Brought to you by MindPoint Group
This content is no longer maintained.
For the latest content and wider set of baselines, see:
On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users
Archived, new content in https://github.com/ansible-lockdown
Home Page: https://github.com/ansible-lockdown
License: MIT License
Brought to you by MindPoint Group
This content is no longer maintained.
For the latest content and wider set of baselines, see:
On our Discord Server to ask questions, discuss features, or just chat with other Ansible-Lockdown users
Document effort to merge projects.
Minutes https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html
Logs https://freenode.logbot.info/ansible-lockdown/20181017
To Do's
Ansible Collections is the optimal way to share content such as this role with the community.
Therefore, it would be good to bundle the roles provided in the ansible-lockdown umbrella into a collection.
The part about usage of tags consists of 2 examples labeled #This
and #Not This
, but both examples are identical.
While a new collection is imminent, this repo is woefully out of date with the community:
When I perform a clone of the repository with --recursive, the clone fails to pull the RHEL6-STIG due to the URL of the sub-module being SSH vs HTTPS. Users behind a proxy (like myself) may not be able to reach this URL.
Please update the RHEL6-STIG sub-module location from
[email protected]:MindPointGroup/RHEL6-STIG.git
to
https://github.com/MindPointGroup/RHEL6-STIG.git
I am running the ansible-lockdown on a RHEL7 Server. I keep finding that RHEL-07-020070 is reporting as skipped in Ansible Tower. The target server's yum.conf definitely does not have repo_gpgcheck=1 but it does have gpgpcheck=1. I am deploying this in AWS on a RHEL AMI. Could this be a bug?
Hi,
I want to disable STIG-IDs in defaults/main.yml as some are not functional within AWS such as the bootstrap password (RHEL-07-010480, RHEL-07-010490). The only method i found is by commenting out both the STIG-ID in 'defaults/main.yml' and also within tasks/fix-cat1.yml comment out these tasks. Is there any easier way to do this?
#- name: |
#
# "HIGH | RHEL-07-010480 | PATCH | Systems with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes."
# "HIGH | RHEL-07-010490 | PATCH | Systems using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes."
# lineinfile:
# dest: /etc/grub.d/40_custom
# insertafter: EOF
# regexp: "{{ item.regexp }}"
# line: "{{ item.line }}"
# with_items: "{{ rhel7stig_boot_password_config }}"
# notify: make grub2 config
# when: rhel_07_010480 or rhel_07_010490
# tags:
# - cat1
# - high
# - patch
# - RHEL-07-010480
# - RHEL-07-010490
# - grub
# - bootloader
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.