I'm working an a role for the RHEL 6 DISA STIG <http://stigviewer.com/stig/red_hat_enterprise_linux_6/> for anyone that is interested. The project is hosted on GitHub <https://github.com/samdoran/ansible-role-disa-stig-rhel6>. Once I get 1.0 complete, I'll add it on Ansible Galaxy.
The main philosophy behind the role is a remediation and compliance tool: it is not an evaluation tool. It will make lots of changes to the target system, some of them possibly breaking things (welcome to the wonderful world of STIGS). I'm doing my best to structure the role in such a way that it can be used in a broad or very targeted manner. I use a lot of tags (as a side note, it would be really nice to have a --list-tags option <https://groups.google.com/forum/#!searchin/ansible-project/list$20tags/ansible-project/jnFj49WK0Vk/Y69RNqp3ZVUJ> in Ansible). It's currently a work in progress and I welcome input and feedback. There are certain things that are outside the power of Ansible that are in the STIG, such as performing regular backups. This role should cover a lot of ground in accomplishing STIG compliance though. Plus an Ansible role is much better than a kickstart file, SRR, or home grown shell scripts (all of which I have used in the past with varying levels of frustration) -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e56c7476-0da7-49a4-b1f9-60d52101db46%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
