RHEL8-CIS
UBUNTU20-CIS
RHEL8-CIS | UBUNTU20-CIS | |
---|---|---|
1 | 2 | |
243 | 172 | |
2.1% | 4.7% | |
8.9 | 8.9 | |
8 days ago | 11 days ago | |
YAML | YAML | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
RHEL8-CIS
-
Please share your default server playbook.
My default role https://github.com/ansible-lockdown/RHEL8-CIS
UBUNTU20-CIS
-
CIS hardening scripts
Ansible role: https://github.com/ansible-lockdown/UBUNTU20-CIS
-
Ask r/kubernetes: What are you working on this week?
I'm currently also testing the Ubuntu CIS on a VM, it works great with Ubuntu 22.04. Just add 22.04 to the check in the first playbook. When proper testing verifies it's working, I'll run the playbook against my actual server (Kubernetes single-node).
What are some alternatives?
ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
RHEL7-CIS - Ansible role for Red Hat 7 CIS Baseline
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
amicontained - Container introspection tool. Find out what container runtime is being used as well as features available.
RHEL7-STIG - Ansible role for Red Hat 7 STIG Baseline
UBUNTU18-CIS - CIS Baseline Ansible Role for Ubuntu 18
AdGuard-WireGuard-Unbound-Cloudflare - The ultimate self-hosted network security guide ─ Protection | Privacy | Performance for your network 24/7 Accessible anywhere [Moved to: https://github.com/trinib/AdGuard-WireGuard-Unbound-DNScrypt]
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
apparmor.d - Full set of AppArmor profiles (~ 1500 profiles)