Ansible Lockdown is a collection of Ansible roles related to security automation. All roles included in this project must meet the contribution guidelines.
Some roles referenced in this project are a collaborative effort between Ansible and our IT Security partner MindPoint Group to provide you with thorough, vetted, and trusted security roles that you can integrate with any of your existing playbooks or as the building blocks for completely new playbooks. Other roles included in this project, while not vetted by MindPoint Group, have been deemed by the maintainers and community to meet the contribution guidelines.
The initial effort is for the development of roles centered around STIG and CIS benchmark baselines. Based on community feedback we'll then proceed with other security guidelines for additional operating systems and applications.
Most of the communication around the project happens on the mailing list. That is best way to stay up to date with what is happening with the project.
In order to use the roles you should first ensure that you have Ansible installed.
To clone the entire project and use the included playbooks:
git clone --recursive https://github.com/ansible/ansible-lockdown.git
You can also install the roles individually from Ansible Galaxy.
The standards are pulled directly from DISA.
The standards are pulled directly from CIS.
Contributions to Ansible Lockdown and roles referenced here will follow a similar process to the main Ansible project. Fork the repository, make changes, and submit a pull request. Pull requests should not contain any merges or merge conflicts.
Feature requests and bug reports should all be opened on the project page for the individual role, not here.
Current Build Statuses for Security Roles
|DISA STIG||RedHat 6.*||Repo||Galaxy|
|DISA STIG||RedHat 7.*||Repo||TBD||TBD|
Note: A green badge represents a successful build which consists of: