Update docs for Ansible hardening roles
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
# infra-run/ansible
|
||||
|
||||
This directory reserves the Ansible automation area for future infrastructure-as-code content. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.
|
||||
This directory contains Ansible automation for infrastructure operations and OS hardening. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.
|
||||
|
||||
## Diagram
|
||||
|
||||
@@ -17,13 +17,20 @@ flowchart TD
|
||||
|
||||
## Scope
|
||||
|
||||
- `collections` - vendored or custom Ansible collections.
|
||||
- `inventory` - environment inventory definitions and variables.
|
||||
- `playbooks` - executable playbooks for repeatable operations.
|
||||
- `roles` - reusable automation roles.
|
||||
- `collections` - collection requirements for supported automation targets.
|
||||
- `inventory` - sanitized Linux and AIX inventory examples with shared defaults.
|
||||
- `playbooks` - executable CIS-inspired hardening playbooks.
|
||||
- `roles` - reusable hardening roles for supported operating systems.
|
||||
- `tests` - validation and test harnesses for Ansible content.
|
||||
|
||||
## Hardening Coverage
|
||||
|
||||
- `cis-rhel9-hardening` - RHEL 9 baseline tasks for packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
|
||||
- `cis-debian-ubuntu-hardening` - Debian 13 and Ubuntu 26.04 baseline tasks for apt packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
|
||||
- `cis-aix7-hardening` - IBM AIX 7 baseline tasks for SSH, sudo, audit, logging, cron, users, password policy, network settings, filesystem controls, services, and validation.
|
||||
|
||||
## Notes
|
||||
|
||||
- The directory layout is already prepared for growth even where content is still placeholder-only.
|
||||
- This keeps the repository ready for automation expansion alongside the existing script toolkits.
|
||||
- Roles are CIS-inspired examples intended for portfolio and lab use, not a drop-in compliance certification.
|
||||
- Defaults are sanitized and configurable through inventory or `--extra-vars`.
|
||||
- Run platform-specific playbooks against appropriate test hosts before adapting them to production environments.
|
||||
|
||||
Reference in New Issue
Block a user