Add Debian 13 and Ubuntu 26.04 CIS-inspired hardening playbook

2026-05-06 08:56:45 +00:00
parent 75a11f7650
commit 2fd9c0b5ef
15 changed files with 778 additions and 0 deletions
@@ -0,0 +1,17 @@
+---
+- name: Apply CIS-inspired sysctl settings
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    sysctl_file: "{{ cis_sysctl_config_file }}"
+    state: present
+    reload: true
+  loop: "{{ cis_sysctl_settings | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: not cis_container_detected | default(false) | bool
+
+- name: Report skipped sysctl hardening inside containers
+  ansible.builtin.debug:
+    msg: "WARNING: Sysctl hardening skipped because a containerized environment was detected."
+  when: cis_container_detected | default(false) | bool