Awesome Open Source
Awesome Open Source

Ansible Collection - devsec.hardening

devsec.os_hardening devsec.ssh_hardening devsec.nginx_hardening devsec.mysql_hardening


This collection provides battle tested hardening for:

  • Linux operating systems:
    • CentOS 7/8
    • Debian 9/10
    • Ubuntu 16.04/18.04/20.04
    • Amazon Linux (some roles supported)
    • Arch Linux (some roles supported)
    • Fedora (some roles supported)
    • Suse Tumbleweed (some roles supported)
  • MySQL
    • MariaDB >= 5.5.65, >= 10.1.45, >= 10.3.17
    • MySQL >= 5.7.31, >= 8.0.3
  • Nginx 1.0.16 or later
  • OpenSSH 5.3 and later

The hardening is intended to be compliant with the Inspec DevSec Baselines:

Looking for the old ansible-os-hardening role?

This role is now part of the hardening-collection. You can find the old role in the branch legacy.

Minimum required Ansible-version

  • = 2.9.10

Included content

In progress, not working:

Using this collection

Please refer to the examples in the readmes of the role.

See Ansible Using collections for more details.

Contributing to this collection

See the contributor guideline.

Release notes

See the changelog.



More information

General information:


Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
html (10,618
linux (2,282
nginx (464
ansible (401
collection (117
hardening (54
playbook (51
role (48
protection (47

Find Open Source By Browsing 7,000 Topics Across 59 Categories