This ansible content will configure Ubuntu 16 machine to be GSA compliant.
This role will make changes to the system that could break things. This is not an auditing tool but rather a remediation tool to be used after an audit has been conducted. For compliance auditing, use a tool such as nessus or CIS-CAT
This code is based on the GSA Ubuntu 16 v1.0 and the CIS Ubuntu 16 Benchmark v2.0.0 .
You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.
There are many role variables defined in defaults/main.yml.
By default, many of the variables are turned off. Please review and adjust to meet your organizational requirements.
Note, a subset of controls were removed due to operational impact or organizational dependent variables. Those are listed here Note: Must have a GSA account to access.
Ansible > 2.4
---
- name: Harden Server
hosts: all
become: yes
roles:
- gsa_hardeningansible-playbook playbook.yml --connection=local
This repository has been updated to optionally utilize Continuous Intergration with CircleCI and tests the ansbile tasks against a privledged Ubuntu-16 Container. A low number of tasks are incompatiable when ran against a container vs a vm or bare-metal and have been tagged with no_test for error handling purposes.
- Fork this repository or create a branch
- Sign up for an account and follow the getting started guide at https://circleci.com/docs/2.0/first-steps/#section=getting-started
- Add the repository to your projects and click start building. https://circleci.com/docs/2.0/project-build/#section=getting-started
- New Commits will trigger the CircleCI build and run the playbook.yml and the result will pass or fail.
MIT