|
|
|
1 |
08 Dec 2025 13:50:24 +0000 |
00:00:00.51 |
ansible.builtin.command
|
ansible-hardening : Generate auditd rules
|
...ansible-hardening/handlers/main.yml
:
40
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
08 Dec 2025 13:50:24 +0000 |
00:00:00.37 |
ansible.builtin.service
|
ansible-hardening : Restart ssh
|
...ansible-hardening/handlers/main.yml
:
29
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
08 Dec 2025 13:50:23 +0000 |
00:00:00.12 |
ansible.builtin.include_tasks
|
ansible-hardening : Including contrib tasks
|
...ansible-hardening/tasks/main.yml
:
62
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
08 Dec 2025 13:50:23 +0000 |
00:00:00.23 |
ansible.builtin.file
|
ansible-hardening : Remove the temporary directory
|
...tasks/rhel7stig/main.yml
:
106
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:23 +0000 |
00:00:00.28 |
ansible.builtin.replace
|
ansible-hardening : Manage motd in pam.d
|
...tasks/rhel7stig/sshd.yml
:
152
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
08 Dec 2025 13:50:22 +0000 |
00:00:00.54 |
ansible.builtin.file
|
ansible-hardening : Private host key files must have mode 0600 or less
|
...tasks/rhel7stig/sshd.yml
:
141
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:22 +0000 |
00:00:00.23 |
ansible.builtin.shell
|
ansible-hardening : Determine existing private ssh host keys
|
...tasks/rhel7stig/sshd.yml
:
131
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:21 +0000 |
00:00:00.53 |
ansible.builtin.file
|
ansible-hardening : Public host key files must have mode 0644 or less
|
...tasks/rhel7stig/sshd.yml
:
120
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:21 +0000 |
00:00:00.22 |
ansible.builtin.shell
|
ansible-hardening : Determine existing public ssh host keys
|
...tasks/rhel7stig/sshd.yml
:
110
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:21 +0000 |
00:00:00.36 |
ansible.builtin.service
|
ansible-hardening : Ensure sshd is enabled at boot time
|
...tasks/rhel7stig/sshd.yml
:
99
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:20 +0000 |
00:00:00.25 |
ansible.builtin.blockinfile
|
ansible-hardening : Adjust ssh server configuration based on STIG requirements
|
...tasks/rhel7stig/sshd.yml
:
61
|
...setup-hosts.yml
|
21
|
|
|
|
|
1 |
08 Dec 2025 13:50:17 +0000 |
00:00:02.86 |
ansible.builtin.lineinfile
|
ansible-hardening : Drop options from SSH config that we manage
|
...tasks/rhel7stig/sshd.yml
:
29
|
...setup-hosts.yml
|
21
|
|
|
|
|
1 |
08 Dec 2025 13:50:17 +0000 |
00:00:00.53 |
ansible.builtin.copy
|
ansible-hardening : Copy login warning banner
|
...tasks/rhel7stig/sshd.yml
:
16
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:50:17 +0000 |
00:00:00.11 |
ansible.builtin.debug
|
ansible-hardening : V-72313 - Change SNMP community strings from default.
|
...tasks/rhel7stig/misc.yml
:
433
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:16 +0000 |
00:00:00.23 |
ansible.builtin.command
|
ansible-hardening : Check to see if snmpd config contains public/private
|
...tasks/rhel7stig/misc.yml
:
424
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:16 +0000 |
00:00:00.11 |
ansible.builtin.debug
|
ansible-hardening : V-72305 - TFTP must be configured to operate in secure mode
|
...tasks/rhel7stig/misc.yml
:
413
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:16 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Check TFTP configuration mode
|
...tasks/rhel7stig/misc.yml
:
402
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:16 +0000 |
00:00:00.21 |
ansible.builtin.stat
|
ansible-hardening : Check for TFTP server configuration file
|
...tasks/rhel7stig/misc.yml
:
394
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:16 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : V-72297 - Prevent unrestricted mail relaying
|
...tasks/rhel7stig/misc.yml
:
381
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:15 +0000 |
00:00:00.21 |
ansible.builtin.stat
|
ansible-hardening : Check for postfix configuration file
|
...tasks/rhel7stig/misc.yml
:
374
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:15 +0000 |
00:00:00.11 |
ansible.builtin.debug
|
ansible-hardening : V-72295 - Network interfaces must not be in promiscuous mode.
|
...tasks/rhel7stig/misc.yml
:
362
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:15 +0000 |
00:00:00.22 |
ansible.builtin.shell
|
ansible-hardening : Check for interfaces in promiscuous mode
|
...tasks/rhel7stig/misc.yml
:
353
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:15 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured.
|
...tasks/rhel7stig/misc.yml
:
340
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:14 +0000 |
00:00:00.22 |
command
|
ansible-hardening : Count nameserver entries in /etc/resolv.conf
|
...tasks/rhel7stig/misc.yml
:
330
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:14 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100
|
...tasks/rhel7stig/misc.yml
:
314
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:14 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : Ensure firewalld is running and enabled
|
...tasks/rhel7stig/misc.yml
:
301
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:14 +0000 |
00:00:00.23 |
ansible.builtin.command
|
ansible-hardening : Check firewalld status
|
...tasks/rhel7stig/misc.yml
:
292
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:14 +0000 |
00:00:00.11 |
ansible.builtin.template
|
ansible-hardening : V-72269 - Synchronize system clock (configuration file)
|
...tasks/rhel7stig/misc.yml
:
276
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:13 +0000 |
00:00:00.22 |
ansible.builtin.stat
|
ansible-hardening : Check if chrony configuration file exists
|
...tasks/rhel7stig/misc.yml
:
269
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:13 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : Start and enable chrony
|
...tasks/rhel7stig/misc.yml
:
256
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:13 +0000 |
00:00:00.22 |
ansible.builtin.blockinfile
|
ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions
|
...tasks/rhel7stig/misc.yml
:
240
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:13 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : Ensure ClamAV is running
|
...tasks/rhel7stig/misc.yml
:
228
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:13 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Update ClamAV database
|
...tasks/rhel7stig/misc.yml
:
214
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:12 +0000 |
00:00:00.25 |
ansible.builtin.shell
|
ansible-hardening : Check if ClamAV update process is already running
|
...tasks/rhel7stig/misc.yml
:
205
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:12 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : Allow automatic freshclam updates
|
...tasks/rhel7stig/misc.yml
:
190
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:12 +0000 |
00:00:00.10 |
ansible.builtin.file
|
ansible-hardening : Ensure ClamAV socket directory exists
|
...tasks/rhel7stig/misc.yml
:
174
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:12 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : Set ClamAV server type as socket
|
...tasks/rhel7stig/misc.yml
:
158
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:12 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : Remove 'Example' line from ClamAV configuration files
|
...tasks/rhel7stig/misc.yml
:
140
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:11 +0000 |
00:00:00.21 |
ansible.builtin.stat
|
ansible-hardening : Check if ClamAV is installed
|
...tasks/rhel7stig/misc.yml
:
132
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:11 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server.
|
...tasks/rhel7stig/misc.yml
:
121
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:11 +0000 |
00:00:00.22 |
ansible.builtin.command
|
ansible-hardening : Check if syslog output is being sent to another server
|
...tasks/rhel7stig/misc.yml
:
112
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:11 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : Check for /tmp on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
100
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:11 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : Check for /var/log/audit on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
88
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:10 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : Check for /var on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
76
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:10 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : Check for /home on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
64
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:09 +0000 |
00:00:00.80 |
ansible.builtin.systemd
|
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled
|
...tasks/rhel7stig/misc.yml
:
52
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:09 +0000 |
00:00:00.57 |
ansible.builtin.systemd
|
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled
|
...tasks/rhel7stig/misc.yml
:
41
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:09 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : V-71985 - File system automounter must be disabled unless required.
|
...tasks/rhel7stig/misc.yml
:
25
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:08 +0000 |
00:00:00.22 |
ansible.builtin.command
|
ansible-hardening : Check autofs service
|
...tasks/rhel7stig/misc.yml
:
16
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:08 +0000 |
00:00:00.11 |
ansible.builtin.debug
|
ansible-hardening : V-72039 - All system device files must be correctly labeled to prevent unauthorized modification.
|
...tasks/rhel7stig/lsm.yml
:
124
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:08 +0000 |
00:00:00.22 |
ansible.builtin.command
|
ansible-hardening : Check for unlabeled device files
|
...tasks/rhel7stig/lsm.yml
:
111
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:08 +0000 |
00:00:00.11 |
ansible.builtin.file
|
ansible-hardening : Relabel files on next boot if SELinux mode changed
|
...tasks/rhel7stig/lsm.yml
:
95
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:08 +0000 |
00:00:00.11 |
ansible.posix.selinux
|
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot
|
...tasks/rhel7stig/lsm.yml
:
81
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:07 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : Ensure AppArmor is running
|
...tasks/rhel7stig/lsm.yml
:
62
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:07 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : Ensure AppArmor is enabled at boot time
|
...tasks/rhel7stig/lsm.yml
:
47
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:07 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Check if apparmor is running
|
...tasks/rhel7stig/lsm.yml
:
34
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:07 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Check apparmor_status output
|
...tasks/rhel7stig/lsm.yml
:
16
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
08 Dec 2025 13:50:06 +0000 |
00:00:00.51 |
ansible.builtin.copy
|
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled
|
...tasks/rhel7stig/kernel.yml
:
102
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:06 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : Print a warning if FIPS isn't enabled
|
...tasks/rhel7stig/kernel.yml
:
88
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:06 +0000 |
00:00:00.22 |
ansible.builtin.command
|
ansible-hardening : Check if FIPS is enabled
|
...tasks/rhel7stig/kernel.yml
:
77
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:06 +0000 |
00:00:00.11 |
ansible.builtin.service
|
ansible-hardening : V-72057 - Kernel core dumps must be disabled unless needed.
|
...tasks/rhel7stig/kernel.yml
:
64
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:05 +0000 |
00:00:00.23 |
ansible.builtin.command
|
ansible-hardening : Check kdump service
|
...tasks/rhel7stig/kernel.yml
:
53
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:03 +0000 |
00:00:02.39 |
ansible.posix.sysctl
|
ansible-hardening : Set sysctl configurations
|
...tasks/rhel7stig/kernel.yml
:
29
|
...setup-hosts.yml
|
13
|
|
|
|
|
1 |
08 Dec 2025 13:50:03 +0000 |
00:00:00.22 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71983 - USB mass storage must be disabled.
|
...tasks/rhel7stig/kernel.yml
:
16
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:02 +0000 |
00:00:00.11 |
ansible.builtin.template
|
ansible-hardening : Create a GDM keyfile for machine-wide settings
|
...tasks/rhel7stig/graphical.yml
:
134
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:02 +0000 |
00:00:00.11 |
ansible.builtin.copy
|
ansible-hardening : Create a GDM profile for displaying a login banner
|
...tasks/rhel7stig/graphical.yml
:
120
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:02 +0000 |
00:00:00.11 |
ansible.builtin.template
|
ansible-hardening : Prevent users from changing graphical session locking configurations
|
...tasks/rhel7stig/graphical.yml
:
104
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
08 Dec 2025 13:50:02 +0000 |
00:00:00.12 |
ansible.builtin.template
|
ansible-hardening : Configure graphical session locking
|
...tasks/rhel7stig/graphical.yml
:
88
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
08 Dec 2025 13:50:02 +0000 |
00:00:00.12 |
ansible.builtin.file
|
ansible-hardening : Create dconf directories
|
...tasks/rhel7stig/graphical.yml
:
69
|
...setup-hosts.yml
|
7
|
|
|
|
|
1 |
08 Dec 2025 13:50:02 +0000 |
00:00:00.11 |
ansible.builtin.copy
|
ansible-hardening : Create a user profile in dconf
|
...tasks/rhel7stig/graphical.yml
:
55
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
08 Dec 2025 13:50:01 +0000 |
00:00:00.24 |
ansible.builtin.stat
|
ansible-hardening : Check for dconf profiles
|
...tasks/rhel7stig/graphical.yml
:
48
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:01 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71955 - The operating system must not allow guest logon to the system.
|
...tasks/rhel7stig/graphical.yml
:
35
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:01 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71953 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface
|
...tasks/rhel7stig/graphical.yml
:
22
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:01 +0000 |
00:00:00.22 |
ansible.builtin.stat
|
ansible-hardening : Check if gdm is installed and configured
|
...tasks/rhel7stig/graphical.yml
:
16
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
08 Dec 2025 13:50:01 +0000 |
00:00:00.12 |
ansible.builtin.file
|
ansible-hardening : Set owner/group owner on /etc/cron.allow
|
...tasks/rhel7stig/file_perms.yml
:
144
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:50:00 +0000 |
00:00:00.22 |
ansible.builtin.stat
|
ansible-hardening : Check if /etc/cron.allow exists
|
...tasks/rhel7stig/file_perms.yml
:
137
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:00 +0000 |
00:00:00.11 |
ansible.builtin.debug
|
ansible-hardening : V-72047 - All world-writable directories must be group-owned by root, sys, bin, or an application group.
|
...tasks/rhel7stig/file_perms.yml
:
124
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:50:00 +0000 |
00:00:00.11 |
ansible.builtin.shell
|
ansible-hardening : Find all world-writable directories
|
...tasks/rhel7stig/file_perms.yml
:
113
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:50:00 +0000 |
00:00:00.12 |
ansible.builtin.file
|
ansible-hardening : Set proper owner, group owner, and permissions on home directories
|
...tasks/rhel7stig/file_perms.yml
:
95
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
08 Dec 2025 13:50:00 +0000 |
00:00:00.11 |
ansible.builtin.debug
|
ansible-hardening : V-72009 - All files and directories must have a valid group owner.
|
...tasks/rhel7stig/file_perms.yml
:
81
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:59 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Search for files/directories with an invalid group owner
|
...tasks/rhel7stig/file_perms.yml
:
72
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:49:59 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : V-72007 - All files and directories must have a valid owner.
|
...tasks/rhel7stig/file_perms.yml
:
58
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:59 +0000 |
00:00:00.11 |
ansible.builtin.command
|
ansible-hardening : Search for files/directories with an invalid owner
|
...tasks/rhel7stig/file_perms.yml
:
49
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:49:59 +0000 |
00:00:00.11 |
shell
|
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values
|
...tasks/rhel7stig/file_perms.yml
:
29
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:49:59 +0000 |
00:00:00.11 |
ansible.builtin.shell
|
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership
|
...tasks/rhel7stig/file_perms.yml
:
16
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:59 +0000 |
00:00:00.11 |
ansible.builtin.file
|
ansible-hardening : Remove .shosts or shosts.equiv files
|
...tasks/rhel7stig/auth.yml
:
241
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:49:58 +0000 |
00:00:00.11 |
ansible.builtin.async_status
|
ansible-hardening : Ensure .shosts find has finished
|
...tasks/rhel7stig/auth.yml
:
225
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:49:58 +0000 |
00:00:00.18 |
ansible.builtin.debug
|
ansible-hardening : V-72275 - Display date/time of last logon after logon
|
...tasks/rhel7stig/auth.yml
:
213
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:58 +0000 |
00:00:00.22 |
ansible.builtin.command
|
ansible-hardening : Check for pam_lastlog in PAM configuration
|
...tasks/rhel7stig/auth.yml
:
204
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:49:58 +0000 |
00:00:00.11 |
ansible.builtin.blockinfile
|
ansible-hardening : V-72217 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types
|
...tasks/rhel7stig/auth.yml
:
188
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:58 +0000 |
00:00:00.11 |
ansible.builtin.lineinfile
|
ansible-hardening : Set CLASS for grub file
|
...tasks/rhel7stig/auth.yml
:
170
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
08 Dec 2025 13:49:57 +0000 |
00:00:00.11 |
ansible.builtin.blockinfile
|
ansible-hardening : Define password options for grub
|
...tasks/rhel7stig/auth.yml
:
159
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
08 Dec 2025 13:49:57 +0000 |
00:00:00.24 |
ansible.builtin.stat
|
ansible-hardening : Check if GRUB2 custom file exists
|
...tasks/rhel7stig/auth.yml
:
149
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:49:57 +0000 |
00:00:00.22 |
ansible.builtin.stat
|
ansible-hardening : Check if sssd.conf exists
|
...tasks/rhel7stig/auth.yml
:
139
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
08 Dec 2025 13:49:57 +0000 |
00:00:00.11 |
debug
|
ansible-hardening : V-71949 - Users must re-authenticate for privilege escalation
|
...tasks/rhel7stig/auth.yml
:
124
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:49:56 +0000 |
00:00:00.23 |
ansible.builtin.shell
|
ansible-hardening : Check for '!authenticate' in sudoers files
|
...tasks/rhel7stig/auth.yml
:
115
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:56 +0000 |
00:00:00.12 |
debug
|
ansible-hardening : V-71947 - Users must provide a password for privilege escalation
|
...tasks/rhel7stig/auth.yml
:
100
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:49:56 +0000 |
00:00:00.23 |
ansible.builtin.shell
|
ansible-hardening : Check for 'nopasswd' in sudoers files
|
...tasks/rhel7stig/auth.yml
:
89
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
08 Dec 2025 13:49:56 +0000 |
00:00:00.11 |
ansible.builtin.blockinfile
|
ansible-hardening : Lock accounts after three failed login attempts a 15 minute period
|
...tasks/rhel7stig/auth.yml
:
66
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
08 Dec 2025 13:49:55 +0000 |
00:00:00.75 |
ansible.builtin.lineinfile
|
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat)
|
...tasks/rhel7stig/auth.yml
:
49
|
...setup-hosts.yml
|
4
|
|