|
|
|
1 |
15 Dec 2025 09:54:58 +0000 |
00:00:00.14 |
ansible.builtin.debug
|
ansible-hardening : Check for /var/log/audit on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
88
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:58 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : Check for /var on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
76
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:57 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : Check for /home on mounted filesystem
|
...tasks/rhel7stig/misc.yml
:
64
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:56 +0000 |
00:00:01.59 |
ansible.builtin.systemd
|
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled
|
...tasks/rhel7stig/misc.yml
:
52
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:55 +0000 |
00:00:00.68 |
ansible.builtin.systemd
|
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled
|
...tasks/rhel7stig/misc.yml
:
41
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:55 +0000 |
00:00:00.15 |
ansible.builtin.service
|
ansible-hardening : V-71985 - File system automounter must be disabled unless required.
|
...tasks/rhel7stig/misc.yml
:
25
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:54 +0000 |
00:00:00.42 |
ansible.builtin.command
|
ansible-hardening : Check autofs service
|
...tasks/rhel7stig/misc.yml
:
16
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:54 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : V-72039 - All system device files must be correctly labeled to prevent unauthorized modification.
|
...tasks/rhel7stig/lsm.yml
:
124
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:54 +0000 |
00:00:00.16 |
ansible.builtin.command
|
ansible-hardening : Check for unlabeled device files
|
...tasks/rhel7stig/lsm.yml
:
111
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:54 +0000 |
00:00:00.15 |
ansible.builtin.file
|
ansible-hardening : Relabel files on next boot if SELinux mode changed
|
...tasks/rhel7stig/lsm.yml
:
95
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:53 +0000 |
00:00:00.16 |
ansible.posix.selinux
|
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot
|
...tasks/rhel7stig/lsm.yml
:
81
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:53 +0000 |
00:00:00.71 |
ansible.builtin.service
|
ansible-hardening : Ensure AppArmor is running
|
...tasks/rhel7stig/lsm.yml
:
62
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:52 +0000 |
00:00:00.70 |
ansible.builtin.service
|
ansible-hardening : Ensure AppArmor is enabled at boot time
|
...tasks/rhel7stig/lsm.yml
:
47
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:51 +0000 |
00:00:00.43 |
ansible.builtin.command
|
ansible-hardening : Check if apparmor is running
|
...tasks/rhel7stig/lsm.yml
:
34
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:51 +0000 |
00:00:00.45 |
ansible.builtin.command
|
ansible-hardening : Check apparmor_status output
|
...tasks/rhel7stig/lsm.yml
:
16
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:50 +0000 |
00:00:00.82 |
ansible.builtin.copy
|
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled
|
...tasks/rhel7stig/kernel.yml
:
102
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:50 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : Print a warning if FIPS isn't enabled
|
...tasks/rhel7stig/kernel.yml
:
88
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:49 +0000 |
00:00:00.16 |
ansible.builtin.command
|
ansible-hardening : Check if FIPS is enabled
|
...tasks/rhel7stig/kernel.yml
:
77
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:49 +0000 |
00:00:00.15 |
ansible.builtin.service
|
ansible-hardening : V-72057 - Kernel core dumps must be disabled unless needed.
|
...tasks/rhel7stig/kernel.yml
:
64
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:49 +0000 |
00:00:00.42 |
ansible.builtin.command
|
ansible-hardening : Check kdump service
|
...tasks/rhel7stig/kernel.yml
:
53
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:45 +0000 |
00:00:03.67 |
ansible.posix.sysctl
|
ansible-hardening : Set sysctl configurations
|
...tasks/rhel7stig/kernel.yml
:
29
|
...setup-hosts.yml
|
13
|
|
|
|
|
1 |
15 Dec 2025 09:54:45 +0000 |
00:00:00.43 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71983 - USB mass storage must be disabled.
|
...tasks/rhel7stig/kernel.yml
:
16
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:44 +0000 |
00:00:00.12 |
ansible.builtin.template
|
ansible-hardening : Create a GDM keyfile for machine-wide settings
|
...tasks/rhel7stig/graphical.yml
:
134
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:44 +0000 |
00:00:00.14 |
ansible.builtin.copy
|
ansible-hardening : Create a GDM profile for displaying a login banner
|
...tasks/rhel7stig/graphical.yml
:
120
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:44 +0000 |
00:00:00.15 |
ansible.builtin.template
|
ansible-hardening : Prevent users from changing graphical session locking configurations
|
...tasks/rhel7stig/graphical.yml
:
104
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:44 +0000 |
00:00:00.15 |
ansible.builtin.template
|
ansible-hardening : Configure graphical session locking
|
...tasks/rhel7stig/graphical.yml
:
88
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:44 +0000 |
00:00:00.12 |
ansible.builtin.file
|
ansible-hardening : Create dconf directories
|
...tasks/rhel7stig/graphical.yml
:
69
|
...setup-hosts.yml
|
7
|
|
|
|
|
1 |
15 Dec 2025 09:54:43 +0000 |
00:00:00.15 |
ansible.builtin.copy
|
ansible-hardening : Create a user profile in dconf
|
...tasks/rhel7stig/graphical.yml
:
55
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:43 +0000 |
00:00:00.39 |
ansible.builtin.stat
|
ansible-hardening : Check for dconf profiles
|
...tasks/rhel7stig/graphical.yml
:
48
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:43 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71955 - The operating system must not allow guest logon to the system.
|
...tasks/rhel7stig/graphical.yml
:
35
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:42 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71953 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface
|
...tasks/rhel7stig/graphical.yml
:
22
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:42 +0000 |
00:00:00.40 |
ansible.builtin.stat
|
ansible-hardening : Check if gdm is installed and configured
|
...tasks/rhel7stig/graphical.yml
:
16
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
15 Dec 2025 09:54:42 +0000 |
00:00:00.12 |
ansible.builtin.file
|
ansible-hardening : Set owner/group owner on /etc/cron.allow
|
...tasks/rhel7stig/file_perms.yml
:
144
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:41 +0000 |
00:00:00.41 |
ansible.builtin.stat
|
ansible-hardening : Check if /etc/cron.allow exists
|
...tasks/rhel7stig/file_perms.yml
:
137
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:41 +0000 |
00:00:00.13 |
ansible.builtin.debug
|
ansible-hardening : V-72047 - All world-writable directories must be group-owned by root, sys, bin, or an application group.
|
...tasks/rhel7stig/file_perms.yml
:
124
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:41 +0000 |
00:00:00.16 |
ansible.builtin.shell
|
ansible-hardening : Find all world-writable directories
|
...tasks/rhel7stig/file_perms.yml
:
113
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:41 +0000 |
00:00:00.14 |
ansible.builtin.file
|
ansible-hardening : Set proper owner, group owner, and permissions on home directories
|
...tasks/rhel7stig/file_perms.yml
:
95
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:40 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : V-72009 - All files and directories must have a valid group owner.
|
...tasks/rhel7stig/file_perms.yml
:
81
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:40 +0000 |
00:00:00.15 |
ansible.builtin.command
|
ansible-hardening : Search for files/directories with an invalid group owner
|
...tasks/rhel7stig/file_perms.yml
:
72
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:40 +0000 |
00:00:00.13 |
ansible.builtin.debug
|
ansible-hardening : V-72007 - All files and directories must have a valid owner.
|
...tasks/rhel7stig/file_perms.yml
:
58
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:40 +0000 |
00:00:00.16 |
ansible.builtin.command
|
ansible-hardening : Search for files/directories with an invalid owner
|
...tasks/rhel7stig/file_perms.yml
:
49
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:40 +0000 |
00:00:00.16 |
shell
|
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values
|
...tasks/rhel7stig/file_perms.yml
:
29
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:39 +0000 |
00:00:00.12 |
ansible.builtin.shell
|
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership
|
...tasks/rhel7stig/file_perms.yml
:
16
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:39 +0000 |
00:00:00.12 |
ansible.builtin.file
|
ansible-hardening : Remove .shosts or shosts.equiv files
|
...tasks/rhel7stig/auth.yml
:
241
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:39 +0000 |
00:00:00.12 |
ansible.builtin.async_status
|
ansible-hardening : Ensure .shosts find has finished
|
...tasks/rhel7stig/auth.yml
:
225
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:39 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : V-72275 - Display date/time of last logon after logon
|
...tasks/rhel7stig/auth.yml
:
213
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:38 +0000 |
00:00:00.40 |
ansible.builtin.command
|
ansible-hardening : Check for pam_lastlog in PAM configuration
|
...tasks/rhel7stig/auth.yml
:
204
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:38 +0000 |
00:00:00.15 |
ansible.builtin.blockinfile
|
ansible-hardening : V-72217 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types
|
...tasks/rhel7stig/auth.yml
:
188
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:38 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : Set CLASS for grub file
|
...tasks/rhel7stig/auth.yml
:
170
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:38 +0000 |
00:00:00.16 |
ansible.builtin.blockinfile
|
ansible-hardening : Define password options for grub
|
...tasks/rhel7stig/auth.yml
:
159
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:37 +0000 |
00:00:00.43 |
ansible.builtin.stat
|
ansible-hardening : Check if GRUB2 custom file exists
|
...tasks/rhel7stig/auth.yml
:
149
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:37 +0000 |
00:00:00.40 |
ansible.builtin.stat
|
ansible-hardening : Check if sssd.conf exists
|
...tasks/rhel7stig/auth.yml
:
139
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:37 +0000 |
00:00:00.12 |
debug
|
ansible-hardening : V-71949 - Users must re-authenticate for privilege escalation
|
...tasks/rhel7stig/auth.yml
:
124
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:36 +0000 |
00:00:00.43 |
ansible.builtin.shell
|
ansible-hardening : Check for '!authenticate' in sudoers files
|
...tasks/rhel7stig/auth.yml
:
115
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:36 +0000 |
00:00:00.15 |
debug
|
ansible-hardening : V-71947 - Users must provide a password for privilege escalation
|
...tasks/rhel7stig/auth.yml
:
100
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:35 +0000 |
00:00:00.43 |
ansible.builtin.shell
|
ansible-hardening : Check for 'nopasswd' in sudoers files
|
...tasks/rhel7stig/auth.yml
:
89
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:35 +0000 |
00:00:00.12 |
ansible.builtin.blockinfile
|
ansible-hardening : Lock accounts after three failed login attempts a 15 minute period
|
...tasks/rhel7stig/auth.yml
:
66
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:35 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat)
|
...tasks/rhel7stig/auth.yml
:
49
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:35 +0000 |
00:00:00.41 |
ansible.builtin.lineinfile
|
ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu)
|
...tasks/rhel7stig/auth.yml
:
33
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:34 +0000 |
00:00:00.46 |
ansible.builtin.lineinfile
|
ansible-hardening : Set pam_faildelay configuration on Ubuntu
|
...tasks/rhel7stig/auth.yml
:
18
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:33 +0000 |
00:00:00.72 |
ansible.builtin.service
|
ansible-hardening : Ensure auditd is running and enabled at boot time
|
...tasks/rhel7stig/auditd.yml
:
165
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:33 +0000 |
00:00:00.17 |
ansible.builtin.lineinfile
|
ansible-hardening : Adjust auditd/audispd configurations
|
...tasks/rhel7stig/auditd.yml
:
146
|
...setup-hosts.yml
|
7
|
|
|
|
|
1 |
15 Dec 2025 09:54:32 +0000 |
00:00:00.96 |
ansible.builtin.template
|
ansible-hardening : Deploy rules for auditd based on STIG requirements
|
...tasks/rhel7stig/auditd.yml
:
80
|
...setup-hosts.yml
|
56
|
|
|
|
|
1 |
15 Dec 2025 09:54:31 +0000 |
00:00:00.42 |
ansible.builtin.file
|
ansible-hardening : Remove system default audit.rules file
|
...tasks/rhel7stig/auditd.yml
:
69
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:31 +0000 |
00:00:00.15 |
ansible.builtin.set_fact
|
ansible-hardening : Get valid system architectures for audit rules
|
...tasks/rhel7stig/auditd.yml
:
62
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:31 +0000 |
00:00:00.12 |
ansible.builtin.lineinfile
|
ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited
|
...tasks/rhel7stig/auditd.yml
:
47
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:31 +0000 |
00:00:00.12 |
ansible.builtin.lineinfile
|
ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited
|
...tasks/rhel7stig/auditd.yml
:
32
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:30 +0000 |
00:00:00.39 |
ansible.builtin.stat
|
ansible-hardening : Verify that audisp-remote.conf exists
|
...tasks/rhel7stig/auditd.yml
:
24
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:30 +0000 |
00:00:00.42 |
ansible.builtin.stat
|
ansible-hardening : Verify that auditd.conf exists
|
...tasks/rhel7stig/auditd.yml
:
16
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:30 +0000 |
00:00:00.12 |
ansible.builtin.shell
|
ansible-hardening : Initialize AIDE (this will take a few minutes)
|
...tasks/rhel7stig/aide.yml
:
78
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:29 +0000 |
00:00:00.40 |
ansible.builtin.stat
|
ansible-hardening : Check to see if AIDE database is already in place
|
...tasks/rhel7stig/aide.yml
:
70
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:29 +0000 |
00:00:00.42 |
ansible.builtin.blockinfile
|
ansible-hardening : Configure AIDE to verify additional properties (Ubuntu)
|
...tasks/rhel7stig/aide.yml
:
41
|
...setup-hosts.yml
|
6
|
|
|
|
|
1 |
15 Dec 2025 09:54:28 +0000 |
00:00:00.79 |
ansible.builtin.template
|
ansible-hardening : Exclude certain directories from AIDE
|
...tasks/rhel7stig/aide.yml
:
27
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:27 +0000 |
00:00:00.70 |
ansible.builtin.stat
|
ansible-hardening : Verify that AIDE configuration directory exists
|
...tasks/rhel7stig/aide.yml
:
16
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:27 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : Use pwquality when passwords are changed or created
|
...tasks/rhel7stig/accounts.yml
:
240
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:27 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : Print warning for users with an assigned home directory that does not exist
|
...tasks/rhel7stig/accounts.yml
:
224
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:16 +0000 |
00:00:10.36 |
ansible.builtin.stat
|
ansible-hardening : Check each user to see if its home directory exists on the filesystem
|
...tasks/rhel7stig/accounts.yml
:
212
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:16 +0000 |
00:00:00.13 |
ansible.builtin.debug
|
ansible-hardening : Print warning for local interactive users without a home directory assigned
|
...tasks/rhel7stig/accounts.yml
:
199
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:16 +0000 |
00:00:00.15 |
ansible.builtin.fail
|
ansible-hardening : Print warnings for non-root users with UID 0
|
...tasks/rhel7stig/accounts.yml
:
187
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:15 +0000 |
00:00:00.41 |
shell
|
ansible-hardening : Get all accounts with UID 0
|
...tasks/rhel7stig/accounts.yml
:
176
|
...setup-hosts.yml
|
5
|
|
|
|
|
1 |
15 Dec 2025 09:54:15 +0000 |
00:00:00.13 |
ansible.builtin.debug
|
ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group
|
...tasks/rhel7stig/accounts.yml
:
163
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:14 +0000 |
00:00:00.77 |
ansible.builtin.lineinfile
|
ansible-hardening : Apply shadow-utils configurations
|
...tasks/rhel7stig/accounts.yml
:
143
|
...setup-hosts.yml
|
9
|
|
|
|
|
1 |
15 Dec 2025 09:54:14 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : Ensure accounts are disabled if the password expires
|
...tasks/rhel7stig/accounts.yml
:
131
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:14 +0000 |
00:00:00.13 |
ansible.builtin.lineinfile
|
ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords
|
...tasks/rhel7stig/accounts.yml
:
117
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:14 +0000 |
00:00:00.20 |
ansible.builtin.command
|
ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts
|
...tasks/rhel7stig/accounts.yml
:
103
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:13 +0000 |
00:00:00.21 |
ansible.builtin.command
|
ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts
|
...tasks/rhel7stig/accounts.yml
:
86
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:13 +0000 |
00:00:00.11 |
community.general.ini_file
|
ansible-hardening : Ensure libuser is storing passwords using SHA512
|
...tasks/rhel7stig/accounts.yml
:
67
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:13 +0000 |
00:00:00.13 |
ansible.builtin.debug
|
ansible-hardening : Print warning if PAM is not using SHA512 for password storage
|
...tasks/rhel7stig/accounts.yml
:
55
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:13 +0000 |
00:00:00.40 |
ansible.builtin.command
|
ansible-hardening : Check for SHA512 password storage in PAM
|
...tasks/rhel7stig/accounts.yml
:
47
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:12 +0000 |
00:00:00.56 |
ansible.builtin.blockinfile
|
ansible-hardening : Set password quality requirements
|
...tasks/rhel7stig/accounts.yml
:
24
|
...setup-hosts.yml
|
12
|
|
|
|
|
1 |
15 Dec 2025 09:54:12 +0000 |
00:00:00.42 |
ansible.builtin.stat
|
ansible-hardening : Check if /etc/security/pwquality.conf exists
|
...tasks/rhel7stig/accounts.yml
:
16
|
...setup-hosts.yml
|
2
|
|
|
|
|
1 |
15 Dec 2025 09:54:11 +0000 |
00:00:00.13 |
ansible.builtin.copy
|
ansible-hardening : Enable automatic package updates (apt)
|
...tasks/rhel7stig/apt.yml
:
115
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:11 +0000 |
00:00:00.15 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (dpkg)
|
...tasks/rhel7stig/apt.yml
:
99
|
...setup-hosts.yml
|
4
|
|
|
|
|
1 |
15 Dec 2025 09:54:11 +0000 |
00:00:00.42 |
ansible.builtin.lineinfile
|
ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages
|
...tasks/rhel7stig/apt.yml
:
87
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:10 +0000 |
00:00:00.12 |
ansible.builtin.debug
|
ansible-hardening : V-71977 - Package management tool must verify authenticity of packages
|
...tasks/rhel7stig/apt.yml
:
77
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:10 +0000 |
00:00:00.42 |
ansible.builtin.command
|
ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/
|
...tasks/rhel7stig/apt.yml
:
70
|
...setup-hosts.yml
|
1
|
|
|
|
|
1 |
15 Dec 2025 09:54:10 +0000 |
00:00:00.15 |
ansible.builtin.debug
|
ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (apt)
|
...tasks/rhel7stig/apt.yml
:
53
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:09 +0000 |
00:00:00.15 |
ansible.builtin.set_fact
|
ansible-hardening : V-71855 - Create comma-separated list
|
...tasks/rhel7stig/apt.yml
:
42
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:09 +0000 |
00:00:00.16 |
ansible.builtin.shell
|
ansible-hardening : V-71855 - Get files with invalid checksums (apt)
|
...tasks/rhel7stig/apt.yml
:
30
|
...setup-hosts.yml
|
3
|
|
|
|
|
1 |
15 Dec 2025 09:54:09 +0000 |
00:00:00.16 |
ansible.builtin.shell
|
ansible-hardening : Gather debsums report
|
...tasks/rhel7stig/apt.yml
:
22
|
...setup-hosts.yml
|
1
|
|