Merge branch 'main' into devel

Signed-off-by: Mark Bolwell <[email protected]>
ansible-lockdown · May 28, 2024 · e781879 · e781879
2 parents d50170b + 26e9ed2
commit e781879
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -879,6 +879,7 @@ rhel8stig_ntp_server_name: 0.us.pool.ntp.mil
 rhel8stig_fapolicy_white_list:
     - 'deny_audit perm=any pattern=ld_so : all'
     - 'deny perm=any all : all'
+    - 'deny perm=any all : all'
 
 # RHEL-08-040090
 # rhel8stig_custom_firewall_zone is the desired name for the new customer firewall zone
@@ -892,9 +893,12 @@ rhel8stig_existing_zone_to_copy: public
 # RHEL-08-040090
 # This designed not work with rhel8stig_existing_zone_to_copy and when deploy new rules
 # rhel8stig_white_list_services is the services that you want to allow through initially for the new firewall zone
+# This designed not work with rhel8stig_existing_zone_to_copy and when deploy new rules
+# rhel8stig_white_list_services is the services that you want to allow through initially for the new firewall zone
 # http and ssh need to be enabled for the role to run.
 # This can also be a port number if no service exists
 rhel8stig_white_list_services:
+    - ssh
     - ssh
     - http
     - https