account_disable_post_pw_expiration
account_password_pam_faillock_password_auth
account_password_pam_faillock_system_auth
account_unique_id
account_unique_name
accounts_maximum_age_login_defs
accounts_no_uid_except_zero
accounts_password_all_shadowed
accounts_password_last_change_is_in_past
accounts_password_pam_dictcheck
accounts_password_pam_difok
accounts_password_pam_enforce_root
accounts_password_pam_maxrepeat
accounts_password_pam_maxsequence
accounts_password_pam_minlen
accounts_password_pam_modules_in_authselect_profile
accounts_password_pam_pwhistory_enforce_for_root
accounts_password_pam_pwhistory_remember_password_auth
accounts_password_pam_pwhistory_remember_system_auth
accounts_password_pam_pwhistory_use_authtok
accounts_password_pam_pwquality_password_auth
accounts_password_pam_pwquality_system_auth
accounts_password_pam_unix_authtok
accounts_password_pam_unix_enabled
accounts_password_pam_unix_no_remember
accounts_password_set_max_life_existing
accounts_password_set_warn_age_existing
accounts_password_warn_age_login_defs
accounts_passwords_pam_faillock_deny
accounts_passwords_pam_faillock_deny_root
accounts_passwords_pam_faillock_unlock_time_with_zero
accounts_root_gid_zero
accounts_root_path_dirs_no_write
accounts_set_post_pw_existing
accounts_tmout
accounts_umask_etc_bashrc
accounts_umask_etc_login_defs
accounts_umask_etc_profile
accounts_umask_root
accounts_user_dot_group_ownership
accounts_user_dot_user_ownership
accounts_user_interactive_home_directory_exists
aide_build_database
aide_check_audit_tools
aide_periodic_cron_checking
audit_rules_continue_loading
audit_rules_dac_modification_chmod
audit_rules_dac_modification_chown
audit_rules_dac_modification_fchmod
audit_rules_dac_modification_fchmodat
audit_rules_dac_modification_fchown
audit_rules_dac_modification_fchownat
audit_rules_dac_modification_fremovexattr
audit_rules_dac_modification_fsetxattr
audit_rules_dac_modification_lchown
audit_rules_dac_modification_lremovexattr
audit_rules_dac_modification_lsetxattr
audit_rules_dac_modification_removexattr
audit_rules_dac_modification_setxattr
audit_rules_execution_chacl
audit_rules_execution_chcon
audit_rules_execution_setfacl
audit_rules_file_deletion_events_rename
audit_rules_file_deletion_events_renameat
audit_rules_file_deletion_events_unlink
audit_rules_file_deletion_events_unlinkat
audit_rules_immutable
audit_rules_kernel_module_loading_create
audit_rules_kernel_module_loading_delete
audit_rules_kernel_module_loading_finit
audit_rules_kernel_module_loading_init
audit_rules_kernel_module_loading_query
audit_rules_login_events_faillock
audit_rules_login_events_lastlog
audit_rules_mac_modification
audit_rules_mac_modification_usr_share
audit_rules_media_export
audit_rules_networkconfig_modification
audit_rules_networkconfig_modification_network_scripts
audit_rules_privileged_commands
audit_rules_privileged_commands_kmod
audit_rules_privileged_commands_usermod
audit_rules_session_events_btmp
audit_rules_session_events_utmp
audit_rules_session_events_wtmp
audit_rules_suid_auid_privilege_function
audit_rules_sysadmin_actions
audit_rules_time_adjtimex
audit_rules_time_clock_settime
audit_rules_time_settimeofday
audit_rules_time_watch_localtime
audit_rules_unsuccessful_file_modification_creat
audit_rules_unsuccessful_file_modification_ftruncate
audit_rules_unsuccessful_file_modification_open
audit_rules_unsuccessful_file_modification_openat
audit_rules_unsuccessful_file_modification_truncate
audit_rules_usergroup_modification_group
audit_rules_usergroup_modification_gshadow
audit_rules_usergroup_modification_nsswitch_conf
audit_rules_usergroup_modification_opasswd
audit_rules_usergroup_modification_pam_conf
audit_rules_usergroup_modification_pamd
audit_rules_usergroup_modification_passwd
audit_rules_usergroup_modification_shadow
audit_sudo_log_events
auditd_data_disk_error_action
auditd_data_disk_full_action
auditd_data_retention_admin_space_left_action
auditd_data_retention_max_log_file
auditd_data_retention_max_log_file_action
auditd_data_retention_space_left_action
banner_etc_issue_cis
banner_etc_issue_net_cis
banner_etc_motd_cis
chronyd_run_as_chrony_user
chronyd_specify_remote_server
cis_banner_text=cis
configure_custom_crypto_policy_cis
configure_ssh_crypto_policy
coredump_disable_backtraces
coredump_disable_storage
dconf_db_up_to_date
dconf_gnome_banner_enabled
dconf_gnome_disable_automount
dconf_gnome_disable_automount_open
dconf_gnome_disable_autorun
dconf_gnome_disable_user_list
dconf_gnome_login_banner_text
dconf_gnome_screensaver_idle_delay
dconf_gnome_screensaver_lock_delay
dconf_gnome_screensaver_user_locks
dconf_gnome_session_idle_user_locks
dir_perms_world_writable_sticky_bits
directory_permissions_var_log_audit
disable_host_auth
disable_users_coredumps
disable_weak_deps
enable_authselect
ensure_gpgcheck_globally_activated
ensure_gpgcheck_never_disabled
ensure_pam_wheel_group_empty
ensure_root_password_configured
file_at_allow_exists
file_at_deny_not_exist
file_cron_allow_exists
file_cron_deny_not_exist
file_group_ownership_var_log_audit
file_groupowner_at_allow
file_groupowner_backup_etc_group
file_groupowner_backup_etc_gshadow
file_groupowner_backup_etc_passwd
file_groupowner_backup_etc_shadow
file_groupowner_cron_allow
file_groupowner_cron_d
file_groupowner_cron_daily
file_groupowner_cron_hourly
file_groupowner_cron_monthly
file_groupowner_cron_weekly
file_groupowner_cron_yearly
file_groupowner_crontab
file_groupowner_efi_grub2_cfg
file_groupowner_efi_user_cfg
file_groupowner_etc_group
file_groupowner_etc_gshadow
file_groupowner_etc_issue
file_groupowner_etc_issue_net
file_groupowner_etc_motd
file_groupowner_etc_passwd
file_groupowner_etc_security_opasswd
file_groupowner_etc_security_opasswd_old
file_groupowner_etc_shadow
file_groupowner_etc_shells
file_groupowner_etc_sysconfig_sshd
file_groupowner_grub2_cfg
file_groupowner_sshd_config
file_groupowner_user_cfg
file_groupownership_audit_binaries
file_groupownership_audit_configuration
file_groupownership_sshd_private_key
file_groupownership_sshd_pub_key
file_owner_at_allow
file_owner_backup_etc_group
file_owner_backup_etc_gshadow
file_owner_backup_etc_passwd
file_owner_backup_etc_shadow
file_owner_cron_allow
file_owner_cron_d
file_owner_cron_daily
file_owner_cron_hourly
file_owner_cron_monthly
file_owner_cron_weekly
file_owner_cron_yearly
file_owner_crontab
file_owner_efi_grub2_cfg
file_owner_efi_user_cfg
file_owner_etc_group
file_owner_etc_gshadow
file_owner_etc_issue
file_owner_etc_issue_net
file_owner_etc_motd
file_owner_etc_passwd
file_owner_etc_security_opasswd
file_owner_etc_security_opasswd_old
file_owner_etc_shadow
file_owner_etc_shells
file_owner_etc_sysconfig_sshd
file_owner_grub2_cfg
file_owner_sshd_config
file_owner_user_cfg
file_ownership_audit_binaries
file_ownership_audit_configuration
file_ownership_home_directories
file_ownership_sshd_private_key
file_ownership_sshd_pub_key
file_ownership_var_log_audit_stig
file_permission_user_bash_history
file_permission_user_init_files
file_permissions_at_allow
file_permissions_audit_binaries
file_permissions_audit_configuration
file_permissions_backup_etc_group
file_permissions_backup_etc_gshadow
file_permissions_backup_etc_passwd
file_permissions_backup_etc_shadow
file_permissions_cron_allow
file_permissions_cron_d
file_permissions_cron_daily
file_permissions_cron_hourly
file_permissions_cron_monthly
file_permissions_cron_weekly
file_permissions_cron_yearly
file_permissions_crontab
file_permissions_efi_grub2_cfg
file_permissions_efi_user_cfg
file_permissions_etc_group
file_permissions_etc_gshadow
file_permissions_etc_issue
file_permissions_etc_issue_net
file_permissions_etc_motd
file_permissions_etc_passwd
file_permissions_etc_security_opasswd
file_permissions_etc_security_opasswd_old
file_permissions_etc_shadow
file_permissions_etc_shells
file_permissions_etc_sysconfig_sshd
file_permissions_grub2_cfg
file_permissions_home_directories
file_permissions_sshd_config
file_permissions_sshd_private_key
file_permissions_sshd_pub_key
file_permissions_unauthorized_world_writable
file_permissions_user_cfg
file_permissions_var_log_audit
firewalld-backend
gid_passwd_group_same
gnome_gdm_disable_xdmcp
group_unique_id
group_unique_name
groups_no_zero_gid_except_root
grub2_audit_argument
grub2_audit_backlog_limit_argument
grub2_enable_selinux
grub2_password
grub2_uefi_password
has_nonlocal_mta
inactivity_timeout_value=15_minutes
journald_compress
journald_disable_forward_to_syslog
journald_storage
kernel_module_atm_disabled
kernel_module_can_disabled
kernel_module_cramfs_disabled
kernel_module_dccp_disabled
kernel_module_firewire-core_disabled
kernel_module_freevxfs_disabled
kernel_module_hfs_disabled
kernel_module_hfsplus_disabled
kernel_module_jffs2_disabled
kernel_module_overlayfs_disabled
kernel_module_rds_disabled
kernel_module_sctp_disabled
kernel_module_squashfs_disabled
kernel_module_tipc_disabled
kernel_module_udf_disabled
kernel_module_usb-storage_disabled
login_banner_text=cis_banners
mount_option_dev_shm_nodev
mount_option_dev_shm_noexec
mount_option_dev_shm_nosuid
mount_option_home_nodev
mount_option_home_nosuid
mount_option_tmp_nodev
mount_option_tmp_noexec
mount_option_tmp_nosuid
mount_option_var_log_audit_nodev
mount_option_var_log_audit_noexec
mount_option_var_log_audit_nosuid
mount_option_var_log_nodev
mount_option_var_log_noexec
mount_option_var_log_nosuid
mount_option_var_nodev
mount_option_var_nosuid
mount_option_var_tmp_nodev
mount_option_var_tmp_noexec
mount_option_var_tmp_nosuid
no_empty_passwords
no_empty_passwords_etc_shadow
no_files_or_dirs_ungroupowned
no_files_or_dirs_unowned_by_user
no_forward_files
no_invalid_shell_accounts_unlocked
no_netrc_files
no_nologin_in_shells
no_password_auth_for_systemaccounts
no_rhost_files
no_shelllogin_for_systemaccounts
package_aide_installed
package_audit-libs_installed
package_audit_installed
package_authselect_installed
package_bind_removed
package_chrony_installed
package_cron_installed
package_cyrus-imapd_removed
package_dhcp_removed
package_dnsmasq_removed
package_dovecot_removed
package_firewalld_installed
package_ftp_removed
package_gdm_removed
package_httpd_removed
package_libselinux_installed
package_mcstrans_removed
package_net-snmp_removed
package_nginx_removed
package_openldap-clients_removed
package_pam_installed
package_pam_pwquality_installed
package_rsync_removed
package_rsyslog_installed
package_samba_removed
package_setroubleshoot_removed
package_squid_removed
package_sudo_installed
package_systemd-journal-remote_installed
package_telnet-server_removed
package_telnet_removed
package_tftp-server_removed
package_tftp_removed
package_vsftpd_removed
package_xinetd_removed
package_xorg-x11-server-Xwayland_removed
package_ypbind_removed
package_ypserv_removed
partition_for_dev_shm
partition_for_home
partition_for_tmp
partition_for_var
partition_for_var_log
partition_for_var_log_audit
partition_for_var_tmp
postfix_network_listening_disabled
root_path_no_dot
rsyslog_filecreatemode
rsyslog_files_groupownership
rsyslog_files_ownership
rsyslog_files_permissions
rsyslog_nolisten
selinux_not_disabled
selinux_policytype
selinux_state
service_auditd_enabled
service_autofs_disabled
service_avahi-daemon_disabled
service_bluetooth_disabled
service_cockpit_disabled
service_crond_enabled
service_cups_disabled
service_firewalld_enabled
service_nfs_disabled
service_rpcbind_disabled
service_rsyslog_enabled
service_systemd-journal-upload_enabled
service_systemd-journald_enabled
set_password_hashing_algorithm_logindefs
set_password_hashing_algorithm_passwordauth
set_password_hashing_algorithm_systemauth
socket_systemd-journal-remote_disabled
sshd_disable_empty_passwords
sshd_disable_forwarding
sshd_disable_gssapi_auth
sshd_disable_rhosts
sshd_disable_root_login
sshd_do_not_permit_user_env
sshd_enable_pam
sshd_enable_warning_banner_net
sshd_idle_timeout_value=5_minutes
sshd_limit_user_access
sshd_max_auth_tries_value=4
sshd_set_idle_timeout
sshd_set_keepalive
sshd_set_login_grace_time
sshd_set_loglevel_verbose
sshd_set_max_auth_tries
sshd_set_max_sessions
sshd_set_maxstartups
sudo_add_use_pty
sudo_custom_logfile
sudo_remove_no_authenticate
sudo_remove_nopasswd
sudo_require_reauthentication
sysctl_fs_protected_hardlinks
sysctl_fs_protected_symlinks
sysctl_fs_suid_dumpable
sysctl_kernel_dmesg_restrict
sysctl_kernel_kptr_restrict
sysctl_kernel_randomize_va_space
sysctl_kernel_yama_ptrace_scope
sysctl_net_ipv4_conf_all_accept_redirects
sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
sysctl_net_ipv4_conf_all_accept_source_route
sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
sysctl_net_ipv4_conf_all_forwarding
sysctl_net_ipv4_conf_all_log_martians
sysctl_net_ipv4_conf_all_log_martians_value=enabled
sysctl_net_ipv4_conf_all_rp_filter
sysctl_net_ipv4_conf_all_rp_filter_value=enabled
sysctl_net_ipv4_conf_all_secure_redirects
sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
sysctl_net_ipv4_conf_all_send_redirects
sysctl_net_ipv4_conf_default_accept_redirects
sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
sysctl_net_ipv4_conf_default_accept_source_route
sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
sysctl_net_ipv4_conf_default_forwarding
sysctl_net_ipv4_conf_default_forwarding_value=disabled
sysctl_net_ipv4_conf_default_log_martians
sysctl_net_ipv4_conf_default_log_martians_value=enabled
sysctl_net_ipv4_conf_default_rp_filter
sysctl_net_ipv4_conf_default_rp_filter_value=enabled
sysctl_net_ipv4_conf_default_secure_redirects
sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
sysctl_net_ipv4_conf_default_send_redirects
sysctl_net_ipv4_icmp_echo_ignore_broadcasts
sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
sysctl_net_ipv4_icmp_ignore_bogus_error_responses
sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
sysctl_net_ipv4_ip_forward
sysctl_net_ipv4_tcp_syncookies
sysctl_net_ipv4_tcp_syncookies_value=enabled
sysctl_net_ipv6_conf_all_accept_ra
sysctl_net_ipv6_conf_all_accept_ra_value=disabled
sysctl_net_ipv6_conf_all_accept_redirects
sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
sysctl_net_ipv6_conf_all_accept_source_route
sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
sysctl_net_ipv6_conf_all_forwarding
sysctl_net_ipv6_conf_all_forwarding_value=disabled
sysctl_net_ipv6_conf_default_accept_ra
sysctl_net_ipv6_conf_default_accept_ra_value=disabled
sysctl_net_ipv6_conf_default_accept_redirects
sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
sysctl_net_ipv6_conf_default_accept_source_route
sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
sysctl_net_ipv6_conf_default_forwarding
sysctl_net_ipv6_conf_default_forwarding_value=disabled
use_pam_wheel_group_for_su
var_account_disable_post_pw_expiration=45
var_accounts_maximum_age_login_defs=365
var_accounts_password_warn_age_login_defs=7
var_accounts_passwords_pam_faillock_deny=5
var_accounts_passwords_pam_faillock_dir=run
var_accounts_passwords_pam_faillock_unlock_time=900
var_accounts_tmout=15_min
var_accounts_user_umask=027
var_audit_backlog_limit=8192
var_auditd_admin_space_left_action=cis_rhel8
var_auditd_disk_error_action=cis_rhel8
var_auditd_disk_full_action=cis_rhel8
var_auditd_max_log_file=8
var_auditd_max_log_file_action=keep_logs
var_auditd_space_left_action=cis_rhel8
var_authselect_profile=sssd
var_multiple_time_servers=rhel
var_pam_wheel_group_for_su=cis
var_password_hashing_algorithm=cis_rhel8
var_password_hashing_algorithm_pam=cis_rhel8
var_password_pam_dictcheck=1
var_password_pam_difok=2
var_password_pam_maxrepeat=3
var_password_pam_maxsequence=3
var_password_pam_minlen=14
var_password_pam_remember=24
var_password_pam_remember_control_flag=requisite_or_required
var_postfix_inet_interfaces=loopback-only
var_screensaver_lock_delay=5_seconds
var_selinux_policy_name=targeted
var_selinux_state=enforcing
var_sshd_max_sessions=10
var_sshd_set_keepalive=1
var_sshd_set_login_grace_time=60
var_sshd_set_maxstartups=10:30:60
var_sudo_timestamp_timeout=15_minutes
var_user_initialization_files_regex=all_dotfiles
wireless_disable_interfaces
xwayland_disabled