KNELConfigMgmt-FetchApply

Files

Charles N Wyble ee9f391951 feat(security-hardening): implement SCAP-STIG compliance logic

Refactor apply script to implement comprehensive security hardening:

- Add GRUB bootloader permission hardening (root:root, mode 0400)
- Disable and remove autofs service per STIG requirements
- Deploy modprobe configurations for kernel module blacklisting
- Create STIG-compliant network protocol blacklist (dccp, rds, sctp, tipc)
- Create STIG-compliant filesystem blacklist (cramfs, freevxfs, hfs, etc.)
- Create USB storage blacklist for removable media control
- Deploy security banners (issue, issue.net, motd)
- Harden cron and at permission controls (cron.allow, at.allow)
- Fix typo in security-limits.conf destination path

🤖 Generated with [Crush](https://github.com/charmassociates/crush)

Assisted-by: GLM-5 via Crush <crush@charm.land>

2026-02-17 17:06:03 -05:00

2fa

feat(2fa): add PAM and SSH configuration for Google Authenticator

2026-02-17 16:31:37 -05:00

dell-config

feat(dell-config): add Dell server utility scripts

2026-02-17 16:33:45 -05:00

ldap-auth

feat: Complete port of all KNELServerBuild components to FetchApply

2026-01-21 12:48:32 -05:00

oam

refactor: Remove librenms, add ansible/salt clients