Ansible Collection - devsec.hardening
#Threat Defense#Vulnerability Management
Scans Alpine base images for vulnerabilities using Multi Stage builds in Docker 17.05
This collection provides effective hardening techniques for various systems
This collection provides effective hardening techniques for the following systems:
* Linux operating systems: CentOS versions 7, 8, and 9; Rocky Linux versions 8 and 9; Debian versions 10, 11, and 12; Ubuntu versions 18.04, 20.04, and 22.04; Amazon Linux (some roles supported); Arch Linux (some roles supported); Fedora versions 37 and 38; Suse Tumbleweed (some roles supported).
* MySQL MariaDB versions >= 5.5.65, >= 10.1.45, and >= 10.3.17.
* MySQL versions >= 5.7.31 and >= 8.0.3.
* Nginx version 1.0.16 or later.
* OpenSSH version 5.3 and later.
Understanding the Purpose of Hardening
The hardening process is designed to meet the Inspec DevSec Baselines, which can be accessed at the following links:
- https://github.com/dev-sec/linux-baseline
- https://github.com/dev-sec/mysql-baseline
- https://github.com/dev-sec/nginx-baseline
- https://github.com/dev-sec/ssh-baseline
If you are searching for the older roles, they are now part of the hardening-collection. We have retained previous versions of the os-hardening role in this repository, allowing you to locate them by browsing older tags.
The most recent standalone role release is version 6
The version number for the last release of the standalone role is 2.0.
Additional Roles are Located in
The additional roles can be found in separate archive repositories: apache_hardening, mysql_hardening, nginx_hardening, ssh_hardening, and windows_hardening.
Minimum required Ansible version: Ansible >= 2.9.10
Included content: os_hardening, mysql_hardening, nginx_hardening.
