Ansible Collection Hardening

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Alternatives To Ansible Collection Hardening
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Ansible Collection Hardening3,240
7 days ago41apache-2.0Jinja
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
15 hours ago4August 26, 202245agpl-3.0C
🛡️ Make your web services secure by default !
20 days agoapache-2.0Ruby
DevSec Examples
Ansible Nginx Hardening179
3 years agoRuby
This Ansible role provides secure nginx configurations.
Nginx Baseline99
a month ago6apache-2.0Ruby
DevSec Nginx Baseline - InSpec Profile
Chef Nginx Hardening50
a month ago3apache-2.0Ruby
This chef cookbook provides secure nginx configurations.
Wp Cli Secure Command39
a year ago4PHP
Secure package for WP CLI, built to provide an easier way of securing your WordPress installation
Apache Baseline39
a month agoapache-2.0Ruby
DevSec Apache Baseline - InSpec Profile
4 years agomitShell
Wordpress automation and hardening
23 days ago37gpl-3.0Jinja
A collection of Ansible roles for home free software self-hosting.
Alternatives To Ansible Collection Hardening
Select To Compare

Alternative Project Comparisons

Ansible Collection - devsec.hardening

devsec.os_hardening devsec.os_hardening VM devsec.ssh_hardening devsec.nginx_hardening devsec.mysql_hardening


This collection provides battle tested hardening for:

  • Linux operating systems:
    • CentOS 7
    • Rocky Linux 8
    • Debian 10/11
    • Ubuntu 18.04/20.04/22.04
    • Amazon Linux (some roles supported)
    • Arch Linux (some roles supported)
    • Fedora (some roles supported)
    • Suse Tumbleweed (some roles supported)
  • MySQL
    • MariaDB >= 5.5.65, >= 10.1.45, >= 10.3.17
    • MySQL >= 5.7.31, >= 8.0.3
  • Nginx 1.0.16 or later
  • OpenSSH 5.3 and later

The hardening is intended to be compliant with the Inspec DevSec Baselines:

Looking for the old roles?

The roles are now part of the hardening-collection. We have kept the old releases of the os-hardening role in this repository, so you can find the them by exploring older tags. The last release of the standalone role was 6.2.0.

The other roles are in separate archives repositories:

Minimum required Ansible-version

  • Ansible >= 2.9.10

Included content

In progress, not working:


Install the collection via ansible-galaxy:

ansible-galaxy collection install devsec.hardening

Using this collection

Please refer to the examples in the readmes of the role.

See Ansible Using collections for more details.

Contributing to this collection

See the contributor guideline.

Release notes

See the changelog.



More information

General information:


Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Popular Nginx Projects
Popular Hardening Projects
Popular Web Servers Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.