├── .ansible-lint ├── .codespellignore ├── .github ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── ISSUE_TEMPLATE │ ├── Bug_report.yml │ ├── Feature_request.yml │ ├── Report_security_issue.yml │ └── config.yml ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml ├── stale.yml └── workflows │ ├── default-bare.yml │ ├── galaxy-release.yml │ ├── lint.yml │ └── stale.yml ├── .gitignore ├── .kitchen.azure.yml ├── .kitchen.docker.yml ├── .kitchen.vagrant.yml ├── .kitchen.yml ├── .pre-commit-config.yaml ├── .yamllint ├── CHANGELOG.md ├── Jenkinsfile ├── LICENSE ├── README.md ├── SECURITY.md ├── defaults └── main.yml ├── files ├── 90_aide_local_classicals ├── 99_aide_local_ansible ├── 99_aide_local_composer ├── 99_aide_local_docker ├── 99_aide_local_ecryptfs ├── 99_aide_local_fail2ban ├── 99_aide_local_gvfs ├── 99_aide_local_netdata ├── 99_aide_local_osquery ├── 99_aide_local_others ├── 99_aide_local_prometheus ├── 99_aide_local_python ├── 99_aide_local_squid ├── 99_aide_local_web ├── apt-10periodic ├── apt-50unattended-upgrades ├── chkrootkit.conf ├── cron.daily-aide-redhat ├── logcheck-local-ignores ├── ntpd ├── patch-logcheck-replace ├── patch-logcheck-replace2 └── patch-logcheck-replace3 ├── get-dependencies.sh ├── handlers └── main.yml ├── meta └── main.yml ├── packer ├── ansible.cfg ├── ansible.sh ├── azure-packer-harden-bionic.json ├── azure-packer-harden-centos7.json ├── cleanup.sh ├── http │ ├── ks.cfg │ └── preseed.cfg ├── packer-harden-bionic.json ├── packer-harden-centos8.json ├── packer-harden-xenial.json └── setup.sh ├── renovate.json ├── role-coverage.ods ├── tasks ├── aide-hids.yml ├── alpine.yml ├── apparmor-audit.yml ├── bash2syslog.yml ├── chkrootkit.yml ├── debian-aide-unprivileged-report.yml ├── debian-apt-source.yml ├── debian-logcheck.yml ├── debian.yml ├── fail2ban.yml ├── grub.yml ├── immutable.yml ├── iptables-ipset-systemd.yml ├── iptables-ipset.yml ├── iptables.yml ├── linux.yml ├── lkrg.yml ├── llmnr-systemd.yml ├── lynis.yml ├── main.yml ├── monit-checkmonitor.yml ├── monit.yml ├── nftables.yml ├── passwd.yml ├── proxy.yml ├── redhat-kpatch.yml ├── redhat.yml ├── restrict_compiler.yml ├── root-forward.yml ├── securetty.yml ├── selinux.yml ├── ssh.yml ├── sshd-certificates.yml ├── sshd.yml ├── sudo.yml ├── testing-check.yml ├── testing-privesc.yml ├── testing-speculative.yml ├── testing.yml ├── timezone.yml ├── travis.yml ├── ubuntu-livepatch.yml ├── unattended-upgrades.yml ├── unix-fstab-mount.yml ├── unix-fstab.yml ├── unix.yml ├── usb.yml ├── vim-swapfiles.yml └── yum-cron.yml ├── templates ├── 000_usbfilter.rules.j2 ├── 99security.j2 ├── auditd-monit.j2 ├── cron.daily-aide-22.j2 ├── cron.daily-aide.j2 ├── fail2ban-filter.d-snmpd.conf ├── fail2ban-jail.d-snmpd.conf ├── fail2ban-jail.d-sshd.conf ├── ipsets.conf.j2 ├── logcheck.replace.j2 ├── logrotate-fail2ban.conf.j2 ├── lynis-custom.prf.j2 ├── modprobe-dev-sec.conf.j2 ├── motd.j2 ├── osqueryd-monit.j2 ├── patch-cron.daily-aide ├── patch-cron.daily-aide2 ├── rhel-password-auth-local.j2 ├── rhel-system-auth-local.j2 ├── rsyslog-monit.j2 ├── rules.v4.j2 ├── rules.v6.j2 ├── ssh_config.j2 ├── sshd-monit.j2 ├── sshd_config.j2 ├── sudoers.d-aide.j2 ├── syslog-summary.j2 ├── systemd-ipset-persistence.service.j2 └── systemtap-udp_detect_domain.stp ├── test ├── integration │ ├── default-norsyslog │ │ ├── bats │ │ │ └── idempotency.bats │ │ ├── default.yml │ │ ├── inspec │ │ │ ├── controls │ │ │ │ └── tests.rb │ │ │ ├── inspec.yml │ │ │ ├── profile-attributes-Debian.yml │ │ │ └── profile-attributes-RedHat.yml │ │ └── serverspec │ │ │ ├── .rspec │ │ │ ├── Gemfile │ │ │ ├── Rakefile │ │ │ ├── aide_spec.rb │ │ │ ├── audit_spec.rb │ │ │ ├── entropy_spec.rb │ │ │ ├── fstab_spec.rb │ │ │ ├── lynis_spec.rb │ │ │ ├── memory_spec.rb │ │ │ ├── monit_spec.rb │ │ │ ├── nmap_spec.rb │ │ │ ├── packages_spec.rb │ │ │ ├── run-local-tests.sh │ │ │ └── sshd_spec.rb │ ├── default │ │ ├── bats │ │ │ └── idempotency.bats │ │ ├── default.yml │ │ ├── inspec │ │ │ ├── controls │ │ │ │ └── tests.rb │ │ │ ├── inspec.yml │ │ │ ├── profile-attributes-Debian.yml │ │ │ └── profile-attributes-RedHat.yml │ │ └── serverspec │ │ │ ├── .rspec │ │ │ ├── Gemfile │ │ │ ├── Rakefile │ │ │ ├── aide_spec.rb │ │ │ ├── audit_spec.rb │ │ │ ├── entropy_spec.rb │ │ │ ├── fstab_spec.rb │ │ │ ├── lynis_spec.rb │ │ │ ├── memory_spec.rb │ │ │ ├── monit_spec.rb │ │ │ ├── nmap_spec.rb │ │ │ ├── packages_spec.rb │ │ │ ├── rsyslog_spec.rb │ │ │ ├── rsyslogd_spec.rb │ │ │ ├── run-local-tests.sh │ │ │ └── sshd_spec.rb │ └── full │ │ ├── bats │ │ └── idempotency.bats │ │ ├── default.yml │ │ ├── inspec │ │ ├── controls │ │ │ └── tests.rb │ │ ├── inspec.yml │ │ ├── profile-attributes-Debian.yml │ │ └── profile-attributes-RedHat.yml │ │ └── serverspec │ │ ├── .rspec │ │ ├── Gemfile │ │ ├── Rakefile │ │ ├── aide_spec.rb │ │ ├── audit_spec.rb │ │ ├── entropy_spec.rb │ │ ├── fstab_spec.rb │ │ ├── lynis_spec.rb │ │ ├── memory_spec.rb │ │ ├── monit_spec.rb │ │ ├── nmap_spec.rb │ │ ├── packages_spec.rb │ │ ├── rsyslog_spec.rb │ │ ├── rsyslogd_spec.rb │ │ ├── run-local-tests.sh │ │ └── sshd_spec.rb ├── logcheck-test-data-delete.log ├── logcheck-test-data.log ├── lxd │ └── centos-ssh-image.sh └── vagrant │ ├── Vagrantfile │ ├── ansible.cfg │ └── site.yml └── vars ├── Alpine.yml ├── Debian-10.yml ├── Debian-11.yml ├── Debian-12.yml ├── Debian-13.yml ├── Debian-8.yml ├── Debian-9.yml ├── Debian.yml ├── RedHat-6.yml ├── RedHat-7.yml ├── RedHat-8.yml ├── RedHat-9.yml ├── RedHat.yml ├── Rocky-8.yml ├── Ubuntu-12.04.yml ├── Ubuntu-14.04.yml ├── Ubuntu-16.04.yml ├── Ubuntu-18.04.yml ├── Ubuntu-20.04.yml ├── Ubuntu-22.04.yml └── Ubuntu-24.04.yml /.ansible-lint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.ansible-lint -------------------------------------------------------------------------------- /.codespellignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.codespellignore -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/CONTRIBUTING.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Bug_report.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/ISSUE_TEMPLATE/Bug_report.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Feature_request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/ISSUE_TEMPLATE/Feature_request.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Report_security_issue.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/ISSUE_TEMPLATE/Report_security_issue.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/ISSUE_TEMPLATE/config.yml -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/PULL_REQUEST_TEMPLATE.md -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/stale.yml -------------------------------------------------------------------------------- /.github/workflows/default-bare.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/workflows/default-bare.yml -------------------------------------------------------------------------------- /.github/workflows/galaxy-release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/workflows/galaxy-release.yml -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/workflows/lint.yml -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.github/workflows/stale.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.gitignore -------------------------------------------------------------------------------- /.kitchen.azure.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.kitchen.azure.yml -------------------------------------------------------------------------------- /.kitchen.docker.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.kitchen.docker.yml -------------------------------------------------------------------------------- /.kitchen.vagrant.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.kitchen.vagrant.yml -------------------------------------------------------------------------------- /.kitchen.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.kitchen.yml -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/.yamllint -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/Jenkinsfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/SECURITY.md -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/defaults/main.yml -------------------------------------------------------------------------------- /files/90_aide_local_classicals: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/90_aide_local_classicals -------------------------------------------------------------------------------- /files/99_aide_local_ansible: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_ansible -------------------------------------------------------------------------------- /files/99_aide_local_composer: -------------------------------------------------------------------------------- 1 | !/root/.cache/composer 2 | -------------------------------------------------------------------------------- /files/99_aide_local_docker: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_docker -------------------------------------------------------------------------------- /files/99_aide_local_ecryptfs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_ecryptfs -------------------------------------------------------------------------------- /files/99_aide_local_fail2ban: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_fail2ban -------------------------------------------------------------------------------- /files/99_aide_local_gvfs: -------------------------------------------------------------------------------- 1 | !/home/.*/.gvfs 2 | !/run/user/ 3 | -------------------------------------------------------------------------------- /files/99_aide_local_netdata: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_netdata -------------------------------------------------------------------------------- /files/99_aide_local_osquery: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_osquery -------------------------------------------------------------------------------- /files/99_aide_local_others: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_others -------------------------------------------------------------------------------- /files/99_aide_local_prometheus: -------------------------------------------------------------------------------- 1 | !/var/lib/prometheus 2 | -------------------------------------------------------------------------------- /files/99_aide_local_python: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_python -------------------------------------------------------------------------------- /files/99_aide_local_squid: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_squid -------------------------------------------------------------------------------- /files/99_aide_local_web: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/99_aide_local_web -------------------------------------------------------------------------------- /files/apt-10periodic: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/apt-10periodic -------------------------------------------------------------------------------- /files/apt-50unattended-upgrades: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/apt-50unattended-upgrades -------------------------------------------------------------------------------- /files/chkrootkit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/chkrootkit.conf -------------------------------------------------------------------------------- /files/cron.daily-aide-redhat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/cron.daily-aide-redhat -------------------------------------------------------------------------------- /files/logcheck-local-ignores: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/logcheck-local-ignores -------------------------------------------------------------------------------- /files/ntpd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/ntpd -------------------------------------------------------------------------------- /files/patch-logcheck-replace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/patch-logcheck-replace -------------------------------------------------------------------------------- /files/patch-logcheck-replace2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/patch-logcheck-replace2 -------------------------------------------------------------------------------- /files/patch-logcheck-replace3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/files/patch-logcheck-replace3 -------------------------------------------------------------------------------- /get-dependencies.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/get-dependencies.sh -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/handlers/main.yml -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/meta/main.yml -------------------------------------------------------------------------------- /packer/ansible.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/ansible.cfg -------------------------------------------------------------------------------- /packer/ansible.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/ansible.sh -------------------------------------------------------------------------------- /packer/azure-packer-harden-bionic.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/azure-packer-harden-bionic.json -------------------------------------------------------------------------------- /packer/azure-packer-harden-centos7.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/azure-packer-harden-centos7.json -------------------------------------------------------------------------------- /packer/cleanup.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/cleanup.sh -------------------------------------------------------------------------------- /packer/http/ks.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/http/ks.cfg -------------------------------------------------------------------------------- /packer/http/preseed.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/http/preseed.cfg -------------------------------------------------------------------------------- /packer/packer-harden-bionic.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/packer-harden-bionic.json -------------------------------------------------------------------------------- /packer/packer-harden-centos8.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/packer-harden-centos8.json -------------------------------------------------------------------------------- /packer/packer-harden-xenial.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/packer-harden-xenial.json -------------------------------------------------------------------------------- /packer/setup.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/packer/setup.sh -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/renovate.json -------------------------------------------------------------------------------- /role-coverage.ods: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/role-coverage.ods -------------------------------------------------------------------------------- /tasks/aide-hids.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/aide-hids.yml -------------------------------------------------------------------------------- /tasks/alpine.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/alpine.yml -------------------------------------------------------------------------------- /tasks/apparmor-audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/apparmor-audit.yml -------------------------------------------------------------------------------- /tasks/bash2syslog.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/bash2syslog.yml -------------------------------------------------------------------------------- /tasks/chkrootkit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/chkrootkit.yml -------------------------------------------------------------------------------- /tasks/debian-aide-unprivileged-report.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/debian-aide-unprivileged-report.yml -------------------------------------------------------------------------------- /tasks/debian-apt-source.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/debian-apt-source.yml -------------------------------------------------------------------------------- /tasks/debian-logcheck.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/debian-logcheck.yml -------------------------------------------------------------------------------- /tasks/debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/debian.yml -------------------------------------------------------------------------------- /tasks/fail2ban.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/fail2ban.yml -------------------------------------------------------------------------------- /tasks/grub.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/grub.yml -------------------------------------------------------------------------------- /tasks/immutable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/immutable.yml -------------------------------------------------------------------------------- /tasks/iptables-ipset-systemd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/iptables-ipset-systemd.yml -------------------------------------------------------------------------------- /tasks/iptables-ipset.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/iptables-ipset.yml -------------------------------------------------------------------------------- /tasks/iptables.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/iptables.yml -------------------------------------------------------------------------------- /tasks/linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/linux.yml -------------------------------------------------------------------------------- /tasks/lkrg.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/lkrg.yml -------------------------------------------------------------------------------- /tasks/llmnr-systemd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/llmnr-systemd.yml -------------------------------------------------------------------------------- /tasks/lynis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/lynis.yml -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/main.yml -------------------------------------------------------------------------------- /tasks/monit-checkmonitor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/monit-checkmonitor.yml -------------------------------------------------------------------------------- /tasks/monit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/monit.yml -------------------------------------------------------------------------------- /tasks/nftables.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/nftables.yml -------------------------------------------------------------------------------- /tasks/passwd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/passwd.yml -------------------------------------------------------------------------------- /tasks/proxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/proxy.yml -------------------------------------------------------------------------------- /tasks/redhat-kpatch.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/redhat-kpatch.yml -------------------------------------------------------------------------------- /tasks/redhat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/redhat.yml -------------------------------------------------------------------------------- /tasks/restrict_compiler.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/restrict_compiler.yml -------------------------------------------------------------------------------- /tasks/root-forward.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/root-forward.yml -------------------------------------------------------------------------------- /tasks/securetty.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/securetty.yml -------------------------------------------------------------------------------- /tasks/selinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/selinux.yml -------------------------------------------------------------------------------- /tasks/ssh.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/ssh.yml -------------------------------------------------------------------------------- /tasks/sshd-certificates.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/sshd-certificates.yml -------------------------------------------------------------------------------- /tasks/sshd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/sshd.yml -------------------------------------------------------------------------------- /tasks/sudo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/sudo.yml -------------------------------------------------------------------------------- /tasks/testing-check.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/testing-check.yml -------------------------------------------------------------------------------- /tasks/testing-privesc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/testing-privesc.yml -------------------------------------------------------------------------------- /tasks/testing-speculative.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/testing-speculative.yml -------------------------------------------------------------------------------- /tasks/testing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/testing.yml -------------------------------------------------------------------------------- /tasks/timezone.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/timezone.yml -------------------------------------------------------------------------------- /tasks/travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/travis.yml -------------------------------------------------------------------------------- /tasks/ubuntu-livepatch.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/ubuntu-livepatch.yml -------------------------------------------------------------------------------- /tasks/unattended-upgrades.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/unattended-upgrades.yml -------------------------------------------------------------------------------- /tasks/unix-fstab-mount.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/unix-fstab-mount.yml -------------------------------------------------------------------------------- /tasks/unix-fstab.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/unix-fstab.yml -------------------------------------------------------------------------------- /tasks/unix.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/unix.yml -------------------------------------------------------------------------------- /tasks/usb.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/usb.yml -------------------------------------------------------------------------------- /tasks/vim-swapfiles.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/vim-swapfiles.yml -------------------------------------------------------------------------------- /tasks/yum-cron.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/tasks/yum-cron.yml -------------------------------------------------------------------------------- /templates/000_usbfilter.rules.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/000_usbfilter.rules.j2 -------------------------------------------------------------------------------- /templates/99security.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/99security.j2 -------------------------------------------------------------------------------- /templates/auditd-monit.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/auditd-monit.j2 -------------------------------------------------------------------------------- /templates/cron.daily-aide-22.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/cron.daily-aide-22.j2 -------------------------------------------------------------------------------- /templates/cron.daily-aide.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/cron.daily-aide.j2 -------------------------------------------------------------------------------- /templates/fail2ban-filter.d-snmpd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/fail2ban-filter.d-snmpd.conf -------------------------------------------------------------------------------- /templates/fail2ban-jail.d-snmpd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/fail2ban-jail.d-snmpd.conf -------------------------------------------------------------------------------- /templates/fail2ban-jail.d-sshd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/fail2ban-jail.d-sshd.conf -------------------------------------------------------------------------------- /templates/ipsets.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/ipsets.conf.j2 -------------------------------------------------------------------------------- /templates/logcheck.replace.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/logcheck.replace.j2 -------------------------------------------------------------------------------- /templates/logrotate-fail2ban.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/logrotate-fail2ban.conf.j2 -------------------------------------------------------------------------------- /templates/lynis-custom.prf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/lynis-custom.prf.j2 -------------------------------------------------------------------------------- /templates/modprobe-dev-sec.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/modprobe-dev-sec.conf.j2 -------------------------------------------------------------------------------- /templates/motd.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/motd.j2 -------------------------------------------------------------------------------- /templates/osqueryd-monit.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/osqueryd-monit.j2 -------------------------------------------------------------------------------- /templates/patch-cron.daily-aide: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/patch-cron.daily-aide -------------------------------------------------------------------------------- /templates/patch-cron.daily-aide2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/patch-cron.daily-aide2 -------------------------------------------------------------------------------- /templates/rhel-password-auth-local.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/rhel-password-auth-local.j2 -------------------------------------------------------------------------------- /templates/rhel-system-auth-local.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/rhel-system-auth-local.j2 -------------------------------------------------------------------------------- /templates/rsyslog-monit.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/rsyslog-monit.j2 -------------------------------------------------------------------------------- /templates/rules.v4.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/rules.v4.j2 -------------------------------------------------------------------------------- /templates/rules.v6.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/rules.v6.j2 -------------------------------------------------------------------------------- /templates/ssh_config.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/ssh_config.j2 -------------------------------------------------------------------------------- /templates/sshd-monit.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/sshd-monit.j2 -------------------------------------------------------------------------------- /templates/sshd_config.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/sshd_config.j2 -------------------------------------------------------------------------------- /templates/sudoers.d-aide.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/sudoers.d-aide.j2 -------------------------------------------------------------------------------- /templates/syslog-summary.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/syslog-summary.j2 -------------------------------------------------------------------------------- /templates/systemd-ipset-persistence.service.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/systemd-ipset-persistence.service.j2 -------------------------------------------------------------------------------- /templates/systemtap-udp_detect_domain.stp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/templates/systemtap-udp_detect_domain.stp -------------------------------------------------------------------------------- /test/integration/default-norsyslog/bats/idempotency.bats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/bats/idempotency.bats -------------------------------------------------------------------------------- /test/integration/default-norsyslog/default.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/default.yml -------------------------------------------------------------------------------- /test/integration/default-norsyslog/inspec/controls/tests.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/inspec/controls/tests.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/inspec/inspec.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/inspec/inspec.yml -------------------------------------------------------------------------------- /test/integration/default-norsyslog/inspec/profile-attributes-Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/inspec/profile-attributes-Debian.yml -------------------------------------------------------------------------------- /test/integration/default-norsyslog/inspec/profile-attributes-RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/inspec/profile-attributes-RedHat.yml -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/.rspec: -------------------------------------------------------------------------------- 1 | --format documentation 2 | -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/Gemfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/Gemfile -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/Rakefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/Rakefile -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/aide_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/aide_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/audit_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/audit_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/entropy_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/entropy_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/fstab_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/fstab_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/lynis_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/lynis_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/memory_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/memory_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/monit_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/monit_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/nmap_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/nmap_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/packages_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/packages_spec.rb -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/run-local-tests.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/run-local-tests.sh -------------------------------------------------------------------------------- /test/integration/default-norsyslog/serverspec/sshd_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default-norsyslog/serverspec/sshd_spec.rb -------------------------------------------------------------------------------- /test/integration/default/bats/idempotency.bats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/bats/idempotency.bats -------------------------------------------------------------------------------- /test/integration/default/default.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/default.yml -------------------------------------------------------------------------------- /test/integration/default/inspec/controls/tests.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/inspec/controls/tests.rb -------------------------------------------------------------------------------- /test/integration/default/inspec/inspec.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/inspec/inspec.yml -------------------------------------------------------------------------------- /test/integration/default/inspec/profile-attributes-Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/inspec/profile-attributes-Debian.yml -------------------------------------------------------------------------------- /test/integration/default/inspec/profile-attributes-RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/inspec/profile-attributes-RedHat.yml -------------------------------------------------------------------------------- /test/integration/default/serverspec/.rspec: -------------------------------------------------------------------------------- 1 | --format documentation 2 | -------------------------------------------------------------------------------- /test/integration/default/serverspec/Gemfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/Gemfile -------------------------------------------------------------------------------- /test/integration/default/serverspec/Rakefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/Rakefile -------------------------------------------------------------------------------- /test/integration/default/serverspec/aide_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/aide_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/audit_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/audit_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/entropy_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/entropy_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/fstab_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/fstab_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/lynis_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/lynis_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/memory_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/memory_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/monit_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/monit_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/nmap_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/nmap_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/packages_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/packages_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/rsyslog_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/rsyslog_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/rsyslogd_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/rsyslogd_spec.rb -------------------------------------------------------------------------------- /test/integration/default/serverspec/run-local-tests.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/run-local-tests.sh -------------------------------------------------------------------------------- /test/integration/default/serverspec/sshd_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/default/serverspec/sshd_spec.rb -------------------------------------------------------------------------------- /test/integration/full/bats/idempotency.bats: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/bats/idempotency.bats -------------------------------------------------------------------------------- /test/integration/full/default.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/default.yml -------------------------------------------------------------------------------- /test/integration/full/inspec/controls/tests.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/inspec/controls/tests.rb -------------------------------------------------------------------------------- /test/integration/full/inspec/inspec.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/inspec/inspec.yml -------------------------------------------------------------------------------- /test/integration/full/inspec/profile-attributes-Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/inspec/profile-attributes-Debian.yml -------------------------------------------------------------------------------- /test/integration/full/inspec/profile-attributes-RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/inspec/profile-attributes-RedHat.yml -------------------------------------------------------------------------------- /test/integration/full/serverspec/.rspec: -------------------------------------------------------------------------------- 1 | --format documentation 2 | -------------------------------------------------------------------------------- /test/integration/full/serverspec/Gemfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/Gemfile -------------------------------------------------------------------------------- /test/integration/full/serverspec/Rakefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/Rakefile -------------------------------------------------------------------------------- /test/integration/full/serverspec/aide_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/aide_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/audit_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/audit_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/entropy_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/entropy_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/fstab_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/fstab_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/lynis_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/lynis_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/memory_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/memory_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/monit_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/monit_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/nmap_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/nmap_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/packages_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/packages_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/rsyslog_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/rsyslog_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/rsyslogd_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/rsyslogd_spec.rb -------------------------------------------------------------------------------- /test/integration/full/serverspec/run-local-tests.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/run-local-tests.sh -------------------------------------------------------------------------------- /test/integration/full/serverspec/sshd_spec.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/integration/full/serverspec/sshd_spec.rb -------------------------------------------------------------------------------- /test/logcheck-test-data-delete.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/logcheck-test-data-delete.log -------------------------------------------------------------------------------- /test/logcheck-test-data.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/logcheck-test-data.log -------------------------------------------------------------------------------- /test/lxd/centos-ssh-image.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/lxd/centos-ssh-image.sh -------------------------------------------------------------------------------- /test/vagrant/Vagrantfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/vagrant/Vagrantfile -------------------------------------------------------------------------------- /test/vagrant/ansible.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/vagrant/ansible.cfg -------------------------------------------------------------------------------- /test/vagrant/site.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/test/vagrant/site.yml -------------------------------------------------------------------------------- /vars/Alpine.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Alpine.yml -------------------------------------------------------------------------------- /vars/Debian-10.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian-10.yml -------------------------------------------------------------------------------- /vars/Debian-11.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian-11.yml -------------------------------------------------------------------------------- /vars/Debian-12.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian-12.yml -------------------------------------------------------------------------------- /vars/Debian-13.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian-13.yml -------------------------------------------------------------------------------- /vars/Debian-8.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian-8.yml -------------------------------------------------------------------------------- /vars/Debian-9.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian-9.yml -------------------------------------------------------------------------------- /vars/Debian.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Debian.yml -------------------------------------------------------------------------------- /vars/RedHat-6.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/RedHat-6.yml -------------------------------------------------------------------------------- /vars/RedHat-7.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/RedHat-7.yml -------------------------------------------------------------------------------- /vars/RedHat-8.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/RedHat-8.yml -------------------------------------------------------------------------------- /vars/RedHat-9.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/RedHat-9.yml -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/RedHat.yml -------------------------------------------------------------------------------- /vars/Rocky-8.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Rocky-8.yml -------------------------------------------------------------------------------- /vars/Ubuntu-12.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-12.04.yml -------------------------------------------------------------------------------- /vars/Ubuntu-14.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-14.04.yml -------------------------------------------------------------------------------- /vars/Ubuntu-16.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-16.04.yml -------------------------------------------------------------------------------- /vars/Ubuntu-18.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-18.04.yml -------------------------------------------------------------------------------- /vars/Ubuntu-20.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-20.04.yml -------------------------------------------------------------------------------- /vars/Ubuntu-22.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-22.04.yml -------------------------------------------------------------------------------- /vars/Ubuntu-24.04.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/juju4/ansible-harden/HEAD/vars/Ubuntu-24.04.yml --------------------------------------------------------------------------------