Ansible Role: cis_ubuntu_2004 :computer:

This is an Ansible Role that helps apply the CIS Benchmark for Ubuntu Linux 20.04 LTS.

Current Versions Available:

• CIS Benchmark for Ubuntu Linux 20.04 LTS v1.1.0
• CIS Benchmark for Ubuntu Linux 20.04 LTS v1.0.0

Versioning

The table below shows which versions of the role are available on Ansible Galaxy and GitHub Releases based on the CIS Benchmark version:

1. Installation/Download Instructions:

You can install or download the cis_ubuntu_2004 role from Ansible Galaxy or directly from the repository.

Without a requirements.yml file:

• To install the latest version:

  ansible-galaxy install darkwizard242.cis_ubuntu_2004
  

• To install a specific version (example: 3.2.0):

  ansible-galaxy install darkwizard242.cis_ubuntu_2004,3.2.0
  

• To install a specific branch (using master branch):

  ansible-galaxy install darkwizard242.cis_ubuntu_2004,master
  

• To install using a feature branch (example: feature/cis_version_1.1.0):

  ansible-galaxy install darkwizard242.cis_ubuntu_2004,feature/cis_version_1.1.0
  

With a requirements.yml file:

Add to your existing requirements.yml file:

• For the latest version:

  - name: darkwizard242.cis_ubuntu_2004
  

• For a specific version:

  - name: darkwizard242.cis_ubuntu_2004
    version: 3.2.0
  

• For a specific branch:

  - name: cis_ubuntu_2004
    src: https://github.com/darkwizard242/cis_ubuntu_2004
    version: master
  

To install after adding to requirements.yml:

ansible-galaxy install -r requirements.yml

NOTE: Installing a role this way only makes the role available for your playbooks. You can find more about installation here.

2. Few Considerations:

Benchmarks about disk partitioning and mount points from Section 1 are not included because different systems have different setups. You might want to handle these manually. Here’s a list of those benchmarks:

• Ensure a separate partition exists for various directories (e.g., /var, /home, etc.)
• Other related checks.

3. Requirements

No additional requirements.

4. Role Variables

Default variables for the role's tasks are found in defaults/main/.

You can find section-specific variables in their corresponding files.

Important variables

Many default services recommended for hardening may be removed. If you need any of these services, change their respective variables from false to true to keep them:

# Set to `true` if SSH is required.
ubuntu_2004_cis_require_ssh_server: true

# And other similar variables...

5. Dependencies

There are no dependencies.

6. Example Playbooks:

Example playbooks are available in the playbook-examples folder. They include defaults and custom requirements.

NOTE: Some settings may lock you out of the system. Start experimenting with the playbook_with_custom_firewall_changes.yml playbook first.

How to Run Examples:

To run any example playbook:

ansible-playbook playbook_with_defaults.yml

For custom playbooks, just run:

ansible-playbook myplaybook.yml

Running example with tags:

You can run specific tasks using tags. For example:

Run only Level 1 controls:

ansible-playbook <playbook-name-here>.yml --tags "level_1"

7. Local Development and CI/CD:

1. Fork the repo and clone it.

2. Install Vagrant and VirtualBox.

3. Install necessary modules:

   python3 -m pip install -U molecule ansible-lint flake8 pytest-testinfra
   

4. Make changes and run:

   molecule test
   

molecule test will run tests on your changes, ensuring everything works as expected.

8. Contributing:

Contributions are welcome! Instructions for contributing can be found here.

License

This project is licensed under the MIT License.

Author Information

This role was created by Ali Muhammad.