Add IBM AIX 7 CIS-inspired hardening playbook

2026-05-06 09:21:15 +00:00
parent 2fd9c0b5ef
commit 02a51f72f9
18 changed files with 1009 additions and 0 deletions
@@ -0,0 +1,65 @@
+---
+- name: Run AIX platform safety prechecks
+  ansible.builtin.import_tasks: precheck.yml
+  tags:
+    - always
+    - precheck
+
+- name: Harden AIX SSH daemon configuration
+  ansible.builtin.import_tasks: ssh.yml
+  tags:
+    - ssh
+
+- name: Apply AIX user account controls
+  ansible.builtin.import_tasks: users.yml
+  tags:
+    - users
+
+- name: Apply AIX password policy controls
+  ansible.builtin.import_tasks: password_policy.yml
+  when: cis_enable_password_policy | bool
+  tags:
+    - password_policy
+
+- name: Apply AIX network hardening controls
+  ansible.builtin.import_tasks: network.yml
+  when: cis_enable_network_hardening | bool
+  tags:
+    - network
+
+- name: Manage AIX baseline services
+  ansible.builtin.import_tasks: services.yml
+  tags:
+    - services
+
+- name: Review AIX filesystem controls
+  ansible.builtin.import_tasks: filesystem.yml
+  tags:
+    - filesystem
+
+- name: Validate AIX logging controls
+  ansible.builtin.import_tasks: logging.yml
+  tags:
+    - logging
+
+- name: Validate AIX audit controls
+  ansible.builtin.import_tasks: audit.yml
+  tags:
+    - audit
+
+- name: Harden AIX cron and at controls
+  ansible.builtin.import_tasks: cron.yml
+  tags:
+    - cron
+
+- name: Harden sudo configuration
+  ansible.builtin.import_tasks: sudo.yml
+  when: cis_manage_sudo | bool
+  tags:
+    - sudo
+
+- name: Run AIX validation postchecks
+  ansible.builtin.import_tasks: postcheck.yml
+  tags:
+    - always
+    - postcheck