enterprise-infra-simulator/roles/hardening/defaults/main.yml

---
# Hardening configuration
cis_level: 1
disable_root_login: true
secure_ssh_config: true
firewall_policy: deny
auditd_enabled: true
selinux_mode: enforcing
apparmor_enabled: true

# SSH Hardening
ssh_max_auth_tries: 3
ssh_client_alive_interval: 300
ssh_client_alive_count_max: 2

# Firewall rules for SSH (trusted networks)
ssh_allowed_networks:
  - 10.0.0.0/8
  - 172.16.0.0/12
  - 192.168.0.0/16

# Services to disable
unnecessary_services:
  - cups
  - avahi-daemon
  - bluetooth
  - nfs-server
  - rpcbind

# Packages to remove
unnecessary_packages:
  - telnet
  - rsh-client
  - talk
  - ntalk
Refactor Ansible playbooks to comply with best practices and fix linting violations 2026-05-03 22:31:04 +00:00			`---`
			`# Hardening configuration`
			`cis_level: 1`
			`disable_root_login: true`
			`secure_ssh_config: true`
			`firewall_policy: deny`
			`auditd_enabled: true`
			`selinux_mode: enforcing`
			`apparmor_enabled: true`

			`# SSH Hardening`
			`ssh_max_auth_tries: 3`
			`ssh_client_alive_interval: 300`
			`ssh_client_alive_count_max: 2`

			`# Firewall rules for SSH (trusted networks)`
			`ssh_allowed_networks:`
			`- 10.0.0.0/8`
			`- 172.16.0.0/12`
			`- 192.168.0.0/16`

			`# Services to disable`
			`unnecessary_services:`
			`- cups`
			`- avahi-daemon`
			`- bluetooth`
			`- nfs-server`
			`- rpcbind`

			`# Packages to remove`
			`unnecessary_packages:`
			`- telnet`
			`- rsh-client`
			`- talk`
			`- ntalk`