32 lines
729 B
YAML
32 lines
729 B
YAML
---
|
|
- name: harden linux systems
|
|
hosts: "{{ HOSTS | default('all') }}"
|
|
become: yes
|
|
vars:
|
|
- harden_firewall: False
|
|
- harden_time: False
|
|
- harden_ssh: False
|
|
- harden_pci: False
|
|
|
|
tasks:
|
|
- name: Configure Firewall
|
|
when: harden_firewall | bool
|
|
include_role:
|
|
name: linux-system-roles.firewall
|
|
|
|
- name: Configure Timesync
|
|
when: harden_time | bool
|
|
include_role:
|
|
name: linux-system-roles.timesync
|
|
|
|
- name: SSH Hardening
|
|
when: harden_ssh | bool
|
|
include_role:
|
|
name: dev-sec.ssh-hardening
|
|
|
|
# run with --skip-tags accounts_passwords_pam_faillock_deny
|
|
- name: Apply PCI Baseline
|
|
when: harden_pci | bool
|
|
include_role:
|
|
name: redhatofficial.rhel7_pci_dss
|