mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs for Ansible hardening roles

Browse Source
This commit is contained in:
Mateusz Suski
2026-05-06 09:25:43 +00:00
parent 02a51f72f9
commit deb12a0b4f
7 changed files with 76 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra-run/ansible/README.md
+14 -7
View File
@@ -1,6 +1,6 @@
# infra-run/ansible
This directory reserves the Ansible automation area for future infrastructure-as-code content. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.
This directory contains Ansible automation for infrastructure operations and OS hardening. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.
## Diagram
@@ -17,13 +17,20 @@ flowchart TD
## Scope
- `collections` - vendored or custom Ansible collections.
- `inventory` - environment inventory definitions and variables.
- `playbooks` - executable playbooks for repeatable operations.
- `roles` - reusable automation roles.
- `collections` - collection requirements for supported automation targets.
- `inventory` - sanitized Linux and AIX inventory examples with shared defaults.
- `playbooks` - executable CIS-inspired hardening playbooks.
- `roles` - reusable hardening roles for supported operating systems.
- `tests` - validation and test harnesses for Ansible content.
## Hardening Coverage
- `cis-rhel9-hardening` - RHEL 9 baseline tasks for packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
- `cis-debian-ubuntu-hardening` - Debian 13 and Ubuntu 26.04 baseline tasks for apt packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
- `cis-aix7-hardening` - IBM AIX 7 baseline tasks for SSH, sudo, audit, logging, cron, users, password policy, network settings, filesystem controls, services, and validation.
## Notes
- The directory layout is already prepared for growth even where content is still placeholder-only.
- This keeps the repository ready for automation expansion alongside the existing script toolkits.
- Roles are CIS-inspired examples intended for portfolio and lab use, not a drop-in compliance certification.
- Defaults are sanitized and configurable through inventory or `--extra-vars`.
- Run platform-specific playbooks against appropriate test hosts before adapting them to production environments.