resist-vpn-infra/roles/system_hardening/defaults/main_cis.yml

---
# CIS-Specific Variables for System Hardening

# AppArmor (CIS 1.3.x)
apparmor_enabled: true
apparmor_enforce_all: true

# Auditd (CIS 4.1.x)
auditd_enabled: true
auditd_max_log_file: 8  # MB

# Network (CIS 3.x)
disable_ipv6: true  # Set to false if IPv6 is needed

# Core dumps (CIS 1.5.1)
disable_core_dumps: true

# Uncommon protocols (CIS 3.3.x)
disable_uncommon_protocols: true