This repository has been archived by the owner on Jan 19, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
packer.yml
54 lines (51 loc) · 2.11 KB
/
packer.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
---
# This playbook is run from packer during kickstart (phase 1)
- hosts: 127.0.0.1
gather_facts: True
user: vagrant
become: yes
vars:
# FOR THE RHEL_STIG security compliance
rhel6stig_cat1: true
rhel6stig_cat2: true
rhel6stig_cat3: true
rhel6stig_fullauto: true
rhel6stig_use_dhcp: false
# https://iase.disa.mil/stigs/Documents/U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark.zip
stig_benchmark: 'U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark.zip'
rhel6stig_auditd_config:
# V-38464 - compliant options SYSLOG|EXEC|SINGLE|HALT
disk_error_action: SYSLOG
# V-38468 - compliant options SYSLOG|EXEC|SINGLE|HALT
disk_full_action: SYSLOG
# V-38470 - compliant options EMAIL|SYSLOG
space_left_action: EMAIL
# V-38633 - compliant options 6 or higher (MB)
max_log_file: 10
# V-38634 - compliant options ROTATE
max_log_file_action: ROTATE
# V-38636 - compliant options 5 or higher
num_logs: 5
# V-38678 - must be set to locally defined value - default 75 MB
space_left: 75
# V-38680 - compliant options - admin account to email
action_mail_acct: root
# V-54381 - compliant options SINGLE|SUSPEND|HALT|EXEC|SYSLOG
# Guidance says that anything but SINGLE results in finding
# then says SUSPEND or HALT are acceptable and that
# system where availability need is high will need to set this to
# something else entirely.
# NOTE: SINGLE user mode setting will break cloud systems.
admin_space_left: 0
admin_space_left_action: SINGLE
#
# 2 Tells your system to perform an immediate shutdown without
# flushing any pending data to disk when the limits of your
# audit system are exceeded. Because this shutdown is not a clean shutdown.
# restrict the use of -f 2 to only the most security conscious environments
# 1 System continues to run, issues a warning and audit stops.
# Use this for any other setup to avoid loss of data or data corruption.
auditd_failure_flag: 1
roles:
- bbaassssiiee.commoncentos
- RHEL6-STIG