Code Monkey home page Code Monkey logo

ubuntu20-cis's Introduction

ubuntu-20

Ubuntu 20 CIS

Configure Ubuntu 20 machine to be CIS compliant. There are some intrusive tasks that have a toggle in defaults main.yml to disable to automated fix

This role will make changes to the system that could break things. This is not an auditing tool but rather a remediation tool to be used after an audit has been conducted.

Based on CIS Ubuntu Linux 20.04 LTS Benchmark .

Requirements

You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook. If you want to do a dry run without changing anything, set the below sections (rhel8cis_section1-6) to false.

Role Variables

There are many role variables defined in defaults/main.yml. This list shows the most important.

ubtu20cis_disruption_high: Run CIS checks that we typically do NOT want to automate due to the high probability of breaking the system (Default: false)

ubtu20cis_section1_patch: CIS - Iniitial setup (Section 1) (Default: true)

ubtu20cis_section2_patch: CIS - Services settings (Section 2) (Default: true)

ubtu20cis_section3_patch: CIS - Network Configuration (Section 3) (Default: true)

ubtu20cis_section4_patch: CIS - Logging and Auditing settings (Section 4) (Default: true)

ubtu20cis_section5_patch: CIS - Access, Authentication and Authorization settings (Section 5) (Default: true)

ubtu20cis_section6_patch: CIS - System Maintenance settings (Section 6) (Default: true)

Service variables:
These control whether a server should or should not be allowed to continue to run these services
ubtu20cis_allow_autofs: false
ubtu20cis_allow_usb_storage: false
ubtu20cis_avahi_server: false
ubtu20cis_cups_server: false
ubtu20cis_dhcp_server: false
ubtu20cis_ldap_server: false
ubtu20cis_nfs_server: false
ubtu20cis_dns_server: false
ubtu20cis_vsftpd_server: false
ubtu20cis_httpd_server: false
ubtu20cis_dovecot_server: false
ubtu20cis_smb_server: false
ubtu20cis_squid_server: fase
ubtu20cis_snmp_server: false
ubtu20cis_rsync_server: false
ubtu20cis_nis_server: false
ubtu20cis_rpc_required: false
Client variables:
These control whether a client should or should not be allowed to continue to run these services
ubtu20cis_nis_required: false
ubtu20cis_rsh_required: false
ubtu20cis_talk_required: false
ubtu20cis_telnet_required: false
ubtu20cis_ldap_clients_required: false
ubtu20cis_is_router: false
IPv4 required

ubtu20cis_ipv4_required

IPv6 required

ubtu20cis_ipv6_required

X-Windows required

ubtu20cis_xwindows_required

Is system a container

ubtu20cis_system_is_container:

Dependencies

Ansible > 2.6.5

Example Playbook

This sample playbook should be run in a folder that is above the main UBUNTU-18-CIS folder.

- hosts: all
  become: true
  vars:
      is_container: false

  roles:

      - role: "{{ playbook_dir }}"
        ubtu20cis_skip_for_travis: false
        ubtu20cis_oscap_scan: yes

License
-------

BSD

Author Information
------------------

An optional section for the role authors to include contact information, or a website (HTML is not allowed).

Tags

Many tags are available for precise control of what is and is not changed.

Some examples of using tags:

    # Audit and patch the site
    ansible-playbook site.yml --tags="patch"

ubuntu20-cis's People

Contributors

carnells avatar georgenalen avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.