configure ipa for compliance on stig id: RHEL-07-040640, RHEL-07-040650, RHEL-07-040660

apps/public/ipa/configure-stig.sls

@@ -54,6 +54,11 @@ ftp:
     - source: salt://apps/public/ipa/stig/tmout.sh
     - source_hash: salt://apps/public/ipa/stig/hash
 
+/etc/sysctl.d/10-sysctl.conf:
+  file.managed:
+    - source: salt://apps/public/ipa/stig/10-sysctl.conf
+    - source_hash: salt://apps/public/ipa/stig/hash
+
 /etc/rsyslog.d/alerts.sh:
   file.manged:
     - source: salt://apps/public/ipa/stig/alerts.sh
@@ -71,6 +76,11 @@ run_alerts:
     - source_hash: salt://apps/public/ipa/stig/hash
     - onchanges:
       - /var/log/alerts.log
+      
+sysctl --system:
+  cmd.run:
+    - onchanges:
+      - file: /etc/sysctl.d/10-sysctl.conf
 
 systemctl restart sshd.service:
   cmd.run:

apps/public/ipa/stig/10-sysctl.conf

+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.conf.all.send_redirects = 0

apps/public/ipa/stig/hash

+8d07b7524029c08b0427aca69dd8bdadec6fbab78282f7dc17a0ac4443eb52bd94831b54506e513a0fa9a7e45e95fc6c405cb2f35fd4bc34cd2f08eb26e96298  10-sysctl.conf
 699c5d919fd49ebf2bbe62a74ee89f53628008c455998e891e9fa97a197c3e29c2f8ec8f77b627d5f481403f01d24bf3904ac3fed7c1da0efca988bbe873181d  alerts.sh
 94b1734e193e96aab574b54b6590a5cbcccc9ec2ba6d7a46bbff18528ac2096a41b67e6b79e66ff47592907777e595efeac31e60e334e4d5fdd49a0defb81755  audit.rules
 ab0fe84a8a4e906d731a9a79cd92c4c7c21de2f3a1d80af66c1d24511f14cac73a0005e1b6d63a2b3c838b52fd91219c3efbf5a2da0b385203b02ef615e53902  limits.conf