/ansible-lockdown

Ansible playbook roles for security

MIT LicenseMIT

Ansible Lockdown

Intro

Ansible Lockdown is a collection of Ansible roles related to security automation. All roles included in this project must meet the contribution guidelines.

Some roles referenced in this project are a collaborative effort between Ansible and our IT Security partner MindPoint Group to provide you with thorough, vetted, and trusted security roles that you can integrate with any of your existing playbooks or as the building blocks for completely new playbooks. Other roles included in this project, while not vetted by MindPoint Group, have been deemed by the maintainers and community to meet the contribution guidelines.

The initial effort is for the development of roles centered around STIG and CIS benchmark baselines. Based on community feedback we'll then proceed with other security guidelines for additional operating systems and applications.

Community

Most of the communication around the project happens on the mailing list. That is best way to stay up to date with what is happening with the project.

For faster feedback, there is an #ansible-lockdown IRC channel on Freenode.

Instructions

In order to use the roles you should first ensure that you have Ansible installed.

To clone the entire project and use the included playbooks:

git clone --recursive https://github.com/ansible/ansible-lockdown.git

You can also install the roles individually from Ansible Galaxy.

STIGS

The standards are pulled directly from DISA.

CIS

The standards are pulled directly from CIS.

Contributing

Contributions to Ansible Lockdown and roles referenced here will follow a similar process to the main Ansible project. Fork the repository, make changes, and submit a pull request. Pull requests should not contain any merges or merge conflicts.

Feature requests and bug reports should all be opened on the project page for the individual role, not here.

Current Build Statuses for Security Roles

Standard OS Repo Galaxy Link Status
DISA STIG RHEL 6 GitHub RHEL6-STIG TBD
DISA STIG RHEL 7 GitHub RHEL7-STIG Build Status
CIS RHEL 7 GitHub RHEL7-CIS Build Status
DISA STIG Windows Server 2012 DC GitHub TBD TBD
DISA STIG Windows Server 2012 MS GitHub TBD TBD
DISA STIG Windows Server 2008R2 MS GitHub TBD TBD