georgenalen.windows_2019_cis

Windows Server 2019 CIS

========= Release

Set up a Windows Server 2019 system to follow CIS guidelines. By default, all issues found will be checked. Non-disruptive fixes in Sections 1, 2, 9, 17, 18, and 19 will be applied automatically.

Warnings


This role will change your system, which might cause issues. It's not for checking compliance but for fixing problems after an audit.

This role is meant for a fresh installation of the Operating System. If you're applying it to an existing system, please ensure you review the role for any specific adjustments needed.

To use the latest version, please refer to the main branch. Based on Windows Server 2019 CIS v1.1.0 01-14-2020.

Documentation


Requirements


General:

Technical Dependencies:

  • You should be using a setup of Ansible/Tower (this role is tested with Ansible version 2.9.1 and newer).

Make sure the following packages are installed on the controlling host where Ansible runs:

  • passlib (or python2-passlib if using Python 2)
  • python-lxml
  • python-xmltodict
  • python-jmespath
  • pywinrm

The package 'python-xmltodict' is needed if you turn on the OpenSCAP tool installation and run a report. The packages python(2)-passlib and python-jmespath are needed for tasks using custom filters or modules. All these packages are required on the controller host running Ansible.

Role Variables


This role is designed so the end user doesn't need to change the tasks themselves. Any customization should be done through the defaults/main.yml file or with extra vars in the project, job, workflow, etc. The variables you can use are listed here in the Main Variables Wiki page, including their descriptions.

Branches


  • devel - This is the main development branch where community pull requests will be merged.
  • main - This is the release branch.
  • reports - This is a protected branch for scoring reports; no code should be added here.
  • gh-pages - This is the GitHub pages branch.
  • all other branches - Branches for individual community members.

Community Contribution


We welcome contributions from the community. Please follow these guidelines:

  • Work in your own separate branch. Make sure to sign and GPG sign all commits you want to merge.
  • All community Pull Requests go into the devel branch.
  • Pull Requests to devel will be checked to ensure they include a GPG signature, are signed off, and have passed functional tests before approval.
  • Once your changes are merged and thoroughly reviewed, an authorized member will merge them into the main branch for a new release.
Informazioni sul progetto

Ansible role to apply Windows Server 2019 CIS Benchmark

Installa
ansible-galaxy install georgenalen.windows_2019_cis
Licenza
mit
Download
97
Proprietario