MindPointGroup.amazon2_cis

Panoramica Versioni Approfondimenti

Amazon Linux 2

Set up an Amazon Linux 2 machine to meet CIS standards. This has not been tested on OEL.

This guide is based on the CIS Amazon Linux 2 Benchmark v3.0.0 - 12-22-2023.

Release Tag Release Date

Devel Commits

Issues Open Issues Closed Pull Requests

License

Join Us

Join our Discord Server to ask questions, talk about features, or chat with other Ansible-Lockdown users.

Caution

This role will make changes to your system, which might have unintended effects. It is not an auditing tool; it is for fixing issues after an audit has been completed.

Check Mode is not supported! The role will run in check mode without errors, but it is not recommended and should be used carefully. For compliance checks, use the AMAZON2-CIS-Audit role or a compliance scanner instead.

This role was made for a clean installation of the Operating System. If you're applying this to an existing system, please check for any specific changes that might be needed.

To use the release version, point to the main branch and the relevant release for the CIS benchmark you're working with.

Coming from a Previous Release

CIS releases always have updates, so it’s a good idea to review the new references and available variables, which have changed since the initial release of ansible-lockdown. It now works with Python 3 if it’s the default interpreter and has some prerequisites that configure the system accordingly.

More details can be found in the Changelog.

Documentation

Requirements

General:

Basic knowledge of Ansible. If you're new, here are some helpful links:
A working Ansible and/or Tower setup, including all needed configurations and packages.
Review the tasks in this role to understand their effects. Some tasks may disrupt a live system. Familiarize yourself with the variables in the defaults/main.yml file or the Main Variables Wiki Page.

Technical Dependencies:

You need to have Ansible/Tower installed (this role is tested with Ansible version 2.11.1 and newer).
Python3 is needed for the Ansible environment.
The first task sets up the required packages for Python3 and Python2 (where necessary):
- libselinux-python
- python3-rpm (used by Python 3 for RPM packages)
- jmespath

Role Variables

This role is designed for the user not to edit the tasks directly. Customization should be done through the defaults/main.yml file or by using extra vars in your project, job, or workflow. You can find these variables here in the Main Variables Wiki page, with descriptions for each.

Branches

devel - This is the main development branch where community pull requests go.
main - This is the release branch.
all other branches - These are for individual community members.

Community Contribution

We welcome contributions from the community. Please follow these guidelines:

Work in your own branch. Make sure to sign and GPG sign all commits you want to merge.
Pull Requests go into the devel branch.
Pull Requests must have GPG signatures and functional tests before approval.
Once approved, an authorized member will merge your changes into the main branch for a new release.

Pipeline Testing

Uses:

ansible-core 2.12+
ansible collections, pulling in the latest versions from the requirements file.
Runs tests using the devel branch.
Automated tests happen on pull requests into devel.

Support

This is a community project and will be managed as such.

For dedicated support or custom setups, check out:

Credits and Thanks

Thank you to the amazing community and all its members!

Informazioni sul progetto

Apply the Amazon Linux 2 CIS controls

role system security cis hardening benchmark compliance amazonlinux complianceascode

Installa

ansible-galaxy install MindPointGroup.amazon2_cis

GitHub repository

28 stelle

22 fork

0 problemi aperti

Licenza

mit

Download

1.2k

Proprietario

Ansible Lockdown

Ansible Lockdown is a security baseline automation project sponsored by Mindpoint Group.