Question 1

How to install the devsec.hardening Ansible collection?

Accepted Answer

Install it using ansible-galaxy with the command 'ansible-galaxy collection install devsec.hardening'. Refer to the role-specific READMEs for examples on integrating it into your playbooks for automated hardening.

Question 2

Is devsec.hardening better than writing custom Ansible roles for security?

Accepted Answer

This collection saves time with pre-tested configurations aligned with security baselines, but for highly customized or niche environments, DIY roles might offer more control and flexibility.

Question 3

What Linux versions does devsec.hardening fully support?

Accepted Answer

It fully supports CentOS Stream 9, AlmaLinux 8/9/10, Rocky Linux 8/9/10, Debian 11/12/13, and Ubuntu 20.04/22.04/24.04, with tested compatibility; other OSes have partial role support as noted in the README.

Question 4

How to customize security settings in devsec.hardening?

Accepted Answer

Override default variables in your Ansible playbooks; each role's README provides configurable options, but extensive customization may require forking or modifying the roles directly.

Question 5

Does devsec.hardening work with Ansible Tower or AWX?

Accepted Answer

Yes, since it's a standard Ansible collection, it can be integrated into Ansible Tower or AWX for centralized management, though you may need to ensure version compatibility with Ansible >= 2.16.

Question 6

Is this collection compliant with CIS benchmarks?

Accepted Answer

It aligns with DevSec Inspec baselines, which are similar to CIS, but not explicitly certified; you should verify specific CIS controls as some settings may differ or require adjustments.

ansible-os-hardening

What is ansible-os-hardening?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions