Ansible Role thbe-security

This role is used to set up and manage security settings and tools on a RHEL (Red Hat Enterprise Linux) system or similar systems.

Requirements

There are no specific requirements for using this role.

Role Variables

• role_directory - The main path for the directories used by thbe roles (do not change!)
• password_quality_file - The file for password quality settings (do not change!)
• password_login_file - The file for login settings (do not change!)
• minlen (default: 16) - Minimum length of passwords
• lcredit (default: -1) - Credit for lowercase letters
• ucredit (default: -1) - Credit for uppercase letters
• dcredit (default: -1) - Credit for digits
• ocredit (default: -1) - Credit for other characters
• pass_max_days - Maximum days before a password must be changed (default: 365)
• pass_min_days - Minimum days before a password can be changed (default: 0)
• pass_min_len - Minimum length of a password (default: 8)
• pass_warn_age - Days before a warning that the password will expire (default: 7)
• remember - How many previous passwords to remember (default: 24)
• lynis_enable - Whether to install Lynis (default: false; requires EPEL)
• rkhunter_enable - Whether to install rkhunter (default: false; requires EPEL)

Dependencies

This role requires the following:

• thbe.common
• thbe.rhel

Example Playbook

You can include this role in your site.yml like this:

- name: Ansible playbooks for all nodes
  hosts: all
  collections:
    - ansible.posix
    - community.general
  gather_facts: true
  vars:
        external_repos_epel: true
        lynis_enable: true
        rkhunter_enable: true

  tasks:
    - name: Role Common
      ansible.builtin.include_role:
        name: thbe.common
    - name: Role rhel
      ansible.builtin.include_role:
        name: thbe.rhel
    - name: Role Security
      ansible.builtin.include_role:
        name: thbe.security

License

GPL-3.0-only

Author Information

Thomas Bendler - https://www.thbe.org/