georgenalen.windows_2019_cis
Windows Server 2019 CIS
=========
Set up a Windows Server 2019 system to follow CIS guidelines. By default, all issues found will be checked. Non-disruptive fixes in Sections 1, 2, 9, 17, 18, and 19 will be applied automatically.
Warnings
This role will change your system, which might cause issues. It's not for checking compliance but for fixing problems after an audit.
This role is meant for a fresh installation of the Operating System. If you're applying it to an existing system, please ensure you review the role for any specific adjustments needed.
To use the latest version, please refer to the main branch. Based on Windows Server 2019 CIS v1.1.0 01-14-2020.
Documentation
- Getting Started
- Customizing Roles
- Per-Host Configuration
- Getting the Most Out of the Role
- Wiki
- Repo GitHub Page
Requirements
General:
- Basic understanding of Ansible. Here are some helpful links:
- You need a working Ansible and/or Tower installation, properly set up and running, with all necessary packages installed.
- Please review the tasks in this role to understand what each one does. Some tasks could be disruptive and might affect a live production system. Also, get familiar with the variables in the defaults/main.yml file or the Main Variables Wiki Page.
Technical Dependencies:
- You should be using a setup of Ansible/Tower (this role is tested with Ansible version 2.9.1 and newer).
Make sure the following packages are installed on the controlling host where Ansible runs:
- passlib (or python2-passlib if using Python 2)
- python-lxml
- python-xmltodict
- python-jmespath
- pywinrm
The package 'python-xmltodict' is needed if you turn on the OpenSCAP tool installation and run a report. The packages python(2)-passlib and python-jmespath are needed for tasks using custom filters or modules. All these packages are required on the controller host running Ansible.
Role Variables
This role is designed so the end user doesn't need to change the tasks themselves. Any customization should be done through the defaults/main.yml file or with extra vars in the project, job, workflow, etc. The variables you can use are listed here in the Main Variables Wiki page, including their descriptions.
Branches
- devel - This is the main development branch where community pull requests will be merged.
- main - This is the release branch.
- reports - This is a protected branch for scoring reports; no code should be added here.
- gh-pages - This is the GitHub pages branch.
- all other branches - Branches for individual community members.
Community Contribution
We welcome contributions from the community. Please follow these guidelines:
- Work in your own separate branch. Make sure to sign and GPG sign all commits you want to merge.
- All community Pull Requests go into the devel branch.
- Pull Requests to devel will be checked to ensure they include a GPG signature, are signed off, and have passed functional tests before approval.
- Once your changes are merged and thoroughly reviewed, an authorized member will merge them into the main branch for a new release.
