infra-run/ansible/README.md

# infra-run/ansible

This directory contains Ansible automation for infrastructure operations and OS hardening. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.

## Diagram

```mermaid
flowchart TD
  A["ansible"] --> B["collections"]
  A --> C["inventory"]
  A --> D["playbooks"]
  A --> E["roles"]
  A --> F["tests"]
  C --> C1["group_vars"]
  C --> C2["host_vars"]
```

## Scope

- `collections` - collection requirements for supported automation targets.
- `inventory` - sanitized Linux and AIX inventory examples with shared defaults.
- `playbooks` - executable selected baseline hardening playbooks.
- `roles` - reusable hardening roles for supported operating systems.
- `tests` - validation and test harnesses for Ansible content.

## Hardening Coverage

- `cis-rhel9-hardening` - RHEL 9 baseline tasks for packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
- `cis-debian-ubuntu-hardening` - Debian 13 and Ubuntu 26.04 baseline tasks for apt packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
- `cis-aix7-hardening` - IBM AIX 7 baseline tasks for SSH, sudo, audit, logging, cron, users, password policy, network settings, filesystem controls, services, and validation.

## Notes

- Roles are selected baseline examples intended for portfolio and lab use, not a drop-in compliance certification.
- Defaults are sanitized and configurable through inventory or `--extra-vars`.
- Run platform-specific playbooks against appropriate test hosts before adapting them to managed environments.
- Prefer `--check --diff` for review runs before applying changes.
- Validate from the repository root with `./scripts/check-ansible.sh`.
Add README files and diagrams across repository 2026-05-06 06:36:53 +00:00			`# infra-run/ansible`

Update docs for Ansible hardening roles 2026-05-06 09:25:43 +00:00			`This directory contains Ansible automation for infrastructure operations and OS hardening. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.`
Add README files and diagrams across repository 2026-05-06 06:36:53 +00:00
			`## Diagram`

			```mermaid
			`flowchart TD`
			`A["ansible"] --> B["collections"]`
			`A --> C["inventory"]`
			`A --> D["playbooks"]`
			`A --> E["roles"]`
			`A --> F["tests"]`
			`C --> C1["group_vars"]`
			`C --> C2["host_vars"]`
			```

			`## Scope`

Update docs for Ansible hardening roles 2026-05-06 09:25:43 +00:00			- `collections` - collection requirements for supported automation targets.
			- `inventory` - sanitized Linux and AIX inventory examples with shared defaults.
Improve infra-run portfolio credibility 2026-05-08 21:18:22 +00:00			- `playbooks` - executable selected baseline hardening playbooks.
Update docs for Ansible hardening roles 2026-05-06 09:25:43 +00:00			- `roles` - reusable hardening roles for supported operating systems.
Add README files and diagrams across repository 2026-05-06 06:36:53 +00:00			- `tests` - validation and test harnesses for Ansible content.

Update docs for Ansible hardening roles 2026-05-06 09:25:43 +00:00			`## Hardening Coverage`

			- `cis-rhel9-hardening` - RHEL 9 baseline tasks for packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
			- `cis-debian-ubuntu-hardening` - Debian 13 and Ubuntu 26.04 baseline tasks for apt packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
			- `cis-aix7-hardening` - IBM AIX 7 baseline tasks for SSH, sudo, audit, logging, cron, users, password policy, network settings, filesystem controls, services, and validation.

Add README files and diagrams across repository 2026-05-06 06:36:53 +00:00			`## Notes`

Improve infra-run portfolio credibility 2026-05-08 21:18:22 +00:00			`- Roles are selected baseline examples intended for portfolio and lab use, not a drop-in compliance certification.`
Update docs for Ansible hardening roles 2026-05-06 09:25:43 +00:00			- Defaults are sanitized and configurable through inventory or `--extra-vars`.
Improve infra-run portfolio credibility 2026-05-08 21:18:22 +00:00			`- Run platform-specific playbooks against appropriate test hosts before adapting them to managed environments.`
Add Codex repository guidance and validation 2026-05-10 11:11:03 +00:00			- Prefer `--check --diff` for review runs before applying changes.
			- Validate from the repository root with `./scripts/check-ansible.sh`.