---
# defaults file for hardening-basic

hardening_sshd_enabled: true
hardening_sshd_authorized_key_file: .ssh/authorized_keys
hardening_sshd_tcp_forward: false
hardening_sshd_legal_banner: false
hardening_sshd_permissions_set_sticky_bit: true

hardening_sysctl_vm_swappiness: 15
hardening_sysctl_disable_ipv6: false

hardening_modprobe_disable_list:
  ipv6: [ipv6]
  network_filesystems: [cifs,nfs,nfsv3,nfsv4,gfs2]
  rare_filesystems: [cramfs,freevxfs,jffs2,hfs,hfsplus,squashfs,udf]
  rare_protocols: [dccp,sctp,rds,tipc,n-hdlc,ax25,netrom,x25,rose,decnet,econet,af_802154,ipx,appletalk,psnap,p8023,p8022,can,atm]
  vivid: [vivid]

hardening_journald_system_max_use: 250M
hardening_journald_system_max_file_size: 50M