uk-bolly
commented
11 months ago hi @brisky
Thank you for taking the time to raise this PR. I do have a couple of questions around it . We generally do not change defaults/main.yml. These are defaults for the system and should be overridden by the use of other variables e.g. inventory/group_vars We have also found in many cases that many scanners are very restricted. I can see settings already exist in some cases but the scanner may not be seeing them or an alternative method in the documentation is being used.
Happy to go through in more details and ensure we are aligned, if you are on the discord channel i am easily found.
many thanks
uk-bolly
brisky
Overall Review of Changes: These were fixes done after running CIS-CAT v4.34.0
Issue Fixes: [5.6.5 Ensure default user umask is 027 or more restrictive] [5.2.20 Ensure SSH Idle Timeout Interval is configured] [4.2.2.3/4 journald compress & persistent.] [3.3.7 Ensure Reverse Path Filtering is enabled]
Enhancements: No enhancements.
How has this been tested?: Tested using standalone default RHEL9 installation on virtualbox.
Signed-off-by: Nuno Carvalho briskypt@gmail.com ; nuno.carvalho@siemens.com