keithresar
commented
6 years ago Open keithresar opened 6 years ago
keithresar
commented
6 years ago 
bbaassssiiee
commented
6 years ago The first role in this series is https://github.com/MindPointGroup/RHEL6-STIG
I spent time using this role and created a demo: https://github.com/bbaassssiiee/vagransible The demo is based on the idea that security hardening should be split in a 'PATCH' and an independent audit, back then OSCAP.
My talk about this on YouTube: https://www.youtube.com/watch?v=aJzA-e_3tDA
Most of my focus has been on this STIG role for RHEL6 at first, because my client at the time ran RHEL6. STIGs are published by DISA, a DoD body, at https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx
Later I contributed to https://github.com/MindPointGroup/RHEL7-CIS by auditing the role using CIS-CAT PRO and reporting findings.
Ansible Lockdown is a collection of Ansible roles related to security automation. All roles included in this project must meet the contribution guidelines.
https://github.com/ansible/ansible-lockdown