dsk-iac/ansible/roles/security-settings/defaults/main.yml

# Password aging settings
os_auth_pw_max_age: 90
os_auth_pw_min_age: 10
os_auth_pw_warn_age: 7
passhistory: 2

# Inactivity and Failed attempts lockout settings
fail_deny: 5
fail_unlock: 0
inactive_lock: 0
shell_timeout: 300

# tally settings
onerr: 'fail'
deny: 5
unlock_time: 300

# Password complexity settings
pwquality_minlen: 9
pwquality_maxrepeat: 3
pwquality_lcredit: -1
pwquality_ucredit: -1
pwquality_dcredit: -1
pwquality_ocredit: -1

# SSH settings
sshrootlogin: 'forced-commands-only'
sshmainport: 22
ssh_service_name: sshd

# Crictl setup
crictl_app: crictl
crictl_version: 1.25.0
crictl_os: linux
crictl_arch: amd64
crictl_dl_url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/{{ crictl_app }}-v{{ crictl_version }}-{{ crictl_os }}-{{ crictl_arch }}.tar.gz
crictl_bin_path: /usr/local/bin
crictl_file_owner: root
crictl_file_group: root

# temp
username: root
password: saasadmin1234!@#$