mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
deb12a0b4f5ef6ff4cd29317bf4eba95d2d6b60c
portfolio/infra-run/ansible/roles/README.md
T
Mateusz Suski deb12a0b4f Update docs for Ansible hardening roles
2026-05-06 09:25:43 +00:00

28 lines
1.1 KiB
Markdown
Raw Blame History

# infra-run/ansible/roles
This folder contains reusable Ansible roles. Roles organize configuration logic into predictable, testable units that can be shared across playbooks.
## Diagram
```mermaid
flowchart TD
A["roles"] --> B["common"]
A --> C["monitoring"]
A --> D["storage"]
A --> E["security"]
E --> E1["cis-rhel9-hardening"]
E --> E2["cis-debian-ubuntu-hardening"]
E --> E3["cis-aix7-hardening"]
```
## Current Roles
- `cis-rhel9-hardening` - CIS-inspired RHEL 9 baseline with package, service, SSH, sudo, sysctl, audit, logging, filesystem, and validation tasks.
- `cis-debian-ubuntu-hardening` - CIS-inspired Debian 13 and Ubuntu 26.04 baseline with apt, service, SSH, sudo, sysctl, audit, logging, filesystem, and validation tasks.
- `cis-aix7-hardening` - CIS-inspired IBM AIX 7 baseline with SSH, sudo, audit, logging, cron, user, password, network, filesystem, service, and validation tasks.
## Notes
- Each role includes defaults, task includes, handlers where needed, and role-specific README guidance.
- The hardening content is sanitized for portfolio use and should be reviewed against site policy before production use.
Reference in New Issue View Git Blame Copy Permalink