-
Notifications
You must be signed in to change notification settings - Fork 8
/
example.inputs.yml
198 lines (158 loc) · 4.42 KB
/
example.inputs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#description: Path for the nginx configuration file
conf_path: '/etc/nginx/nginx.conf'
#description: Path for the nginx log directory
nginx_log_path: '/var/log/nginx'
#description: Path for the nginx access log
access_log_path: '/var/log/nginx/access.log'
#description: Path for the nginx error log
error_log_path: '/var/log/nginx/error.log'
#description: Path for the private key
key_file_path: '/etc/ssl/key.pem'
#description: Latest supported Nginx version
nginx_latest_version: '1.19.1'
#description: Nginx owner
nginx_owner: 'nginx'
#description: The Nginx group
nginx_group: 'nginx'
#description: The system adminstrator
sys_admin : ['root', 'adm', 'ubuntu', 'kitchen']
#description: The system adminstrator group
sys_admin_group: ['root', 'adm', 'ubuntu', 'kitchen']
#description: List of non admin user accounts
authorized_user_list: [
'user'
]
#description: List of authorized ports that are IANA compliant
authorized_ports: [
'80',
'443'
]
#description: List of the access control files
access_control_files: [
'nginx.conf'
]
#description: Charset required
charset_required: 'utf-8'
#description: DoD-approved PKIs (e.g., DoD PKI, DoD ECA, and DoD-approved external partners.
dod_approved_pkis:
['DoD',
'ECA'
]
#description: List of approved and FIPS compliant SSL Ciphers
# NOTE: Some sites show +'s in the cipher names, while others use -'s.
approved_ssl_ciphers: [
'EECDH+ECDSA+AESGCM',
'EECDH+aRSA+AESGCM',
'EECDH+ECDSA+SHA384',
'EECDH+ECDSA+SHA256',
'EECDH+aRSA+SHA384',
'EECDH+aRSA+SHA256',
'EECDH+aRSA+RC4',
'EECDH',
'EDH+aRSA',
'HIGH',
'!RC4',
'!aNULL',
'!eNULL',
'!LOW',
'!3DES',
'!MD5',
'!EXP',
'!PSK',
'!SRP',
'!DSS'
]
#description: List of approved and FIPS compliant TSL protocols.
approved_ssl_protocols: [
'TLSv1.2'
]
#description: List of authorized NGINX modules
nginx_authorized_modules: [
'http_addition',
'http_auth_request',
'http_dav',
'http_flv',
'http_gunzip',
'http_gzip_static',
'http_mp4',
'http_random_index',
'http_realip',
'http_secure_link',
'http_slice',
'http_ssl',
'http_stub_status',
'http_sub',
'http_v2',
'mail_ssl',
'stream_realip',
'stream_ssl',
'stream_ssl_preread'
]
#description: List of unauthorized NGINX modules
nginx_unauthorized_modules: [
'http_proxy'
]
#description: File list of disallowed documentation, sample code, example applications, and tutorials.
nginx_disallowed_file_list: [
'/usr/share/man/man8/nginx.8.gz'
]
#description: File list of allowed documentation, sample code, example applications, and tutorials.
nginx_allowed_file_list:
[
''
]
#description: List of allowed cgi scripts.
nginx_allowed_script_list:
[
''
]
#description: Path for the MIME types file
mime_type_path: '/etc/nginx/mime.types'
#description: List of disallowed MIME types.
nginx_disallowed_mime_type: [
'text/mathml',
'text/vnd.sun.j2me.app-descriptor',
'text/vnd.wap.wml',
'application/java-archive',
'application/mac-binhex40',
'application/postscript',
'application/vnd.wap.wmlc',
'application/vnd.google-earth.kml+xml',
'application/vnd.google-earth.kmz',
'application/x-7z-compressed',
'application/x-cocoa',
'application/x-java-archive-diff',
'application/x-java-jnlp-file',
'application/x-makeself',
'application/x-perl',
'application/x-pilot',
'application/x-redhat-package-manager',
'application/x-sea',
'application/x-shockwave-flash',
'application/x-stuffit',
'application/x-sit',
'application/x-xpinstall',
'application/octet-stream'
]
#description: true/false - NGINX performs session management
performs_session_management: 'true'
#description: true/false - NGINX performs user management
manages_auth: 'false'
#description: true/false - NGINX implements mobile code
implements_mobile_code: 'false'
#description: true/false - NGINX is a proxy server
proxy_server: 'false'
#description: true/false - NGINX is behind a proxy server
behind_proxy_server: 'false'
#description: true/false - NGINX is a high-availability server
high_availability: 'false'
#description: true/false - NGINX is part of a cluster
is_cluster: 'false'
#description: true/false - NGINX is the cluster master
is_cluster_master: 'false'
#description: true/false - NGINX uses Enterprise Tool for enforcing policy on remote sessions
uses_enterprise_tool: 'false'
#description: Minimum size of log file
minimum_log_file_size: '25G'
#description: NGINX uses PKI
uses_pki: 'true'