hardening demo from will tome

README.md

@@ -26,6 +26,14 @@ ansible-playbook playbooks/install_demo.yml -e @choose_demo.yml
     <th>Video Walkthrough</th>
     <th>Workshop Types</th>
   </tr>
+  <tr>
+    <td>SERVER / Hardening</td>
+    <td>Will Tome</td>
+    <td><pre>demo: hardening</pre></td>
+    <td>hardening for Linux servers</td>
+    <td>Not available </td>
+    <td><ul><li>f5</li><li>rhel</li></ul></td>
+  </tr>
   <tr>
     <td>Windows IIS Server</td>
     <td>Colin McNaughton</td>
@@ -34,14 +42,6 @@ ansible-playbook playbooks/install_demo.yml -e @choose_demo.yml
     <td>Not available </td>
     <td><ul><li>windows</li></ul></td>
   </tr>
-  <tr>
-    <td>Create Developer Report</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: developer_report</pre></td>
-    <td>Create HTML report using <a href="https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts">Ansible facts</a></td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li></ul></td>
-  </tr>
   <tr>
     <td>Deploy Application (survey)</td>
     <td>Sean Cavanaugh</td>
@@ -50,14 +50,6 @@ ansible-playbook playbooks/install_demo.yml -e @choose_demo.yml
     <td><a href="https://www.youtube.com/watch?v=pU8ZgSBuEJw&list=PLdu06OJoEf2bp-PNtxPP_2n7Avkax8TED">Video Link</a></td>
     <td><ul><li>f5</li><li>rhel</li></ul></td>
   </tr>
-  <tr>
-    <td>Create Openscap Report</td>
-    <td>Sean Cavanaugh</td>
-    <td><pre>demo: openscap</pre></td>
-    <td>Create HTML report using SCAP Security Guide (SSG)</td>
-    <td>Not available </td>
-    <td><ul><li>f5</li><li>rhel</li></ul></td>
-  </tr>
   <tr>
     <td>SERVER / Patching</td>
     <td>Will Tome</td>
@@ -66,6 +58,22 @@ ansible-playbook playbooks/install_demo.yml -e @choose_demo.yml
     <td>Not available </td>
     <td><ul><li>f5</li><li>rhel</li></ul></td>
   </tr>
+  <tr>
+    <td>Create Developer Report</td>
+    <td>Sean Cavanaugh</td>
+    <td><pre>demo: developer_report</pre></td>
+    <td>Create HTML report using <a href="https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts">Ansible facts</a></td>
+    <td>Not available </td>
+    <td><ul><li>f5</li><li>rhel</li></ul></td>
+  </tr>
+  <tr>
+    <td>Create Openscap Report</td>
+    <td>Sean Cavanaugh</td>
+    <td><pre>demo: openscap</pre></td>
+    <td>Create HTML report using SCAP Security Guide (SSG)</td>
+    <td>Not available </td>
+    <td><ul><li>f5</li><li>rhel</li></ul></td>
+  </tr>
 </table>
 
 # Contribute
@@ -74,7 +82,7 @@ please refer to the [contribute.md](docs/contribute.md) documentation included i
 
 # Notes
 
-This README.md was auto-generated by Ansible user **sean** on **2020-03-06** with Ansible version **2.9.5**
+This README.md was auto-generated by Ansible user **sean** on **2020-03-09** with Ansible version **2.9.5**
 
 To generate a README.md, execute the following command
 

playbooks/03_hardening.yml

@@ -0,0 +1,31 @@
+---
+- name: harden linux systems
+  hosts: "{{ HOSTS | default('all') }}"
+  become: yes
+  vars:
+    - harden_firewall: False
+    - harden_time: False
+    - harden_ssh: False
+    - harden_pci: False
+
+  tasks:
+  - name: Configure Firewall
+    when: harden_firewall | bool
+    include_role:
+      name: linux-system-roles.firewall
+
+  - name: Configure Timesync
+    when: harden_time | bool
+    include_role:
+      name: linux-system-roles.timesync
+
+  - name: SSH Hardening
+    when: harden_ssh | bool
+    include_role:
+       name: dev-sec.ssh-hardening
+
+  # run with --skip-tags accounts_passwords_pam_faillock_deny
+  - name: Apply PCI Baseline
+    when: harden_pci | bool
+    include_role:
+      name: redhatofficial.rhel7_pci_dss

playbooks/group_vars/all/03_hardening.yml

@@ -0,0 +1,37 @@
+---
+survey_hardening:
+  name: ''
+  description: ''
+  spec:
+  - question_name: 'Enter host to configure'
+    type: text
+    variable: HOSTS
+    required: false
+  - question_name: Configure Firewall?
+    type: multiplechoice
+    variable: harden_firewall
+    required: false
+    choices:
+      - 'Yes'
+      - 'No'
+  - question_name: Configure Time?
+    type: multiplechoice
+    variable: harden_time
+    required: false
+    choices:
+      - 'Yes'
+      - 'No'
+  - question_name: Harden SSH?
+    type: multiplechoice
+    variable: harden_ssh
+    required: false
+    choices:
+      - 'Yes'
+      - 'No'
+  - question_name: PCI Baseline?
+    type: multiplechoice
+    variable: harden_pci
+    required: false
+    choices:
+      - 'Yes'
+      - 'No'

playbooks/group_vars/all/all.yml

@@ -38,6 +38,25 @@ demos:
     workshop_type:
       - f5
       - rhel
+  hardening:
+    author: "Will Tome"
+    name: "SERVER / Hardening"
+    description: "hardening for Linux servers"
+    job_type: "run"
+    inventory: "Workshop Inventory"
+    playbook: "playbooks/03_hardening.yml"
+    credential: "Workshop Credential"
+    survey_enabled: yes
+    survey_spec: "{{survey_hardening}}"
+    project:
+      name: "Ansible official demo project"
+      description: "prescriptive demos from Red Hat Management Buisness Unit"
+      organization: "Default"
+      scm_type: git
+      scm_url: "https://github.com/ansible/product-demos"
+    workshop_type:
+      - f5
+      - rhel
   windows_iis:
     author: "Colin McNaughton"
     name: "Windows IIS Server"

roles/requirements.yml

@@ -0,0 +1,6 @@
+---
+- src: dev-sec.ssh-hardening
+- src: mindpointgroup.rhel7-cis
+- src: redhatofficial.rhel7_pci_dss
+- src: linux-system-roles.firewall
+- src: linux-system-roles.timesync