'adm'

roles/mysql_hardening/vars/Ubuntu_20.yml

@@ -1,10 +0,0 @@
----
-mysql_daemon: mysql
-
-mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'adm'

roles/mysql_hardening/vars/Ubuntu_22.yml

@@ -1,10 +0,0 @@
----
-mysql_daemon: mysql
-
-mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
-mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
-
-mysql_cnf_owner: 'root'  # owner of /etc/mysql/*.cnf files
-mysql_cnf_group: 'mysql'  # owner of /etc/mysql/*.cnf files
-
-mysql_hardening_group: 'adm'

roles/os_hardening/vars/RedHat.yml

@@ -33,7 +33,7 @@ os_auth_sub_gid_min: 100000
 os_auth_sub_gid_max: 600100000
 os_auth_sub_gid_count: 65536
 
-os_auth_pam_sssd_enable: false
+os_auth_pam_sssd_enable: true
 
 # defaults for useradd
 os_useradd_mail_dir: /var/spool/mail

roles/os_hardening/vars/RedHat_8.yml

@@ -1,45 +0,0 @@
----
-
-os_packages_pam_ccreds: 'pam_ccreds'
-os_nologin_shell_path: '/sbin/nologin'
-
-# Different distros use different standards for /etc/shadow perms, e.g.
-# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
-# You must provide key/value pairs for owner, group, and mode if overriding.
-os_shadow_perms:
-  owner: root
-  group: root
-  mode: '0000'
-
-os_passwd_perms:
-  owner: root
-  group: root
-  mode: '0644'
-
-os_env_umask: '077'
-
-os_auth_uid_min: 1000
-os_auth_uid_max: 60000
-os_auth_gid_min: 1000
-os_auth_gid_max: 60000
-os_auth_sys_uid_min: 201
-os_auth_sys_uid_max: 999
-os_auth_sys_gid_min: 201
-os_auth_sys_gid_max: 999
-os_auth_sub_uid_min: 100000
-os_auth_sub_uid_max: 600100000
-os_auth_sub_uid_count: 65536
-os_auth_sub_gid_min: 100000
-os_auth_sub_gid_max: 600100000
-os_auth_sub_gid_count: 65536
-
-os_auth_pam_sssd_enable: true
-
-# defaults for useradd
-os_useradd_mail_dir: /var/spool/mail
-os_useradd_create_home: true
-
-modprobe_package: 'module-init-tools'
-auditd_package: 'audit'
-
-hidepid_option: '2'  # allowed values: 0, 1, 2

roles/os_hardening/vars/Rocky_8.yml

@@ -1,45 +0,0 @@
----
-
-os_packages_pam_ccreds: 'pam_ccreds'
-os_nologin_shell_path: '/sbin/nologin'
-
-# Different distros use different standards for /etc/shadow perms, e.g.
-# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
-# You must provide key/value pairs for owner, group, and mode if overriding.
-os_shadow_perms:
-  owner: root
-  group: root
-  mode: '0000'
-
-os_passwd_perms:
-  owner: root
-  group: root
-  mode: '0644'
-
-os_env_umask: '077'
-
-os_auth_uid_min: 1000
-os_auth_uid_max: 60000
-os_auth_gid_min: 1000
-os_auth_gid_max: 60000
-os_auth_sys_uid_min: 201
-os_auth_sys_uid_max: 999
-os_auth_sys_gid_min: 201
-os_auth_sys_gid_max: 999
-os_auth_sub_uid_min: 100000
-os_auth_sub_uid_max: 600100000
-os_auth_sub_uid_count: 65536
-os_auth_sub_gid_min: 100000
-os_auth_sub_gid_max: 600100000
-os_auth_sub_gid_count: 65536
-
-os_auth_pam_sssd_enable: true
-
-# defaults for useradd
-os_useradd_mail_dir: /var/spool/mail
-os_useradd_create_home: true
-
-modprobe_package: 'module-init-tools'
-auditd_package: 'audit'
-
-hidepid_option: '2'  # allowed values: 0, 1, 2

roles/ssh_hardening/vars/CentOS_8.yml

@@ -1,23 +0,0 @@
----
-sshd_path: /usr/sbin/sshd
-ssh_host_keys_dir: '/etc/ssh'
-sshd_service_name: sshd
-ssh_owner: root
-ssh_group: root
-ssh_host_keys_owner: 'root'
-ssh_host_keys_group: 'ssh_keys'
-ssh_selinux_packages:
-  - policycoreutils-python-utils
-  - checkpolicy
-
-# true if SSH support Kerberos
-ssh_kerberos_support: true
-
-# true if SSH has PAM support
-ssh_pam_support: true
-
-sshd_moduli_file: '/etc/ssh/moduli'
-
-# disable CRYPTO_POLICY to take settings from sshd configuration
-# see: https://access.redhat.com/solutions/4410591
-sshd_disable_crypto_policy: true

roles/ssh_hardening/vars/CentOS_9.yml

@@ -1,23 +0,0 @@
----
-sshd_path: /usr/sbin/sshd
-ssh_host_keys_dir: '/etc/ssh'
-sshd_service_name: sshd
-ssh_owner: root
-ssh_group: root
-ssh_host_keys_owner: 'root'
-ssh_host_keys_group: 'ssh_keys'
-ssh_selinux_packages:
-  - policycoreutils-python-utils
-  - checkpolicy
-
-# true if SSH support Kerberos
-ssh_kerberos_support: true
-
-# true if SSH has PAM support
-ssh_pam_support: true
-
-sshd_moduli_file: '/etc/ssh/moduli'
-
-# disable CRYPTO_POLICY to take settings from sshd configuration
-# see: https://access.redhat.com/solutions/4410591
-sshd_disable_crypto_policy: true

roles/ssh_hardening/vars/RedHat.yml

@@ -7,7 +7,7 @@ ssh_group: root
 ssh_host_keys_owner: 'root'
 ssh_host_keys_group: 'ssh_keys'
 ssh_selinux_packages:
-  - policycoreutils-python
+  - policycoreutils-python-utils
   - checkpolicy
 
 # true if SSH support Kerberos

roles/ssh_hardening/vars/RedHat_7.yml

@@ -7,7 +7,7 @@ ssh_group: root
 ssh_host_keys_owner: 'root'
 ssh_host_keys_group: 'ssh_keys'
 ssh_selinux_packages:
-  - python3-policycoreutils
+  - policycoreutils-python
   - checkpolicy
 
 # true if SSH support Kerberos

roles/ssh_hardening/vars/RedHat_9.yml

@@ -1,23 +0,0 @@
----
-sshd_path: /usr/sbin/sshd
-ssh_host_keys_dir: '/etc/ssh'
-sshd_service_name: sshd
-ssh_owner: root
-ssh_group: root
-ssh_host_keys_owner: 'root'
-ssh_host_keys_group: 'ssh_keys'
-ssh_selinux_packages:
-  - python3-policycoreutils
-  - checkpolicy
-
-# true if SSH support Kerberos
-ssh_kerberos_support: true
-
-# true if SSH has PAM support
-ssh_pam_support: true
-
-sshd_moduli_file: '/etc/ssh/moduli'
-
-# disable CRYPTO_POLICY to take settings from sshd configuration
-# see: https://access.redhat.com/solutions/4410591
-sshd_disable_crypto_policy: true