Continued from https://github.com/anthcourtney/ansible-role-cis-amazon-linux but for Amazon Linux 2
7
stars
2
forks
source link
100% coverage of all Level 1 CIS Benchmark controls. Assumes AWS CW Agent is installed. #2
Closed
pbokeefe1027 closed 2 years ago
Description
This includes 100% coverage of all the Level 1 controls and some enhancements for Level 2 controls. Playbook:
name: Amazon Linux 2 CIS Hardening hosts: all gather_facts: true become: yes vars: cis_enable_chrony: true cis_enable_ntp: false cis_level_1_exclusions:
autofs
cis_sshd_allow_users: ssm-user, ec2-user cis_sshd_allow_groups: ssm-user, ec2-user cis_pass_max_days: 45 cis_umask_default: "027" cis_hosts_allow_all_ips: "your.list.here.eg 10.0.0.0/8 172.16.0.0/12" cis_level_2_exclusions:
environment: http_proxy: http://yourproxy.proxy.org:8080 https_proxy: http://yourproxy.proxy.org:8080 no_proxy: 169.254.169.254,ssm.us-gov-west-1.amazonaws.com,ssm.us-gov-east-1.amazonaws.com, etc if you have vpc endpoints