DISA STIG for Red Hat Enterprise Linux 7

Ansible Role for DISA STIG for Red Hat Enterprise Linux 7

Profile Description:

This profile contains checks to ensure that your system follows the DISA STIG guidelines for Red Hat Enterprise Linux V3R14. It applies to Red Hat Enterprise Linux 7 and other related systems, such as:

• Red Hat Enterprise Linux Server
• Red Hat Enterprise Linux Workstation and Desktop
• Red Hat Enterprise Linux for HPC
• Red Hat Storage
• Red Hat Containers with a Red Hat Enterprise Linux 7 image

The tasks in this role are created using OpenSCAP. For more information on how to generate Ansible playbooks, visit the OpenSCAP project at OpenSCAP GitHub.

If you want to suggest a fix or improvement for an Ansible task that isn't working or is missing, please check the ComplianceAsCode project at ComplianceAsCode GitHub.

Requirements

• Ansible version 2.9 or higher.

Role Variables

To customize this role, you can look at the list of variables.

Dependencies

None.

Example Role Usage

To download and install the role, run:

ansible-galaxy install RedHatOfficial.rhel7_stig

You can then use the following playbook code to run the Ansible role:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel7_stig }

To check the playbook on your local machine, use:

ansible-playbook -i "localhost," -c local --check playbook.yml

To actually run it (note that this may change your local machine's configuration!):

ansible-playbook -i "localhost," -c local playbook.yml

License

BSD-3-Clause

Author Information

This Ansible remediation role was created based on security policies from the ComplianceAsCode project. For an updated list of authors and contributors, please visit Contributors List.