├── .aar_doc.yml ├── .config └── ansible-lint.yml ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ └── feature_request.yml ├── labeler.yml ├── version-drafter.yml └── workflows │ ├── ansible-lint.yml │ ├── codespell.yml │ ├── enforce-labels.yml │ ├── galaxy-publish.yml │ ├── mysql_hardening.yml │ ├── nginx_hardening.yml │ ├── os_hardening.yml │ ├── os_hardening_vm.yml │ ├── prettier-md.yml │ ├── release.yml │ ├── roles-readme.yml │ ├── ssh_hardening.yml │ ├── ssh_hardening_bsd.yml │ └── ssh_hardening_custom_tests.yml ├── .gitignore ├── .gitmodules ├── .prettierignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE ├── OS_HARDENING_CHANGELOG.md ├── README.md ├── galaxy.yml ├── meta └── runtime.yml ├── molecule ├── mysql_hardening │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ ├── prepare_tasks │ │ └── mysql_users.yml │ ├── requirements.yml │ ├── verify.yml │ └── verify_tasks │ │ ├── mysql_users.yml │ │ └── service.yml ├── nginx_hardening │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── official-nginx-role-debian.yml │ ├── official-nginx-role-redhat.yml │ ├── prepare.yml │ ├── requirements.yml │ └── verify.yml ├── os_hardening │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ ├── prepare_tasks │ │ ├── ignore_home_folders.yml │ │ ├── netrc.yml │ │ ├── pw_ageing.yml │ │ ├── sys_account_shell.yml │ │ └── yum.yml │ ├── verify.yml │ ├── verify_tasks │ │ ├── ignore_home_folders.yml │ │ ├── netrc.yml │ │ ├── pam.yml │ │ ├── pw_ageing.yml │ │ ├── ssh_auth_locked.yml │ │ ├── sys_account_shell.yml │ │ └── yum.yml │ └── waivers.yaml ├── os_hardening_vm │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ ├── prepare_tasks │ │ └── yum.yml │ ├── requirements.yml │ ├── verify.yml │ └── verify_tasks │ │ ├── pam.yml │ │ └── yum.yml ├── shared │ └── prerequisites.yml ├── ssh_hardening │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ └── verify.yml ├── ssh_hardening_bsd │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ ├── prepare.yml │ ├── verify.yml │ ├── waivers_freebsd13.yaml │ ├── waivers_freebsd14.yaml │ └── waivers_openbsd7.yaml └── ssh_hardening_custom_tests │ ├── INSTALL.rst │ ├── converge.yml │ ├── molecule.yml │ └── prepare.yml ├── renovate.json ├── requirements-vm.txt ├── requirements.txt └── roles ├── mysql_hardening ├── CHANGELOG.md ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ ├── argument_specs.yml │ └── main.yml ├── tasks │ ├── configure.yml │ ├── main.yml │ └── mysql_secure_installation.yml ├── templates │ ├── hardening.cnf.j2 │ └── my.cnf.j2 └── vars │ ├── Debian.yml │ ├── Fedora.yml │ ├── FreeBSD.yml │ ├── Oracle Linux.yml │ ├── RedHat.yml │ ├── Suse.yml │ ├── Ubuntu.yml │ └── main.yml ├── nginx_hardening ├── CHANGELOG.md ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ ├── argument_specs.yml │ └── main.yml ├── tasks │ └── main.yml └── templates │ └── hardening.conf.j2 ├── os_hardening ├── CHANGELOG.md ├── README.md ├── defaults │ └── main.yml ├── handlers │ └── main.yml ├── meta │ ├── argument_specs.yml │ └── main.yml ├── tasks │ ├── apt.yml │ ├── auditd.yml │ ├── cron.yml │ ├── ctrlaltdel.yml │ ├── hardening.yml │ ├── limits.yml │ ├── login_defs.yml │ ├── main.yml │ ├── minimize_access.yml │ ├── minimize_access_fs.yml │ ├── modprobe.yml │ ├── netrc.yml │ ├── pam.yml │ ├── pam_debian.yml │ ├── pam_rhel.yml │ ├── profile.yml │ ├── rhosts.yml │ ├── securetty.yml │ ├── selinux.yml │ ├── suid_sgid.yml │ ├── sysctl.yml │ ├── user_accounts.yml │ └── yum.yml ├── templates │ ├── etc │ │ ├── audit │ │ │ └── auditd.conf.j2 │ │ ├── default │ │ │ └── ufw.j2 │ │ ├── libuser.conf.j2 │ │ ├── login.defs.j2 │ │ ├── modprobe.d │ │ │ └── modprobe.j2 │ │ ├── pam.d │ │ │ └── rhel_auth.j2 │ │ ├── profile.d │ │ │ ├── profile.conf.j2 │ │ │ └── tmout.sh.j2 │ │ ├── securetty.j2 │ │ ├── security │ │ │ └── faillock.conf.j2 │ │ ├── sysconfig │ │ │ └── rhel_sysconfig_init.j2 │ │ └── systemd │ │ │ └── coredump.conf.d │ │ │ └── coredumps.conf.j2 │ └── usr │ │ └── share │ │ └── pam-configs │ │ ├── pam_faillock.j2 │ │ ├── pam_faillock_authfail.j2 │ │ ├── pam_passwdqc.j2 │ │ └── pam_tally2.j2 └── vars │ ├── Amazon.yml │ ├── Archlinux.yml │ ├── Debian.yml │ ├── Fedora.yml │ ├── RedHat.yml │ ├── Suse.yml │ ├── Ubuntu.yml │ └── main.yml └── ssh_hardening ├── CHANGELOG.md ├── README.md ├── defaults └── main.yml ├── files ├── ssh_password └── sshd ├── handlers └── main.yml ├── meta ├── argument_specs.yml └── main.yml ├── tasks ├── ca_keys_and_principals.yml ├── crypto_ciphers.yml ├── crypto_hostkeys.yml ├── crypto_kex.yml ├── crypto_macs.yml ├── disable-systemd-socket.yml ├── hardening.yml ├── install.yml ├── main.yml └── selinux.yml ├── templates ├── authorized_principals.j2 ├── openssh.conf.j2 ├── opensshd.conf.j2 ├── revoked_keys.j2 └── trusted_user_ca_keys.j2 └── vars ├── Alpine.yml ├── Amazon_2.yml ├── Archlinux.yml ├── Debian.yml ├── Fedora.yml ├── Fedora_37.yml ├── FreeBSD.yml ├── OpenBSD.yml ├── RedHat.yml ├── RedHat_10.yml ├── RedHat_9.yml ├── SmartOS.yml ├── Suse.yml └── main.yml /.aar_doc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.aar_doc.yml -------------------------------------------------------------------------------- /.config/ansible-lint.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.config/ansible-lint.yml -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/ISSUE_TEMPLATE/bug_report.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/ISSUE_TEMPLATE/feature_request.yml -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/labeler.yml -------------------------------------------------------------------------------- /.github/version-drafter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/version-drafter.yml -------------------------------------------------------------------------------- /.github/workflows/ansible-lint.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/ansible-lint.yml -------------------------------------------------------------------------------- /.github/workflows/codespell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/codespell.yml -------------------------------------------------------------------------------- /.github/workflows/enforce-labels.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/enforce-labels.yml -------------------------------------------------------------------------------- /.github/workflows/galaxy-publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/galaxy-publish.yml -------------------------------------------------------------------------------- /.github/workflows/mysql_hardening.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/mysql_hardening.yml -------------------------------------------------------------------------------- /.github/workflows/nginx_hardening.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/nginx_hardening.yml -------------------------------------------------------------------------------- /.github/workflows/os_hardening.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/os_hardening.yml -------------------------------------------------------------------------------- /.github/workflows/os_hardening_vm.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/os_hardening_vm.yml -------------------------------------------------------------------------------- /.github/workflows/prettier-md.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/prettier-md.yml -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.github/workflows/roles-readme.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/roles-readme.yml -------------------------------------------------------------------------------- /.github/workflows/ssh_hardening.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/ssh_hardening.yml -------------------------------------------------------------------------------- /.github/workflows/ssh_hardening_bsd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/ssh_hardening_bsd.yml -------------------------------------------------------------------------------- /.github/workflows/ssh_hardening_custom_tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.github/workflows/ssh_hardening_custom_tests.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .kitchen 2 | hosts 3 | Gemfile.lock 4 | .venv -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/.gitmodules -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | CHANGELOG.md 2 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/LICENSE -------------------------------------------------------------------------------- /OS_HARDENING_CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/OS_HARDENING_CHANGELOG.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/README.md -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/galaxy.yml -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: ">=2.9.10" 3 | -------------------------------------------------------------------------------- /molecule/mysql_hardening/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/INSTALL.rst -------------------------------------------------------------------------------- /molecule/mysql_hardening/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/converge.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/molecule.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/prepare.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/prepare_tasks/mysql_users.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/prepare_tasks/mysql_users.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/requirements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/requirements.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/verify.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/verify_tasks/mysql_users.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/verify_tasks/mysql_users.yml -------------------------------------------------------------------------------- /molecule/mysql_hardening/verify_tasks/service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/mysql_hardening/verify_tasks/service.yml -------------------------------------------------------------------------------- /molecule/nginx_hardening/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/INSTALL.rst -------------------------------------------------------------------------------- /molecule/nginx_hardening/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/converge.yml -------------------------------------------------------------------------------- /molecule/nginx_hardening/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/molecule.yml -------------------------------------------------------------------------------- /molecule/nginx_hardening/official-nginx-role-debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/official-nginx-role-debian.yml -------------------------------------------------------------------------------- /molecule/nginx_hardening/official-nginx-role-redhat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/official-nginx-role-redhat.yml -------------------------------------------------------------------------------- /molecule/nginx_hardening/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/prepare.yml -------------------------------------------------------------------------------- /molecule/nginx_hardening/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | roles: 3 | - name: geerlingguy.nginx 4 | -------------------------------------------------------------------------------- /molecule/nginx_hardening/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/nginx_hardening/verify.yml -------------------------------------------------------------------------------- /molecule/os_hardening/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/INSTALL.rst -------------------------------------------------------------------------------- /molecule/os_hardening/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/converge.yml -------------------------------------------------------------------------------- /molecule/os_hardening/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/molecule.yml -------------------------------------------------------------------------------- /molecule/os_hardening/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/prepare.yml -------------------------------------------------------------------------------- /molecule/os_hardening/prepare_tasks/ignore_home_folders.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/prepare_tasks/ignore_home_folders.yml -------------------------------------------------------------------------------- /molecule/os_hardening/prepare_tasks/netrc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/prepare_tasks/netrc.yml -------------------------------------------------------------------------------- /molecule/os_hardening/prepare_tasks/pw_ageing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/prepare_tasks/pw_ageing.yml -------------------------------------------------------------------------------- /molecule/os_hardening/prepare_tasks/sys_account_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/prepare_tasks/sys_account_shell.yml -------------------------------------------------------------------------------- /molecule/os_hardening/prepare_tasks/yum.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/prepare_tasks/yum.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/ignore_home_folders.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/ignore_home_folders.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/netrc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/netrc.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/pam.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/pam.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/pw_ageing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/pw_ageing.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/ssh_auth_locked.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/ssh_auth_locked.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/sys_account_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/sys_account_shell.yml -------------------------------------------------------------------------------- /molecule/os_hardening/verify_tasks/yum.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/verify_tasks/yum.yml -------------------------------------------------------------------------------- /molecule/os_hardening/waivers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening/waivers.yaml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/INSTALL.rst -------------------------------------------------------------------------------- /molecule/os_hardening_vm/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/converge.yml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/molecule.yml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/prepare.yml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/prepare_tasks/yum.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/prepare_tasks/yum.yml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | roles: 3 | - name: geerlingguy.git 4 | -------------------------------------------------------------------------------- /molecule/os_hardening_vm/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/verify.yml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/verify_tasks/pam.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/verify_tasks/pam.yml -------------------------------------------------------------------------------- /molecule/os_hardening_vm/verify_tasks/yum.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/os_hardening_vm/verify_tasks/yum.yml -------------------------------------------------------------------------------- /molecule/shared/prerequisites.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/shared/prerequisites.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening/INSTALL.rst -------------------------------------------------------------------------------- /molecule/ssh_hardening/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening/converge.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening/molecule.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening/prepare.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening/verify.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/INSTALL.rst -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/converge.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/molecule.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/prepare.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/verify.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/verify.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/waivers_freebsd13.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/waivers_freebsd13.yaml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/waivers_freebsd14.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/waivers_freebsd14.yaml -------------------------------------------------------------------------------- /molecule/ssh_hardening_bsd/waivers_openbsd7.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_bsd/waivers_openbsd7.yaml -------------------------------------------------------------------------------- /molecule/ssh_hardening_custom_tests/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_custom_tests/INSTALL.rst -------------------------------------------------------------------------------- /molecule/ssh_hardening_custom_tests/converge.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_custom_tests/converge.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_custom_tests/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_custom_tests/molecule.yml -------------------------------------------------------------------------------- /molecule/ssh_hardening_custom_tests/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/molecule/ssh_hardening_custom_tests/prepare.yml -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/renovate.json -------------------------------------------------------------------------------- /requirements-vm.txt: -------------------------------------------------------------------------------- 1 | molecule-plugins[vagrant]==25.8.12 -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/requirements.txt -------------------------------------------------------------------------------- /roles/mysql_hardening/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/CHANGELOG.md -------------------------------------------------------------------------------- /roles/mysql_hardening/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/README.md -------------------------------------------------------------------------------- /roles/mysql_hardening/defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/defaults/main.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/handlers/main.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/meta/argument_specs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/meta/argument_specs.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/meta/main.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/tasks/configure.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/tasks/configure.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/tasks/main.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/tasks/mysql_secure_installation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/tasks/mysql_secure_installation.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/templates/hardening.cnf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/templates/hardening.cnf.j2 -------------------------------------------------------------------------------- /roles/mysql_hardening/templates/my.cnf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/templates/my.cnf.j2 -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/Debian.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/Fedora.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/Fedora.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/FreeBSD.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/FreeBSD.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/Oracle Linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/Oracle Linux.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/RedHat.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/Suse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/Suse.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/Ubuntu.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/Ubuntu.yml -------------------------------------------------------------------------------- /roles/mysql_hardening/vars/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/mysql_hardening/vars/main.yml -------------------------------------------------------------------------------- /roles/nginx_hardening/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/CHANGELOG.md -------------------------------------------------------------------------------- /roles/nginx_hardening/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/README.md -------------------------------------------------------------------------------- /roles/nginx_hardening/defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/defaults/main.yml -------------------------------------------------------------------------------- /roles/nginx_hardening/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/handlers/main.yml -------------------------------------------------------------------------------- /roles/nginx_hardening/meta/argument_specs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/meta/argument_specs.yml -------------------------------------------------------------------------------- /roles/nginx_hardening/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/meta/main.yml -------------------------------------------------------------------------------- /roles/nginx_hardening/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/tasks/main.yml -------------------------------------------------------------------------------- /roles/nginx_hardening/templates/hardening.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/nginx_hardening/templates/hardening.conf.j2 -------------------------------------------------------------------------------- /roles/os_hardening/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/CHANGELOG.md -------------------------------------------------------------------------------- /roles/os_hardening/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/README.md -------------------------------------------------------------------------------- /roles/os_hardening/defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/defaults/main.yml -------------------------------------------------------------------------------- /roles/os_hardening/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/handlers/main.yml -------------------------------------------------------------------------------- /roles/os_hardening/meta/argument_specs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/meta/argument_specs.yml -------------------------------------------------------------------------------- /roles/os_hardening/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/meta/main.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/apt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/apt.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/auditd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/auditd.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/cron.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/cron.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/ctrlaltdel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/ctrlaltdel.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/hardening.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/hardening.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/limits.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/limits.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/login_defs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/login_defs.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/main.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/minimize_access.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/minimize_access.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/minimize_access_fs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/minimize_access_fs.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/modprobe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/modprobe.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/netrc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/netrc.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/pam.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/pam.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/pam_debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/pam_debian.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/pam_rhel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/pam_rhel.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/profile.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/profile.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/rhosts.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/rhosts.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/securetty.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/securetty.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/selinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/selinux.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/suid_sgid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/suid_sgid.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/sysctl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/sysctl.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/user_accounts.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/user_accounts.yml -------------------------------------------------------------------------------- /roles/os_hardening/tasks/yum.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/tasks/yum.yml -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/audit/auditd.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/audit/auditd.conf.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/default/ufw.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/default/ufw.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/libuser.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/libuser.conf.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/login.defs.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/login.defs.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/modprobe.d/modprobe.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/modprobe.d/modprobe.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/pam.d/rhel_auth.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/profile.d/profile.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/profile.d/profile.conf.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/profile.d/tmout.sh.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/profile.d/tmout.sh.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/securetty.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/securetty.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/security/faillock.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/security/faillock.conf.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/sysconfig/rhel_sysconfig_init.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/etc/sysconfig/rhel_sysconfig_init.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/etc/systemd/coredump.conf.d/coredumps.conf.j2: -------------------------------------------------------------------------------- 1 | [Coredump] 2 | Storage=none 3 | -------------------------------------------------------------------------------- /roles/os_hardening/templates/usr/share/pam-configs/pam_faillock.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/usr/share/pam-configs/pam_faillock.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/usr/share/pam-configs/pam_faillock_authfail.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/usr/share/pam-configs/pam_faillock_authfail.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/usr/share/pam-configs/pam_passwdqc.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/usr/share/pam-configs/pam_passwdqc.j2 -------------------------------------------------------------------------------- /roles/os_hardening/templates/usr/share/pam-configs/pam_tally2.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/templates/usr/share/pam-configs/pam_tally2.j2 -------------------------------------------------------------------------------- /roles/os_hardening/vars/Amazon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/Amazon.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/Archlinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/Archlinux.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/Debian.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/Fedora.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/Fedora.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/RedHat.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/Suse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/Suse.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/Ubuntu.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/Ubuntu.yml -------------------------------------------------------------------------------- /roles/os_hardening/vars/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/os_hardening/vars/main.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/CHANGELOG.md -------------------------------------------------------------------------------- /roles/ssh_hardening/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/README.md -------------------------------------------------------------------------------- /roles/ssh_hardening/defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/defaults/main.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/files/ssh_password: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/files/ssh_password -------------------------------------------------------------------------------- /roles/ssh_hardening/files/sshd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/files/sshd -------------------------------------------------------------------------------- /roles/ssh_hardening/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/handlers/main.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/meta/argument_specs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/meta/argument_specs.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/meta/main.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/ca_keys_and_principals.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/ca_keys_and_principals.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/crypto_ciphers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/crypto_ciphers.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/crypto_hostkeys.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/crypto_hostkeys.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/crypto_kex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/crypto_kex.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/crypto_macs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/crypto_macs.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/disable-systemd-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/disable-systemd-socket.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/hardening.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/hardening.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/install.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/install.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/main.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/tasks/selinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/tasks/selinux.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/templates/authorized_principals.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/templates/authorized_principals.j2 -------------------------------------------------------------------------------- /roles/ssh_hardening/templates/openssh.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/templates/openssh.conf.j2 -------------------------------------------------------------------------------- /roles/ssh_hardening/templates/opensshd.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/templates/opensshd.conf.j2 -------------------------------------------------------------------------------- /roles/ssh_hardening/templates/revoked_keys.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/templates/revoked_keys.j2 -------------------------------------------------------------------------------- /roles/ssh_hardening/templates/trusted_user_ca_keys.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/templates/trusted_user_ca_keys.j2 -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Alpine.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Alpine.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Amazon_2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Amazon_2.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Archlinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Archlinux.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Debian.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Fedora.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Fedora.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Fedora_37.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Fedora_37.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/FreeBSD.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/FreeBSD.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/OpenBSD.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/OpenBSD.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/RedHat.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/RedHat_10.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/RedHat_10.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/RedHat_9.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/RedHat_9.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/SmartOS.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/SmartOS.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/Suse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/Suse.yml -------------------------------------------------------------------------------- /roles/ssh_hardening/vars/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dev-sec/ansible-collection-hardening/HEAD/roles/ssh_hardening/vars/main.yml --------------------------------------------------------------------------------