This ansible role will configure an Amazon Linux 2 to be GSA complaint.
This code is based on the GSA AWS Elastic Kubernetes Service Benchmark.
ISE provides a maintained and hardened Amazon Linux v2.0 AMI. More information about usage can be found here
You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.
There are many role variables defined in defaults/main.yml.
- Enable IPv6 settings
- Enable iptables
- Enable auditing with rsyslog.
- Lock users inactive for over 30 days.
- Install and configure AIDE
- Install and configure NTP
- Configure the /etc/group wheel configurations
Other settings and services are listed. Please review to ensure they meet your organizational requirements.
Note, a subset of controls were removed due to operational impact or organizational dependent variables. Those are listed here.
Ansible >= 2.7
---
- name: Harden Server
hosts: all
become: yes
roles:
- ansible-os-amazon-linux2
ansible-playbook playbook.yml --connection=local
BSD.