Add Debian 13 and Ubuntu 26.04 CIS-inspired hardening playbook

2026-05-06 08:56:45 +00:00
parent 75a11f7650
commit 2fd9c0b5ef
15 changed files with 778 additions and 0 deletions
@@ -0,0 +1,54 @@
+---
+- name: Run platform safety prechecks
+  ansible.builtin.import_tasks: precheck.yml
+  tags:
+    - always
+    - precheck
+
+- name: Manage packages
+  ansible.builtin.import_tasks: packages.yml
+  tags:
+    - packages
+
+- name: Harden SSH daemon configuration
+  ansible.builtin.import_tasks: ssh.yml
+  tags:
+    - ssh
+
+- name: Apply kernel network hardening
+  ansible.builtin.import_tasks: sysctl.yml
+  when: cis_enable_sysctl_hardening | bool
+  tags:
+    - sysctl
+
+- name: Manage baseline services
+  ansible.builtin.import_tasks: services.yml
+  tags:
+    - services
+
+- name: Configure Linux audit controls
+  ansible.builtin.import_tasks: audit.yml
+  when: cis_install_auditd | bool
+  tags:
+    - audit
+
+- name: Configure sudo controls
+  ansible.builtin.import_tasks: sudo.yml
+  tags:
+    - sudo
+
+- name: Configure logging controls
+  ansible.builtin.import_tasks: logging.yml
+  tags:
+    - logging
+
+- name: Review filesystem mount options
+  ansible.builtin.import_tasks: filesystem.yml
+  tags:
+    - filesystem
+
+- name: Run validation postchecks
+  ansible.builtin.import_tasks: postcheck.yml
+  tags:
+    - always
+    - postcheck