hardening demo from will tome
This commit is contained in:
ipvsean
31
playbooks/03_hardening.yml
Normal file
31
playbooks/03_hardening.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
---
|
||||
- name: harden linux systems
|
||||
hosts: "{{ HOSTS | default('all') }}"
|
||||
become: yes
|
||||
vars:
|
||||
- harden_firewall: False
|
||||
- harden_time: False
|
||||
- harden_ssh: False
|
||||
- harden_pci: False
|
||||
|
||||
tasks:
|
||||
- name: Configure Firewall
|
||||
when: harden_firewall | bool
|
||||
include_role:
|
||||
name: linux-system-roles.firewall
|
||||
|
||||
- name: Configure Timesync
|
||||
when: harden_time | bool
|
||||
include_role:
|
||||
name: linux-system-roles.timesync
|
||||
|
||||
- name: SSH Hardening
|
||||
when: harden_ssh | bool
|
||||
include_role:
|
||||
name: dev-sec.ssh-hardening
|
||||
|
||||
# run with --skip-tags accounts_passwords_pam_faillock_deny
|
||||
- name: Apply PCI Baseline
|
||||
when: harden_pci | bool
|
||||
include_role:
|
||||
name: redhatofficial.rhel7_pci_dss
|
||||
Reference in New Issue
Block a user