Ansible-Lockdown
Intro
Ansible-Lockdown is a collaborative effort between Ansible and our IT Security partner MindPoint Group to provide you with thorough, vetted, and trusted security roles that you can integrate with any of your existing playbooks or as the building blocks for completely new playbooks.
The initial effort is for the development of roles centered around STIG and CIS benchmark baselines. Based on community feedback we'll then proceed with other security guidelines for additional operating systems and applications.
This repository in particular is intended to serve as a centralized repository utilizing submodules that point to all security-role repositories that are jointly maintained Ansible and MindPoint Group.
Instructions
In order to use the roles you should first ensure that you have Ansible installed. You can then download the roles in their entirety through git by following the appropriate links in the table or you can leverage ansible-galaxy.
STIGS
The standards are pulled directly from DISA.
CIS
The standards are pulled directly from CIS.
Contributing
Contributions to ansible-lockdown and STIG roles will follow a similar process to the main Ansible project. Fork the repository, make changes, and submit a pull-request. Pull-request should not contain any merges or merge-conflicts.
Feature request, bug reports, etc, should all be opened as GitHub tickets. An ansible-lockdown mailing list is in the works.
Current Build Statuses For Security Roles
| Standard | OS | Repo | Galaxy Link | Status |
|---|---|---|---|---|
| DISA STIG | RedHat 6.* | Repo | Galaxy |
Note: A green badge represents a successful build which consists of:
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent