Hi Sam! Super excited to see this and I'd be interested in talking about organization of it sometime if you are interested.
I did some work with some previous tools to enable this sort of thing and one of the things that was hard then - and a lot easier in ansible, is the ability to make tests and conditionals easy. Such as, skip these steps if there's no database, etc. Anyway, this is good stuff! --Michael On Mon, Aug 11, 2014 at 10:16 AM, Sam Doran <[email protected]> wrote: > I'm working an a role for the RHEL 6 DISA STIG > <http://stigviewer.com/stig/red_hat_enterprise_linux_6/> for anyone that > is interested. The project is hosted on GitHub > <https://github.com/samdoran/ansible-role-disa-stig-rhel6>. Once I get > 1.0 complete, I'll add it on Ansible Galaxy. > > The main philosophy behind the role is a remediation and compliance tool: > it is not an evaluation tool. It will make lots of changes to the target > system, some of them possibly breaking things (welcome to the wonderful > world of STIGS). I'm doing my best to structure the role in such a way that > it can be used in a broad or very targeted manner. I use a lot of tags (as > a side note, it would be really nice to have a --list-tags option > <https://groups.google.com/forum/#!searchin/ansible-project/list$20tags/ansible-project/jnFj49WK0Vk/Y69RNqp3ZVUJ> > in Ansible). It's currently a work in progress and I welcome input and > feedback. > > There are certain things that are outside the power of Ansible that are in > the STIG, such as performing regular backups. This role should cover a lot > of ground in accomplishing STIG compliance though. Plus an Ansible role is > much better than a kickstart file, SRR, or home grown shell scripts (all of > which I have used in the past with varying levels of frustration) > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/e56c7476-0da7-49a4-b1f9-60d52101db46%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/e56c7476-0da7-49a4-b1f9-60d52101db46%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx3qXHTF-JQN%2BuujdkNFob_KD%3D2S2dJhB3zHgOoc7wkXA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
