darkwizard242.cis_ubuntu_2004
Ansible Role: cis_ubuntu_2004 :computer:
This is an Ansible Role that helps apply the CIS Benchmark for Ubuntu Linux 20.04 LTS.
Current Versions Available:
- CIS Benchmark for Ubuntu Linux 20.04 LTS v1.1.0
- CIS Benchmark for Ubuntu Linux 20.04 LTS v1.0.0
Versioning
The table below shows which versions of the role are available on Ansible Galaxy and GitHub Releases based on the CIS Benchmark version:
| CIS Ubuntu 20.04 Benchmark Version | Ansible Galaxy Version | Repository Tag Version |
|---|---|---|
| 1.0.0 | 1.0.0, 1.0.1, 1.0.2 | 1.0.0, 1.0.1, 1.0.2 |
| 1.1.0 | 2.0.0, 2.0.1, 2.1.0, 3.0.0, 3.1.0, 3.2.0 | 2.0.0, 2.0.1, 2.1.0, 3.0.0, 3.1.0, 3.2.0 |
1. Installation/Download Instructions:
You can install or download the cis_ubuntu_2004 role from Ansible Galaxy or directly from the repository.
Without a requirements.yml file:
To install the latest version:
ansible-galaxy install darkwizard242.cis_ubuntu_2004To install a specific version (example: 3.2.0):
ansible-galaxy install darkwizard242.cis_ubuntu_2004,3.2.0To install a specific branch (using
masterbranch):ansible-galaxy install darkwizard242.cis_ubuntu_2004,masterTo install using a feature branch (example:
feature/cis_version_1.1.0):ansible-galaxy install darkwizard242.cis_ubuntu_2004,feature/cis_version_1.1.0
With a requirements.yml file:
Add to your existing requirements.yml file:
For the latest version:
- name: darkwizard242.cis_ubuntu_2004For a specific version:
- name: darkwizard242.cis_ubuntu_2004 version: 3.2.0For a specific branch:
- name: cis_ubuntu_2004 src: https://github.com/darkwizard242/cis_ubuntu_2004 version: master
To install after adding to requirements.yml:
ansible-galaxy install -r requirements.yml
NOTE: Installing a role this way only makes the role available for your playbooks. You can find more about installation here.
2. Few Considerations:
Benchmarks about disk partitioning and mount points from Section 1 are not included because different systems have different setups. You might want to handle these manually. Here’s a list of those benchmarks:
- Ensure a separate partition exists for various directories (e.g.,
/var,/home, etc.) - Other related checks.
3. Requirements
No additional requirements.
4. Role Variables
Default variables for the role's tasks are found in defaults/main/.
You can find section-specific variables in their corresponding files.
Important variables
Many default services recommended for hardening may be removed. If you need any of these services, change their respective variables from false to true to keep them:
# Set to `true` if SSH is required.
ubuntu_2004_cis_require_ssh_server: true
# And other similar variables...
5. Dependencies
There are no dependencies.
6. Example Playbooks:
Example playbooks are available in the playbook-examples folder. They include defaults and custom requirements.
NOTE: Some settings may lock you out of the system. Start experimenting with the playbook_with_custom_firewall_changes.yml playbook first.
How to Run Examples:
To run any example playbook:
ansible-playbook playbook_with_defaults.yml
For custom playbooks, just run:
ansible-playbook myplaybook.yml
Running example with tags:
You can run specific tasks using tags. For example:
Run only Level 1 controls:
ansible-playbook <playbook-name-here>.yml --tags "level_1"
7. Local Development and CI/CD:
Fork the repo and clone it.
Install Vagrant and VirtualBox.
Install necessary modules:
python3 -m pip install -U molecule ansible-lint flake8 pytest-testinfraMake changes and run:
molecule test
molecule test will run tests on your changes, ensuring everything works as expected.
8. Contributing:
Contributions are welcome! Instructions for contributing can be found here.
License
This project is licensed under the MIT License.
Author Information
This role was created by Ali Muhammad.
Role to apply CIS Benchmark for Ubuntu Linux 20.04 LTS.
ansible-galaxy install darkwizard242.cis_ubuntu_2004