iquzart.cis_centos_8
CIS - RHEL 8 Based Systems
This is an Ansible role to apply the CIS Benchmark on systems that use RHEL 8.
Requirements
When you install the system, you need to create the following separate partitions. This role will not create them for you.
1.1.6 | Make sure there is a separate partition for /var (Scored)
1.1.7 | Make sure there is a separate partition for /var/tmp (Scored)
1.1.11 | Make sure there is a separate partition for /var/log (Scored)
1.1.12 | Make sure there is a separate partition for /var/log/audit (Scored)
1.1.13 | Make sure there is a separate partition for /home (Scored)
Support Matrix
| Distro | Status |
|---|---|
| CentOS 8 | Supported (Tested) |
| RHEL 8 | Supported (Tested) |
| Oracle Linux 8 | Supported (Tested) |
Role Variables
The variables in default/main.yml are straightforward and easy to understand.
Notes
When you enable CIS rules 5.3.1, 5.3.2, 5.4.2, 5.4.3, and 5.4.4, the role will set up Authselect with a custom profile.
To join the node to an Active Directory domain, use 'realmd.' Update the realmd-distro.conf file located at /usr/lib/realmd/realmd-distro.conf with the following:
[commands]
sssd-enable-logins = /usr/bin/sh -c "/usr/bin/systemctl enable oddjobd.service
&& /usr/bin/systemctl start oddjobd.service"
sssd-disable-logins = /bin/true
Example Playbook
- name: CIS Baseline Setup
hosts: cis
remote_user: vagrant
become: yes
roles:
- iquzart.cis_centos_8
License
MIT
Author Information
Muhammed Iqbal iquzart@hotmail.com
Informazioni sul progetto
CIS Benchmark for RHEL 8 Based Systems
Installa
ansible-galaxy install iquzart.cis_centos_8Licenza
Unknown
Download
1.8k
Proprietario
Open Source Enthusiast