Ansible-Lockdown is a collaborative effort between Ansible and our IT Security partner MindPoint Group to provide you with thorough, vetted, and trusted security roles that you can integrate with any of your existing playbooks or as the building blocks for completely new playbooks.
The initial effort is for the development of roles centered around STIG and CIS benchmark baselines. Based on community feedback we'll then proceed with other security guidelines for additional operating systems and applications.
This repository in particular is intended to serve as a centralized repository utilizing submodules that point to all security-role repositories that are jointly maintained Ansible and MindPoint Group.
Most of the communication around the project happens on the mailing list which can be accessed and subscribed to here: https://groups.google.com/forum/#!forum/ansible-lockdown
In order to use the roles you should first ensure that you have Ansible installed. You can then download the roles in their entirety through git by following the appropriate links in the table or you can leverage ansible-galaxy.
The standards are pulled directly from DISA.
The standards are pulled directly from CIS.
Contributions to ansible-lockdown and STIG roles will follow a similar process to the main Ansible project. Fork the repository, make changes, and submit a pull-request. Pull-request should not contain any merges or merge-conflicts.
Feature request, bug reports, etc, should all be opened as GitHub tickets. An ansible-lockdown mailing list is in the works.
| Standard | OS | Repo | Galaxy Link | Status |
|---|---|---|---|---|
| DISA STIG | RedHat 6.* | Repo | Galaxy | |
| DISA STIG | RedHat 7.* | Repo | TBD | TBD |
Note: A green badge represents a successful build which consists of: