Skip to content
This repository has been archived by the owner on Apr 26, 2023. It is now read-only.
/ ansible-role-simple-harden Public archive

Quick and basic hardening for a RHEL or CenOS 7 instance

1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CivicActions/ansible-role-simple-harden

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
files
files
 
 
meta
meta
 
 
tasks
tasks
 
 
README.md
README.md
 
 

Repository files navigation

ansible-role-simple-harden

Apply a series of STIG-suggested hardening rules to an instance.

WARNING: This will make modifications to system configuration files

Use or apply only to test systems.

Role to apply some simple hardening configurations

The Security Content Automation Protocol (SCAP) is a U.S. standard maintained by the National Institute of Standards and Technology (NIST). SCAP provides a specification for system for vulnerability detetection and remediation.

SCAP supports the process of FISMA Compliance, and the National Vulnerability Database (NVD) is the U.S. government content repository for SCAP.

This role applies basic configuration updates for Kernel networking and the Audit, SSH and Firewall daemons to satisfy a number of STIG rules that fail out-of-the-box for Red Hat Enterprise and CentOS GNU/Linux version 7 distributions.

Test usage

See the govready ansible role.

To apply these rules to your server

Example simple-harden.yml:

- name: Harden all servers
  hosts: servers
  roles:
    - { role: CivicActions.simple-harden, become: true }

Run command:

ansible-playbook -i inventory simple-harden.yml

About

Quick and basic hardening for a RHEL or CenOS 7 instance

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

7 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •