-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
58 lines (53 loc) · 1.52 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
### CONFIGURATION FLAGS
prep_conf: true
enterprise_edition: true
fips_mode: true
mongostig_cat1: true
mongostig_cat2: true
# Enable 'encryption_at_rest' if any data is PII, classified or is deemed by the organization the need to be encrypted at rest.
encryption_at_rest: false
kmip_enabled: false
### CONNECTION VARIABLES
mongo_owner: root
mongo_group: root
mongo_dba: root
mongo_dba_password: root
mongo_host: localhost
mongo_port: 27017
mongo_auth_source: admin
max_incoming_connections: 800000
authentication_mechanism:
- SCRAM-SHA-256
### ROLES AND USERS
mongo_admin_roles:
- "root"
mongo_super_users:
- "admin.root"
mongo_users:
- "test.myTester"
- "products.myRoleTestUser"
inappropriate_mongo_privileges:
- "changeStream"
- "createCollection"
### FILE PATHS
mongo_permissions: 0600
mongod_config_path: /etc/mongod.conf
# Set 'audit_log_destination' to either "file" or "syslog"
audit_log_destination: file
mongo_audit_directory_path: /var/log/mongodb/audit/
mongo_audit_file_path: /var/log/mongodb/audit/auditLog.bson
certificate_key_file_dest: /etc/ssl/mongodb.pem
certificate_key_file_src: ../../certificates/mongodb.pem
ca_file_dest: /etc/ssl/CA_bundle.pem
ca_file_src: ../../certificates/dod_CAs.pem
data_file_directory_path: /data/db/
### ENCRYPTION SETTINGS
encryption_cipher_mode: AES256-GCM
KMIP_server_host_name:
KMIP_server_port:
KMIP_server_ca_file:
KMIP_client_certificate_file:
security_encryption_key_file:
### AUDIT SETTINGS
mongo_filter: "'{ atype: { $in: [ \"createCollection\", \"dropCollection\" ] } }'"