reverting b/c symbolic link doesn't work :-|
This commit is contained in:
sean cavanaugh
31
playbooks/security/hardening.yml
Normal file
31
playbooks/security/hardening.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
---
|
||||
- name: harden linux systems
|
||||
hosts: "{{ HOSTS | default('web') }}"
|
||||
become: true
|
||||
vars:
|
||||
- harden_firewall: false
|
||||
- harden_time: false
|
||||
- harden_ssh: false
|
||||
- harden_pci: false
|
||||
|
||||
tasks:
|
||||
- name: Configure Firewall
|
||||
when: harden_firewall | bool
|
||||
include_role:
|
||||
name: linux-system-roles.firewall
|
||||
|
||||
- name: Configure Timesync
|
||||
when: harden_time | bool
|
||||
include_role:
|
||||
name: redhat.rhel_system_roles.timesync
|
||||
|
||||
- name: SSH Hardening
|
||||
when: harden_ssh | bool
|
||||
include_role:
|
||||
name: dev-sec.ssh-hardening
|
||||
|
||||
# run with --skip-tags accounts_passwords_pam_faillock_deny
|
||||
- name: Apply PCI Baseline
|
||||
when: harden_pci | bool
|
||||
include_role:
|
||||
name: redhatofficial.rhel8_pci_dss
|
||||
Reference in New Issue
Block a user