Apply a series of STIG-suggested hardening rules to an instance.
Use or apply only to test systems.
The Security Content Automation Protocol (SCAP) is a U.S. standard maintained by the National Institute of Standards and Technology (NIST). SCAP provides a specification for system for vulnerability detetection and remediation.
SCAP supports the process of FISMA Compliance, and the National Vulnerability Database (NVD) is the U.S. government content repository for SCAP.
This role applies basic configuration updates for Kernel networking and the Audit, SSH and Firewall daemons to satisfy a number of STIG rules that fail out-of-the-box for Red Hat Enterprise and CentOS GNU/Linux version 7 distributions.
See the govready ansible role.
Example simple-harden.yml:
- name: Harden all servers
hosts: servers
roles:
- { role: CivicActions.simple-harden, become: true }
Run command:
ansible-playbook -i inventory simple-harden.yml