RHEL6-STIG
RHEL6-STIG copied to clipboard
ansible-lockdown
Ansible role for Red Hat 6 DISA STIG
Please merge latest file updates and work towards standard alignment. Updated: LICENSE .gitignore updated: CONTRIBUTING.rst
V1R24
**NEW** - [ ] RHEL-06-000534 V-97229 `fips=1` in the kernel cmdline - [ ] RHEL-06-000244 V-97231 FIPS compliant MACs in sshd_config **UPDATED** - [x] RHEL-06-000078 thru RHEL-06-000099 `sysctl --system` to...
- [ ] REMOVED V-38439 The system must provide automated support for account management functions. - [ ] Audit Rules: require both b32 and b64 everywhere - [ ] V-38679...
- [ ] V-92257- Added a requirement that requires system and application account passwords to be changed at least annually. - [ ] V-38682- Updated both "grep" commands in the...
There is no Vagrantfile in the tests directory although the existence of one is implied. From the tests/README.md ... _"The included Vagrantfile has box definitions for a CentOS 6 and...
yum tasks with 'state: absent' should be gated behind a distruption-high option similar to that in RHEL7-STIG role. The exception should be CAT 1 items that don't have an 'unless...
- [ ] V-81443 – Added Requirement to require the installation and use of antivirus leaving other configurations to the AV product STIGs. (CAT II) - [x] V-81445 - Added...
Should move tagging and task naming to use the STIG ID form to be consistent with the RHEL7 role.
There is an "AUDIT" task that is useless, and there is no associated PATCH task. Something similar was implemented for V-57569: https://github.com/MindPointGroup/RHEL6-STIG/blob/76bbbbd7f1384295d9283a0a530a6915e6e7f328/tasks/cat2.yml#L2169-L2185
The STIG says to set these values: ``` xferlog_enable=YES xferlog_std_format=NO log_ftp_protocol=YES ``` We only set the first one.