portfolio/infra-run/ansible/README.md

infra-run/ansible

This directory contains Ansible automation for infrastructure operations and OS hardening. It is organized around the standard separation of inventory, roles, playbooks, collections, and tests.

Diagram

flowchart TD
  A["ansible"] --> B["collections"]
  A --> C["inventory"]
  A --> D["playbooks"]
  A --> E["roles"]
  A --> F["tests"]
  C --> C1["group_vars"]
  C --> C2["host_vars"]

Scope

• collections - collection requirements for supported automation targets.
• inventory - sanitized Linux and AIX inventory examples with shared defaults.
• playbooks - executable CIS-inspired hardening playbooks.
• roles - reusable hardening roles for supported operating systems.
• tests - validation and test harnesses for Ansible content.

Hardening Coverage

• cis-rhel9-hardening - RHEL 9 baseline tasks for packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
• cis-debian-ubuntu-hardening - Debian 13 and Ubuntu 26.04 baseline tasks for apt packages, services, SSH, sudo, sysctl, auditing, logging, filesystem controls, and validation.
• cis-aix7-hardening - IBM AIX 7 baseline tasks for SSH, sudo, audit, logging, cron, users, password policy, network settings, filesystem controls, services, and validation.

Notes

• Roles are CIS-inspired examples intended for portfolio and lab use, not a drop-in compliance certification.
• Defaults are sanitized and configurable through inventory or --extra-vars.
• Run platform-specific playbooks against appropriate test hosts before adapting them to production environments.