public-health-ch/ansible/roles/dev-sec.os-hardening/vars/Amazon.yml

---
# system accounts that do not get their login disabled and pasword changed
os_always_ignore_users: ['root', 'sync', 'shutdown', 'halt', 'ec2-user']

sysctl_rhel_config:
  # ExecShield protection against buffer overflows
  kernel.exec-shield: 1
  # Syncookies is used to prevent SYN-flooding attacks.
  net.ipv4.tcp_syncookies: 1
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`---`
			`# system accounts that do not get their login disabled and pasword changed`
Updated Ansible setup 2020-05-15 20:41:39 +00:00			`os_always_ignore_users: ['root', 'sync', 'shutdown', 'halt', 'ec2-user']`
Updated Ansible roles 2018-12-17 12:50:15 +00:00
			`sysctl_rhel_config:`
			`# ExecShield protection against buffer overflows`
			`kernel.exec-shield: 1`
			`# Syncookies is used to prevent SYN-flooding attacks.`
			`net.ipv4.tcp_syncookies: 1`