Add RHEL 9 CIS-inspired hardening playbook

2026-05-06 08:45:33 +00:00
parent 1e2db3e125
commit 75a11f7650
20 changed files with 711 additions and 0 deletions
@@ -0,0 +1,36 @@
+---
+- name: Enable chronyd service
+  ansible.builtin.systemd:
+    name: chronyd
+    enabled: true
+    state: started
+  when: cis_enable_chrony | bool
+
+- name: Enable rsyslog service
+  ansible.builtin.systemd:
+    name: rsyslog
+    enabled: true
+    state: started
+  when: cis_enable_rsyslog | bool
+
+- name: Enable auditd service
+  ansible.builtin.systemd:
+    name: auditd
+    enabled: true
+    state: started
+  when: cis_install_auditd | bool
+
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+- name: Disable unnecessary legacy services when present
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: false
+    state: stopped
+  loop: "{{ cis_legacy_services }}"
+  loop_control:
+    label: "{{ item }}"
+  when:
+    - cis_remove_legacy_packages | bool
+    - item in ansible_facts.services