ansible-role-rhel-hardening
Overview:
- A collection of NIST ansible playbok to meet specific security requirements.
Usage:
- A playbook is selected by setting the policy variable
---
policy: 800-171
Possible selections are the following
-
stig-rhel7-disa
- This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux V1R4.
- Not applicable to CentOS Linux, included for reference only
- This profile contains configuration checks that align to the DISA STIG for Red Hat Enterprise Linux V1R4.
-
standard
- This profile contains rules to ensure standard security baseline of a Red Hat Enterprise Linux 7 system. Regardless of your system's workload all of these checks should pass.
-
rht-ccp
- This profile contains the minimum security relevant configuration settings recommended by Red Hat, Inc for Red Hat Enterprise Linux 7 instances deployed by Red Hat Certified Cloud Providers.
-
pci-dss
- Ensures PCI-DSS v3 related security configuration settings are applied.
-
ospp42
- This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2).
-
ospp
- This baseline implements configuration requirements from the following
- sources:
- Committee on National Security Systems Instruction No. 1253 (CNSSI 1253)
- NIST Controlled Unclassified Information (NIST 800-171)
- NIST 800-53 control selections for MODERATE impact systems (NIST 800-53)
- U.S. Government Configuration Baseline (USGCB)
- NIAP Protection Profile for General Purpose Operating Systems v4.0 (OSPP v4.0)
- DISA Operating System Security Requirements Guide (OS SRG)
-
nist-800-171
- This profile configures Red Hat Enterprise Linux 7 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI).
-
hipaa
- This profile configures Red Hat Enterprise Linux 7 to the HIPAA Security Rule identified for securing of electronic protected health information.
-
cjis
- This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy can be found at the CJIS Security
-
c2s
- This profile demonstrates compliance against the U.S. Government Commercial Cloud Services (C2S) baseline. This baseline was inspired by the Center for Internet Security (CIS) Red Hat Enterprise Linux 7 Benchmark, v2.1.1 - 01-31-2017.
Sample playbook
---
- hosts: localhost
tasks:
- include_role:
name: ansible-role-rhel-hardening
ignore_errors: yes