Top 3 Jinja security-hardening Projects
Ansible role for Red Hat 7 CIS Baseline (by ansible-lockdown)Project mention: Hardening RHEL7 | reddit.com/r/redhat | 2021-04-07
Here is one example: https://github.com/ansible-lockdown/RHEL7-CIS
Ansible role to apply a security baseline. Systemd edition.Project mention: AKS worker-node host operating systems | reddit.com/r/AZURE | 2021-08-21
Many thanks u/pixelavenger. While I did not (yet) find the specific CIS recommendation, but I did find this which indicates that disabling SCTP module is perhaps too strong a reaction if the only justification is disabling those networking features that are usually not used frequently (to reduce attack surface). Apparently there was a vulnerability in WebRTC's user-space SCTP implementation, which has hence been fixed. There seem to be no known vulnerabilities in linux kernel SCTP implementation. Do you think Azure Support might be requested to optionally enable SCTP kernel module in the images ? Thanks also for the idea about using Daemon-set approach, perhaps a bit kludgy for the needs, as one'd need to invent a way to synchronize the completion of Daemon-set's task of enabling SCTP and startup of application that needs SCTP. Still better than nothing at all.
Run Linux Software Faster and Safer than Linux with Unikernels.
CIS Baseline Ansible Role for RHEL 8Project mention: Please share your default server playbook. | reddit.com/r/ansible | 2021-11-06
My default role https://github.com/ansible-lockdown/RHEL8-CIS
Jinja security-hardening related posts
What are some of the best open-source security-hardening projects in Jinja? This list will help you:
Are you hiring? Post a new remote job listing for free.