kubeasz/roles/os-harden/vars/Amazon.yml

10 lines
333 B
YAML
Raw Normal View History

---
# system accounts that do not get their login disabled and pasword changed
2021-01-19 23:35:31 +08:00
os_always_ignore_users: ['root', 'sync', 'shutdown', 'halt', 'ec2-user']
sysctl_rhel_config:
# ExecShield protection against buffer overflows
kernel.exec-shield: 1
# Syncookies is used to prevent SYN-flooding attacks.
net.ipv4.tcp_syncookies: 1