Ansible Collection Hardening
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Ansible Collection Hardening | 3,240 | 7 days ago | 41 | apache-2.0 | Jinja | |||||
| This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL | ||||||||||
| Bunkerweb | 2,959 | 15 hours ago | 4 | August 26, 2022 | 45 | agpl-3.0 | C | |||
| 🛡️ Make your web services secure by default ! | ||||||||||
| Hardening | 305 | 20 days ago | apache-2.0 | Ruby | ||||||
| DevSec Examples | ||||||||||
| Ansible Nginx Hardening | 179 | 3 years ago | Ruby | |||||||
| This Ansible role provides secure nginx configurations. | ||||||||||
| Nginx Baseline | 99 | a month ago | 6 | apache-2.0 | Ruby | |||||
| DevSec Nginx Baseline - InSpec Profile | ||||||||||
| Chef Nginx Hardening | 50 | a month ago | 3 | apache-2.0 | Ruby | |||||
| This chef cookbook provides secure nginx configurations. | ||||||||||
| Wp Cli Secure Command | 39 | a year ago | 4 | PHP | ||||||
| Secure package for WP CLI, built to provide an easier way of securing your WordPress installation | ||||||||||
| Apache Baseline | 39 | a month ago | apache-2.0 | Ruby | ||||||
| DevSec Apache Baseline - InSpec Profile | ||||||||||
| Ciderpress | 37 | 4 years ago | mit | Shell | ||||||
| Wordpress automation and hardening | ||||||||||
| Ansible_home | 24 | 23 days ago | 37 | gpl-3.0 | Jinja | |||||
| A collection of Ansible roles for home free software self-hosting. | ||||||||||
Ansible Collection - devsec.hardening
Description
This collection provides battle tested hardening for:
- Linux operating systems:
- CentOS 7
- Rocky Linux 8
- Debian 10/11
- Ubuntu 18.04/20.04/22.04
- Amazon Linux (some roles supported)
- Arch Linux (some roles supported)
- Fedora (some roles supported)
- Suse Tumbleweed (some roles supported)
- MySQL
- MariaDB >= 5.5.65, >= 10.1.45, >= 10.3.17
- MySQL >= 5.7.31, >= 8.0.3
- Nginx 1.0.16 or later
- OpenSSH 5.3 and later
The hardening is intended to be compliant with the Inspec DevSec Baselines:
Looking for the old roles?
The roles are now part of the hardening-collection.
We have kept the old releases of the os-hardening role in this repository, so you can find the them by exploring older tags.
The last release of the standalone role was 6.2.0.
The other roles are in separate archives repositories:
Minimum required Ansible-version
- Ansible >= 2.9.10
Included content
In progress, not working:
Installation
Install the collection via ansible-galaxy:
ansible-galaxy collection install devsec.hardening
Using this collection
Please refer to the examples in the readmes of the role.
See Ansible Using collections for more details.
Contributing to this collection
See the contributor guideline.
Release notes
See the changelog.
Roadmap
Todos:
- Work on apache_hardening and windows_hardening
- Add support for more operating systems
More information
General information:
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Collections Checklist
- Ansible Community code of conduct
- The Bullhorn (the Ansible Contributor newsletter)
- Changes impacting Contributors
Licensing
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.