Merge of RedHatGov/product-demos (#56)

Co-authored-by: MKletz <michael.kletz.27@gmail.com> Co-authored-by: Ajay Chenampara <ajay.chenampara@gmail.com> Co-authored-by: dlemons-redhat <69318976+dlemons-redhat@users.noreply.github.com> Co-authored-by: Nicolas Leiva <nicolasleiva@gmail.com> Co-authored-by: benblasco <42140583+benblasco@users.noreply.github.com> Co-authored-by: Benjamin Blasco <bblasco@redhat.com> Co-authored-by: calvingsmith <4283930+calvingsmith@users.noreply.github.com> Co-authored-by: Calvin Smith <calvingsmith@users.noreply.github.com> Co-authored-by: Hicham Mourad <43329991+HichamMourad@users.noreply.github.com>
2023-03-17 09:07:02 -04:00
parent 8acff9c9b1
commit c18a206499
279 changed files with 5191 additions and 4649 deletions
--- a/linux/hardening.yml
+++ b/linux/hardening.yml
@@ -0,0 +1,31 @@
+---
+- name: Harden linux systems
+  hosts: "{{ _hosts | default('web') }}"
+  become: true
+  vars:
+    harden_firewall: false
+    harden_time: false
+    harden_ssh: false
+    harden_pci: false
+
+  tasks:
+    - name: Configure Firewall
+      when: harden_firewall | bool
+      ansible.builtin.include_role:
+        name: linux-system-roles.firewall
+
+    - name: Configure Timesync
+      when: harden_time | bool
+      ansible.builtin.include_role:
+        name: redhat.rhel_system_roles.timesync
+
+    - name: SSH Hardening
+      when: harden_ssh | bool
+      ansible.builtin.include_role:
+        name: dev-sec.ssh-hardening
+
+    # run with --skip-tags accounts_passwords_pam_faillock_deny
+    - name: Apply PCI Baseline
+      when: harden_pci | bool
+      ansible.builtin.include_role:
+        name: redhatofficial.rhel8_pci_dss