├── .gitignore ├── .travis.yml ├── .yamllint ├── LICENSE ├── Makefile ├── README.md ├── defaults └── main.yml ├── files └── etc │ └── systemd │ └── system │ └── tmp.mount ├── handlers └── main.yml ├── library └── grub_crypt.py ├── meta └── main.yml ├── molecule └── default │ ├── Dockerfile.j2 │ ├── INSTALL.rst │ ├── create.yml │ ├── destroy.yml │ ├── molecule.yml │ ├── playbook.yml │ ├── prepare.yml │ └── tests │ ├── test_default.py │ └── test_default.pyc ├── requirements.txt ├── tasks ├── main.yml ├── post.yml ├── prelim.yml ├── section1.yml ├── section2.yml ├── section3.yml ├── section4.yml ├── section5.yml └── section6.yml ├── templates ├── audit │ ├── ubuntu1604cis_rule_4_1_10.rules.j2 │ ├── ubuntu1604cis_rule_4_1_11.rules.j2 │ ├── ubuntu1604cis_rule_4_1_12.rules.j2 │ ├── ubuntu1604cis_rule_4_1_13.rules.j2 │ ├── ubuntu1604cis_rule_4_1_14.rules.j2 │ ├── ubuntu1604cis_rule_4_1_15.rules.j2 │ ├── ubuntu1604cis_rule_4_1_16.rules.j2 │ ├── ubuntu1604cis_rule_4_1_17.rules.j2 │ ├── ubuntu1604cis_rule_4_1_18.rules.j2 │ ├── ubuntu1604cis_rule_4_1_4.rules.j2 │ ├── ubuntu1604cis_rule_4_1_5.rules.j2 │ ├── ubuntu1604cis_rule_4_1_6.rules.j2 │ ├── ubuntu1604cis_rule_4_1_7.rules.j2 │ ├── ubuntu1604cis_rule_4_1_8.rules.j2 │ └── ubuntu1604cis_rule_4_1_9.rules.j2 ├── chrony.conf.j2 ├── etc │ ├── issue.j2 │ ├── issue.net.j2 │ └── motd.j2 ├── hosts.allow.j2 └── ntp.conf.j2 └── vars └── main.yml /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/.gitignore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/.travis.yml -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/.yamllint -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/README.md -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/defaults/main.yml -------------------------------------------------------------------------------- /files/etc/systemd/system/tmp.mount: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/files/etc/systemd/system/tmp.mount -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/handlers/main.yml -------------------------------------------------------------------------------- /library/grub_crypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/library/grub_crypt.py -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/meta/main.yml -------------------------------------------------------------------------------- /molecule/default/Dockerfile.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/Dockerfile.j2 -------------------------------------------------------------------------------- /molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/INSTALL.rst -------------------------------------------------------------------------------- /molecule/default/create.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/create.yml -------------------------------------------------------------------------------- /molecule/default/destroy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/destroy.yml -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/molecule.yml -------------------------------------------------------------------------------- /molecule/default/playbook.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/playbook.yml -------------------------------------------------------------------------------- /molecule/default/prepare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/prepare.yml -------------------------------------------------------------------------------- /molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/tests/test_default.py -------------------------------------------------------------------------------- /molecule/default/tests/test_default.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/molecule/default/tests/test_default.pyc -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/requirements.txt -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/main.yml -------------------------------------------------------------------------------- /tasks/post.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/post.yml -------------------------------------------------------------------------------- /tasks/prelim.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/prelim.yml -------------------------------------------------------------------------------- /tasks/section1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/section1.yml -------------------------------------------------------------------------------- /tasks/section2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/section2.yml -------------------------------------------------------------------------------- /tasks/section3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/section3.yml -------------------------------------------------------------------------------- /tasks/section4.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/section4.yml -------------------------------------------------------------------------------- /tasks/section5.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/section5.yml -------------------------------------------------------------------------------- /tasks/section6.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/tasks/section6.yml -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_10.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_10.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_11.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_11.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_12.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_12.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_13.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_13.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_14.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_14.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_15.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_15.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_16.rules.j2: -------------------------------------------------------------------------------- 1 | -w /var/log/sudo.log -p wa -k actions 2 | -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_17.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_17.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_18.rules.j2: -------------------------------------------------------------------------------- 1 | -e 2 2 | -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_4.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_4.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_5.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_5.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_6.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_6.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_7.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_7.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_8.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_8.rules.j2 -------------------------------------------------------------------------------- /templates/audit/ubuntu1604cis_rule_4_1_9.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/audit/ubuntu1604cis_rule_4_1_9.rules.j2 -------------------------------------------------------------------------------- /templates/chrony.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/chrony.conf.j2 -------------------------------------------------------------------------------- /templates/etc/issue.j2: -------------------------------------------------------------------------------- 1 | {{ ubuntu1604cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/issue.net.j2: -------------------------------------------------------------------------------- 1 | {{ ubuntu1604cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/etc/motd.j2: -------------------------------------------------------------------------------- 1 | {{ ubuntu1604cis_warning_banner }} 2 | -------------------------------------------------------------------------------- /templates/hosts.allow.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/hosts.allow.j2 -------------------------------------------------------------------------------- /templates/ntp.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/florianutz/Ubuntu1604-CIS/HEAD/templates/ntp.conf.j2 -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for Ubuntu1604-CIS 3 | --------------------------------------------------------------------------------