rndmh3ro
commented
3 years ago Thanks for this issue, @joubbi. Good to get a thorough examination of this collection. It was developed over several years and there are surely mistakes and errors.
One of the links: "NSA: Guide to the Secure Configuration of Red Hat Enterprise Linux 5" gives a 404.
This should be fixed.
The README for os_hardening doesn't state which Linux distros are supported. The README for the collection states CentOS7/8.
It is stated in the collection-readme and in the meta-file of the role. I don't want to document the supported distros on even more places, because we have to manually update these.
It looks outdated with a guide to RHEL5.
Can you tell me which part exactly is outdated? A general statement like this is unhelpful.
I have not found a link to dev-sec.io from GitHub, but there is a link from dev-sec.io to GitHub.
See here:
I would like the dev-sec.io page and the READMEs to be updated with the current state and goals of the project.
What in the description in the README is not clear to you about the state and goals? https://github.com/dev-sec/ansible-collection-hardening#description
I would like the documentation to state if the project follows CIS benchmark. If it doesn't follow CIS recommendations, then why not? As you found out yourself, it doesn't follow it. Why? Because nobody validated the collection against the CIS recommendations and documented it. See this issue for details: https://github.com/dev-sec/ansible-collection-hardening/issues/76 Basically we can update the linux-baseline to follow CIS rec. or use the cis-baseline
I would like the variables and other lists to be alphabetically sorted in the documentation and configuration files so that they can be easily found.
I see you already created a PR for this. I'll take a look. Personally I just grep for the relevant variables instead of searching for them, but an alphabetical order is appreciated nonetheless.
joubbi
Is your feature request related to a problem? Please describe. I found this project by googling. It's the second google hit after https://github.com/openstack/ansible-hardening. I've used ansible-hardening before. It works and their documentation is great. Unfortunately the project seems to be sleeping.
When I found this project, the first thing I tried to understand is to figure out what it does and if it is still relevant.
I want to harden my systems so that they are at least CIS level 1 compliant. I have figured out that this project doesn't try to follow any one standard for hardening, which is perfectly fine. But...
At the bottom of the os_hardening github page there are links to guides that the project is based on. One of the links: "NSA: Guide to the Secure Configuration of Red Hat Enterprise Linux 5" gives a 404. The README for os_hardening doesn't state which Linux distros are supported. The README for the collection states CentOS7/8. It looks outdated with a guide to RHEL5.
I found the page https://dev-sec.io/project/ by googling. It also links to a RHEL5 guide. I have not found a link to dev-sec.io from GitHub, but there is a link from dev-sec.io to GitHub.
Describe the solution you'd like I would like the dev-sec.io page and the READMEs to be updated with the current state and goals of the project. I would like the documentation to state if the project follows CIS benchmark. If it doesn't follow CIS recommendations, then why not? I would like the variables and other lists to be alphabetically sorted in the documentation and configuration files so that they can be easily found.
Additional context I am happy that this project exists and is free. I have saved a lot of time by using it instead of creating my own hardening from nothing.