This ansible content will configure an Amazon Linux 2 optimized for EKS to be GSA complaint.
This code is based on the GSA GSA Amazon Linux Security Benchmark.
Code for the GSA EKS Benchmark will be coming soon.
ISE provides a maintained and hardened AWS EKS AMI. More information about usage can be found here.
You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.
There are many role variables defined in defaults/main.yml.
- Enable IPv6 settings
- Enable iptables
- Enable auditing with rsyslog.
- Lock users inactive for over 30 days.
- Install and configure AIDE
- Install and configure NTP
- Configure the /etc/group wheel configurations
Other settings and services are listed. Please review to ensure they meet your organizational requirements.
For a complete list of settings that are configured, need to be configured, or are known false positives, please refer to the following documentation. Note this requires a GSA account to view.
Ansible >= 2.7
---
- name: Harden Server
hosts: all
become: yes
roles:
- ansible-os-amazon-linux2-eks
ansible-playbook playbook.yml --connection=local
BSD.