Add RHEL 9 CIS-inspired hardening playbook

2026-05-06 08:45:33 +00:00
parent 1e2db3e125
commit 75a11f7650
20 changed files with 711 additions and 0 deletions
@@ -0,0 +1,24 @@
+---
+- name: Remove legacy network packages
+  ansible.builtin.package:
+    name: "{{ cis_legacy_packages }}"
+    state: absent
+  when: cis_remove_legacy_packages | bool
+
+- name: Install chrony when enabled
+  ansible.builtin.package:
+    name: chrony
+    state: present
+  when: cis_enable_chrony | bool
+
+- name: Install auditd when enabled
+  ansible.builtin.package:
+    name: audit
+    state: present
+  when: cis_install_auditd | bool
+
+- name: Install rsyslog when enabled
+  ansible.builtin.package:
+    name: rsyslog
+    state: present
+  when: cis_enable_rsyslog | bool