Add RHEL 9 CIS-inspired hardening playbook

2026-05-06 08:45:33 +00:00
parent 1e2db3e125
commit 75a11f7650
20 changed files with 711 additions and 0 deletions
@@ -0,0 +1,24 @@
+---
+- name: Ensure rsyslog is installed
+  ansible.builtin.package:
+    name: rsyslog
+    state: present
+  when: cis_enable_rsyslog | bool
+
+- name: Ensure rsyslog is enabled and running
+  ansible.builtin.systemd:
+    name: rsyslog
+    enabled: true
+    state: started
+  when: cis_enable_rsyslog | bool
+
+- name: Validate journald configuration file presence
+  ansible.builtin.stat:
+    path: /etc/systemd/journald.conf
+  register: cis_journald_conf
+
+- name: Report journald configuration status
+  ansible.builtin.debug:
+    msg: >-
+      {{ 'OK: /etc/systemd/journald.conf is present.'
+         if cis_journald_conf.stat.exists else 'WARNING: /etc/systemd/journald.conf was not found.' }}