Example Ansible Hardening
Demonstrates the use of the hardening roles via Ansible to increase the security of your server. It also captures the best practice for using multiple hardening modules.
Once the servers are hardened, we verify the their compliance status via InSpec
This playbook installs the following roles on your server:
Install Ansible on your workstation.
Simply install the roles with ansible-galaxy and run the following playbooks against your linux hosts.
# download the roles with ansible-galaxy ansible-galaxy install dev-sec.os-hardening ansible-galaxy install dev-sec.ssh-hardening
Create a playbook:
--- - hosts: all roles: - dev-sec.os-hardening - dev-sec.ssh-hardening
Run the play:
Usage with Test-Kitchen
First install test-kitchen:
gem install bundler bundle install
Start the virtual machine and run the playbooks:
bundle exec kitchen converge
Verify with inspec tests
bundle exec kitchen verify
Usage with Vagrant
Just fire up vagrant:
That's it. Enjoy testing your box via:
vagrant ssh ubuntu-trusty