This ansible content will configure RHEL/Centos 7 machine to be GSA compliant.
This role will make changes to the system that could break things.
For compliance auditing, use a tool such as nessus or CIS-CAT
This code is based on the GSA Red Hat Enterprise Linux Security Benchmark v1.0 and the CIS RedHat Enterprise Linux 7 Benchmark v2.1.1 .
You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.
There are many role variables defined in defaults/main.yml.
Other settings and services are listed. Please review to ensure they meet your organizational requirements.
Note, a subset of controls were removed due to operational impact or organizational dependent variables. Those are listed here *Note: Must have a GSA account to access.
Ansible >= 2.7
---
- name: Harden Server
hosts: all
become: yes
roles:
- ansible-os-rhel-7
ansible-playbook playbook.yml --connection=local
This repository has been updated to optionally utilize Continuous Intergration with CircleCI and tests the ansbile tasks against a privledged CentOS-7 Container. A low number of tasks are incompatiable when ran against a container vs a vm or bare-metal and have ignore_errors turned on.
MIT