GSA/ansible-os-rhel-7

Name: ansible-os-rhel-7

Owner: U.S. General Services Administration

Description: Ansible Roles for RHEL 7

Created: 2017-08-11 21:32:53.0

Updated: 2018-04-09 22:47:42.0

Pushed: 2017-11-08 19:57:25.0

Homepage: null

Size: 98

Language: null

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

RHEL 7 GSA Benchmark

This ansible content will configure RHEL/Centos 7 machine to be GSA compliant.

This role will make changes to the system that could break things.

For compliance auditing, use a tool such as nessus or CIS-CAT

This code is based on the GSA Red Hat Enterprise Linux Security Benchmark v1.0 and the CIS RedHat Enterprise Linux 7 Benchmark v2.1.1 .

Important Information

You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.

Role Variables

There are many role variables defined in defaults/main.yml.

The current default configuration will:

• Enable IPv6 settings
• Enable iptables
• Enable auditing with rsyslog.
• Lock users inactive for over 30 days.

The configuration will not:

• Install and configure AIDE
• Install and configure NTP
• Configure the /etc/group wheel configurations

Other settings and services are listed. Please review to ensure they meet your organizational requirements.

Note, a subset of controls were removed due to operational impact or organizational dependent variables. Those are listed here *Note: Must have a GSA account to access.

Dependencies

Ansible > 2.4

Example Playbook

me: Harden Server
sts: all
come: yes

les:
- ansible-os-rhel-7

How to test locally

ble-playbook playbook.yml --connection=local

License

MIT