GithubHelp home page GithubHelp logo

cis_redhat's Introduction

Ansible + CIS Benchmarks + RHEL/CentOS 6

Build Status

This is an ansible playbook for automatically applying CIS Security Benchmarks to a system running Red Hat Enterprise Linux 6 or CentOS 6.

RHEL 7 and CentOS 7 bencharks are coming soon.

What are these benchmarks?

The Center for Internet Security publishes security benchmarks for various systems. Refer to the CIS site as the authoritative site for anything regarding these benchmarks. You can join their community and contribute to the security benchmarks project.

Please be aware that I'm not affiliated with CIS in any way and the data in this repository has absolutely no relation to CIS.

What does this playbook do?

The playbook will attempt to configure your system to meet as many of the CIS security benchmarks as possible. Any benchmarks marked as "not scored" or benchmarks that are only checks will be skipped.

For full details and caveats, refer to the notes.

How do I run it?

WAIT! DANGER!

http://media.giphy.com/media/7U1XfwZ94okRW/giphy.gif

Don't run this blindly on an actively running system. The playbook will make serious modifications to your system that could affect its availability.

Basic operation

Perform a dry run first:

ansible-playbook -i hosts -C playbook.yml

If you're really really ready to apply changes, run it in regular mode:

ansible-playbook -i hosts playbook.yml

Advanced options

Tags are available for running a section at a time:

# Test only items from section 4
ansible-playbook -i hosts -C playbook.yml -t section4

# Apply changes only from items in section 4, 5, and 6
ansible-playbook -i hosts playbook.yml -t section4,section5,section6

The checks are also broken up into Level 1 and Level 2 checks:

  • Level 1: Good security improvements with less effects on production workloads
  • Level 2: Strong security improvements with greater effects on production workloads

Running checks for a particular level is easy:

ansible-playbook -i hosts playbook.yml -t level1
ansible-playbook -i hosts playbook.yml -t level2

How is this playbook licensed?

It's licensed under the Apache License 2.0. The quick summary is:

A license that allows you much freedom with the software, including an explicit right to a patent. “State changes” means that you have to include a notice in each file you modified.

Something doesn't work. You're awful at ansible playbooks.

Pull requests and GitHub issues are welcome!

-- Major

cis_redhat's People

Contributors

unmilb avatar

Watchers

James Cloos avatar Ankur Jha avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.