From c37782e805c0a01b1183f64be1325041894bf9c6 Mon Sep 17 00:00:00 2001
From: Dan Guido <dan@trailofbits.com>
Date: Tue, 2 Aug 2016 20:18:10 -0400
Subject: [PATCH] prompts

---
 security.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/security.yml b/security.yml
index c5df6d7..63b3c24 100644
--- a/security.yml
+++ b/security.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Security fixes
+- name: Security enhancements
   hosts: vpn-host
   become: true
   vars_files:
@@ -34,7 +34,7 @@
    
   # auditd
   
-  - name: Collect Use of Privileged Commands
+  - name: Collect Use of privileged commands
     shell: > 
       /usr/bin/find {/usr/local/sbin,/usr/local/bin,/sbin,/bin,/usr/sbin,/usr/bin} -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print "-a always,exit -F path=" $1 " -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged" }'
     args:
@@ -71,10 +71,10 @@
   
   # Core dumps
    
-  - name: Restrict Core Dumps - using pam limits
+  - name: Restrict core dumps (with PAM)
     lineinfile: dest=/etc/security/limits.conf line="* hard core 0" state=present
 
-  - name: Restrict Core Dumps - using sysctl
+  - name: Restrict core dumps (with sysctl)
     sysctl: name=fs.suid_dumpable value=0 ignoreerrors=yes sysctl_set=yes reload=yes state=present
   
   # Kernel fixes