simple-harden

ansible-role-simple-harden

Apply a series of STIG-suggested hardening rules to an instance.

WARNING: This will make modifications to system configuration files

Use or apply only to test systems.

Role to apply some simple hardening configurations

The Security Content Automation Protocol (SCAP) is a U.S. standard maintained by the National Institute of Standards and Technology (NIST). SCAP provides a specification for system for vulnerability detetection and remediation.

SCAP supports the process of FISMA Compliance, and the National Vulnerability Database (NVD) is the U.S. government content repository for SCAP.

This role applies basic configuration updates for Kernel networking and the Audit, SSH and Firewall daemons to satisfy a number of STIG rules that fail out-of-the-box for Red Hat Enterprise and CentOS GNU/Linux version 7 distributions.

Test usage

See the govready ansible role.

To apply these rules to your server

Example simple-harden.yml:

- name: Harden all servers
  hosts: servers
  roles:
    - { role: CivicActions.simple-harden, become: true }

Run command:

ansible-playbook -i inventory simple-harden.yml

About

Simple hardening script to satisfy some RMF STIG rules

role security

Install

ansible-galaxy install openprivacy/ansible-role-simple-harden

GitHub repository

1 stars

0 forks

0 open issues

License

Unknown

Downloads

Owner

Fen Labalme

CISSP. CISO at @CivicActions working to transform government by automating and enhancing the Authority to Operate (ATO) process with FOSS.