dsk-iac/ansible/roles/security-settings/defaults/main.yml

# Password aging settings
os_auth_pw_max_age: 90
os_auth_pw_min_age: 10
os_auth_pw_warn_age: 7
passhistory: 2

# Inactivity and Failed attempts lockout settings
fail_deny: 5
fail_unlock: 0
inactive_lock: 0
shell_timeout: 300

# tally settings
onerr: 'fail'
deny: 5
unlock_time: 300

# Password complexity settings
pwquality_minlen: 9
pwquality_maxrepeat: 3
pwquality_lcredit: -1
pwquality_ucredit: -1
pwquality_dcredit: -1
pwquality_ocredit: -1

# SSH settings
sshrootlogin: 'no'
sshmainport: 22
ssh_service_name: sshd