mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fd9c0b5ef57540bb6548c3d2832a8274121c718
portfolio/infra-run/ansible/roles/cis-rhel9-hardening/tasks/main.yml
T
Mateusz Suski 75a11f7650 Add RHEL 9 CIS-inspired hardening playbook
2026-05-06 08:45:33 +00:00

55 lines
1.1 KiB
YAML
Raw Blame History

---
- name: Run platform safety prechecks
ansible.builtin.import_tasks: precheck.yml
tags:
- always
- precheck
- name: Manage packages
ansible.builtin.import_tasks: packages.yml
tags:
- packages
- name: Harden SSH daemon configuration
ansible.builtin.import_tasks: ssh.yml
tags:
- ssh
- name: Apply kernel network hardening
ansible.builtin.import_tasks: sysctl.yml
when: cis_enable_sysctl_hardening | bool
tags:
- sysctl
- name: Manage baseline services
ansible.builtin.import_tasks: services.yml
tags:
- services
- name: Configure Linux audit controls
ansible.builtin.import_tasks: audit.yml
when: cis_install_auditd | bool
tags:
- audit
- name: Configure sudo controls
ansible.builtin.import_tasks: sudo.yml
tags:
- sudo
- name: Configure logging controls
ansible.builtin.import_tasks: logging.yml
tags:
- logging
- name: Review filesystem mount options
ansible.builtin.import_tasks: filesystem.yml
tags:
- filesystem
- name: Run validation postchecks
ansible.builtin.import_tasks: postcheck.yml
tags:
- always
- postcheck
Reference in New Issue View Git Blame Copy Permalink