├── .gitignore ├── LICENSE ├── README.md ├── docs ├── controls_list.md └── controls_list_win.md ├── galaxy.yml ├── meta └── runtime.yml └── roles └── cis_security ├── README.md ├── defaults └── main.yml ├── files ├── banner ├── duplicate_groups.sh ├── duplicate_guids.sh ├── duplicate_uids.sh ├── duplicate_users.sh ├── issue ├── non_existant_homedirs.sh ├── path_check.sh ├── rsyslog.conf └── undefined_groups.sh ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── CIS-CentOS-7.yml ├── CIS-CentOS-8.yml ├── CIS-Fedora-31.yml ├── CIS-Fedora-32.yml ├── CIS-Microsoft Windows 10 Pro.yml ├── CIS-Oracle-7.yml ├── CIS-OracleLinux-8.yml ├── CIS-RedHat-7.yml ├── CIS-RedHat-8.yml ├── CIS-RedHat-9.yml ├── CIS-SLES-15.yml ├── CIS-Ubuntu-18.yml ├── CIS-Ubuntu-20.yml ├── CIS-Ubuntu-22.yml ├── main.yml └── type-files │ ├── MS-Server-type.yml │ ├── SLES-addons.yml │ ├── redhat-7-type.yml │ ├── redhat-8-type.yml │ ├── redhat-9-type.yml │ ├── ubuntu-18-type.yml │ └── ubuntu-22-type.yml ├── templates ├── aidecheck.service ├── aidecheck.timer ├── audit_rules │ ├── MAC-policy.rules │ ├── bad-file-access.rules │ ├── chacl.rules │ ├── chcon.rules │ ├── dac.rules │ ├── datetime.rules │ ├── delete.rules │ ├── file-system-mounts.rules │ ├── login.rules │ ├── modules.rules │ ├── network.rules │ ├── sessions.rules │ ├── setfacl.rules │ ├── sudolog.rules │ ├── user-group-info.rules │ ├── user_emulation.rules │ └── usermod.rules ├── chrony.conf ├── chronyd ├── chronyd.ubuntu ├── ntp.conf ├── ntpd └── timesyncd.conf └── vars └── main.yml /.gitignore: -------------------------------------------------------------------------------- 1 | vault* 2 | *.retry 3 | *.gz 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/README.md -------------------------------------------------------------------------------- /docs/controls_list.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/docs/controls_list.md -------------------------------------------------------------------------------- /docs/controls_list_win.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/docs/controls_list_win.md -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/galaxy.yml -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | requires_ansible: ">2.9" 2 | -------------------------------------------------------------------------------- /roles/cis_security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/README.md -------------------------------------------------------------------------------- /roles/cis_security/defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/defaults/main.yml -------------------------------------------------------------------------------- /roles/cis_security/files/banner: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/banner -------------------------------------------------------------------------------- /roles/cis_security/files/duplicate_groups.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/duplicate_groups.sh -------------------------------------------------------------------------------- /roles/cis_security/files/duplicate_guids.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/duplicate_guids.sh -------------------------------------------------------------------------------- /roles/cis_security/files/duplicate_uids.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/duplicate_uids.sh -------------------------------------------------------------------------------- /roles/cis_security/files/duplicate_users.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/duplicate_users.sh -------------------------------------------------------------------------------- /roles/cis_security/files/issue: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/issue -------------------------------------------------------------------------------- /roles/cis_security/files/non_existant_homedirs.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/non_existant_homedirs.sh -------------------------------------------------------------------------------- /roles/cis_security/files/path_check.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/path_check.sh -------------------------------------------------------------------------------- /roles/cis_security/files/rsyslog.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/rsyslog.conf -------------------------------------------------------------------------------- /roles/cis_security/files/undefined_groups.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/files/undefined_groups.sh -------------------------------------------------------------------------------- /roles/cis_security/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/handlers/main.yml -------------------------------------------------------------------------------- /roles/cis_security/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/meta/main.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-CentOS-7.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-CentOS-7.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-CentOS-8.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-CentOS-8.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Fedora-31.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Fedora-31.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Fedora-32.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Fedora-32.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Microsoft Windows 10 Pro.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Microsoft Windows 10 Pro.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Oracle-7.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Oracle-7.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-OracleLinux-8.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-OracleLinux-8.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-RedHat-7.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-RedHat-7.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-RedHat-8.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-RedHat-8.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-RedHat-9.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-RedHat-9.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-SLES-15.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-SLES-15.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Ubuntu-18.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Ubuntu-18.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Ubuntu-20.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Ubuntu-20.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/CIS-Ubuntu-22.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/CIS-Ubuntu-22.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/main.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/MS-Server-type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/MS-Server-type.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/SLES-addons.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/SLES-addons.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/redhat-7-type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/redhat-7-type.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/redhat-8-type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/redhat-8-type.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/redhat-9-type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/redhat-9-type.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/ubuntu-18-type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/ubuntu-18-type.yml -------------------------------------------------------------------------------- /roles/cis_security/tasks/type-files/ubuntu-22-type.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/tasks/type-files/ubuntu-22-type.yml -------------------------------------------------------------------------------- /roles/cis_security/templates/aidecheck.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/aidecheck.service -------------------------------------------------------------------------------- /roles/cis_security/templates/aidecheck.timer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/aidecheck.timer -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/MAC-policy.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/MAC-policy.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/bad-file-access.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/bad-file-access.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/chacl.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/chacl.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/chcon.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/chcon.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/dac.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/dac.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/datetime.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/datetime.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/delete.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/delete.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/file-system-mounts.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/file-system-mounts.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/login.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/login.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/modules.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/modules.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/network.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/network.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/sessions.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/sessions.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/setfacl.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/setfacl.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/sudolog.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/sudolog.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/user-group-info.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/user-group-info.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/user_emulation.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/user_emulation.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/audit_rules/usermod.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/audit_rules/usermod.rules -------------------------------------------------------------------------------- /roles/cis_security/templates/chrony.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/chrony.conf -------------------------------------------------------------------------------- /roles/cis_security/templates/chronyd: -------------------------------------------------------------------------------- 1 | OPTIONS="-u chrony" -------------------------------------------------------------------------------- /roles/cis_security/templates/chronyd.ubuntu: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/chronyd.ubuntu -------------------------------------------------------------------------------- /roles/cis_security/templates/ntp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/ntp.conf -------------------------------------------------------------------------------- /roles/cis_security/templates/ntpd: -------------------------------------------------------------------------------- 1 | OPTIONS="-u ntp:ntp" -------------------------------------------------------------------------------- /roles/cis_security/templates/timesyncd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsglaser/cis-security/HEAD/roles/cis_security/templates/timesyncd.conf -------------------------------------------------------------------------------- /roles/cis_security/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for cis-security 3 | --------------------------------------------------------------------------------