Skip to content
Quick and basic hardening for a RHEL or CenOS 7 instance
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Apply a series of STIG-suggested hardening rules to an instance.

WARNING: This will make modifications to system configuration files

Use or apply only to test systems.

Role to apply some simple hardening configurations

The Security Content Automation Protocol (SCAP) is a U.S. standard maintained by the National Institute of Standards and Technology (NIST). SCAP provides a specification for system for vulnerability detetection and remediation.

SCAP supports the process of FISMA Compliance, and the National Vulnerability Database (NVD) is the U.S. government content repository for SCAP.

This role applies basic configuration updates for Kernel networking and the Audit, SSH and Firewall daemons to satisfy a number of STIG rules that fail out-of-the-box for Red Hat Enterprise and CentOS GNU/Linux version 7 distributions.

Test usage

See the govready ansible role.

To apply these rules to your server

Example simple-harden.yml:

- name: Harden all servers
  hosts: servers
    - { role: CivicActions.simple-harden, become: true }

Run command:

ansible-playbook -i inventory simple-harden.yml
You can’t perform that action at this time.