├── .github ├── FUNDING.yml └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── .travis.yml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── _config.yml ├── defaults └── main.yml ├── examples ├── examples.md ├── host └── run.yaml ├── files ├── 1_1_22.sh ├── 1_4_1.txt ├── 3_1_2.sh ├── 3_1_2_disable.sh ├── 3_2_2.sh ├── 3_2_2_2.sh ├── 4_1_11.sh ├── 6_1_1.sh ├── 6_2_10.sh ├── 6_2_11.sh ├── 6_2_12.sh ├── 6_2_12_delete_nonexisting.sh ├── 6_2_5.sh ├── 6_2_6.sh ├── 6_2_7.sh ├── 6_2_7_include_folders.sh ├── 6_2_8.sh ├── 6_2_9.sh ├── header.png └── templates │ ├── auditd │ ├── 11-init.rules.j2 │ ├── 99-finalize.rules.j2 │ ├── MAC-policy.rules.j2 │ ├── actions.rules.j2 │ ├── audit.rules.j2 │ ├── delete.rules.j2 │ ├── identity.rules.j2 │ ├── logins.rules.j2 │ ├── modules.rules.j2 │ ├── perm_mod.rules.j2 │ ├── privileged.rules.j2 │ ├── scope.rules.j2 │ ├── session.rules.j2 │ ├── system-locale.rules.j2 │ ├── system_mounts.rules.j2 │ └── time-change.rules.j2 │ ├── chrony.conf.j2 │ ├── etc │ ├── pam-d-su.j2 │ └── su-group-access.j2 │ ├── greeter.dconf-defaults.j2 │ ├── issue.j2 │ ├── issue.net.j2 │ ├── motd.j2 │ ├── ntp.conf.j2 │ └── timesyncd.conf.j2 ├── handlers └── main.yml ├── index.html ├── meta └── main.yml ├── tasks ├── main.yml ├── section_1_Initial_Setup.yaml ├── section_2_Services.yaml ├── section_3_Network_Configuration.yaml ├── section_4_Logging_and_Auditing.yaml ├── section_5_Access_Authentication_and_Authorization.yaml └── section_6_System_Maintenance.yaml ├── tests ├── inventory └── test.yml └── vars └── main.yml /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | env -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/.travis.yml -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/README.md -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/_config.yml -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/defaults/main.yml -------------------------------------------------------------------------------- /examples/examples.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/examples/examples.md -------------------------------------------------------------------------------- /examples/host: -------------------------------------------------------------------------------- 1 | [host1] 2 | 172.16.186.129 3 | -------------------------------------------------------------------------------- /examples/run.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/examples/run.yaml -------------------------------------------------------------------------------- /files/1_1_22.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/1_1_22.sh -------------------------------------------------------------------------------- /files/1_4_1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/1_4_1.txt -------------------------------------------------------------------------------- /files/3_1_2.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/3_1_2.sh -------------------------------------------------------------------------------- /files/3_1_2_disable.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/3_1_2_disable.sh -------------------------------------------------------------------------------- /files/3_2_2.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/3_2_2.sh -------------------------------------------------------------------------------- /files/3_2_2_2.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/3_2_2_2.sh -------------------------------------------------------------------------------- /files/4_1_11.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/4_1_11.sh -------------------------------------------------------------------------------- /files/6_1_1.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_1_1.sh -------------------------------------------------------------------------------- /files/6_2_10.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_10.sh -------------------------------------------------------------------------------- /files/6_2_11.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_11.sh -------------------------------------------------------------------------------- /files/6_2_12.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_12.sh -------------------------------------------------------------------------------- /files/6_2_12_delete_nonexisting.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_12_delete_nonexisting.sh -------------------------------------------------------------------------------- /files/6_2_5.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_5.sh -------------------------------------------------------------------------------- /files/6_2_6.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_6.sh -------------------------------------------------------------------------------- /files/6_2_7.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_7.sh -------------------------------------------------------------------------------- /files/6_2_7_include_folders.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_7_include_folders.sh -------------------------------------------------------------------------------- /files/6_2_8.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_8.sh -------------------------------------------------------------------------------- /files/6_2_9.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/6_2_9.sh -------------------------------------------------------------------------------- /files/header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/header.png -------------------------------------------------------------------------------- /files/templates/auditd/11-init.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/11-init.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/99-finalize.rules.j2: -------------------------------------------------------------------------------- 1 | -e 2 2 | -------------------------------------------------------------------------------- /files/templates/auditd/MAC-policy.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/MAC-policy.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/actions.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/actions.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/audit.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/audit.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/delete.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/delete.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/identity.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/identity.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/logins.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/logins.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/modules.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/modules.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/perm_mod.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/perm_mod.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/privileged.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/privileged.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/scope.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/scope.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/session.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/session.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/system-locale.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/system-locale.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/system_mounts.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/system_mounts.rules.j2 -------------------------------------------------------------------------------- /files/templates/auditd/time-change.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/auditd/time-change.rules.j2 -------------------------------------------------------------------------------- /files/templates/chrony.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/chrony.conf.j2 -------------------------------------------------------------------------------- /files/templates/etc/pam-d-su.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/etc/pam-d-su.j2 -------------------------------------------------------------------------------- /files/templates/etc/su-group-access.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/etc/su-group-access.j2 -------------------------------------------------------------------------------- /files/templates/greeter.dconf-defaults.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/greeter.dconf-defaults.j2 -------------------------------------------------------------------------------- /files/templates/issue.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/issue.j2 -------------------------------------------------------------------------------- /files/templates/issue.net.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/issue.net.j2 -------------------------------------------------------------------------------- /files/templates/motd.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/motd.j2 -------------------------------------------------------------------------------- /files/templates/ntp.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/ntp.conf.j2 -------------------------------------------------------------------------------- /files/templates/timesyncd.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/files/templates/timesyncd.conf.j2 -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/handlers/main.yml -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/index.html -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/meta/main.yml -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/main.yml -------------------------------------------------------------------------------- /tasks/section_1_Initial_Setup.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/section_1_Initial_Setup.yaml -------------------------------------------------------------------------------- /tasks/section_2_Services.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/section_2_Services.yaml -------------------------------------------------------------------------------- /tasks/section_3_Network_Configuration.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/section_3_Network_Configuration.yaml -------------------------------------------------------------------------------- /tasks/section_4_Logging_and_Auditing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/section_4_Logging_and_Auditing.yaml -------------------------------------------------------------------------------- /tasks/section_5_Access_Authentication_and_Authorization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/section_5_Access_Authentication_and_Authorization.yaml -------------------------------------------------------------------------------- /tasks/section_6_System_Maintenance.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tasks/section_6_System_Maintenance.yaml -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alivx/CIS-Ubuntu-20.04-Ansible/HEAD/tests/test.yml -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for Auto-CIS-Ubuntu-Linux-20.04-LTS-Remediation --------------------------------------------------------------------------------