Groups

Ansible Lockdown

Contact owners and managers

1–27 of 30

This the Ansible Lockdown mailing list.

For information on the project please check out the following links:

https://github.com/ansible/ansible-lockdown

https://github.com/ansible/community/tree/master/group-lockdown

https://ansiblelockdown.io

Code of Conduct: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#code-of-conduct

Any topics dealing with general Ansible usage or development should not be discussed here.

No commercial solicitation of any kind is permitted. This includes recruiting.

0 selected

Jonathan Davila

10/26/18

Ansible Lockdown Community Updates

Hi everyone, We (lockdown maintainer) have been hard a work recently trying to lay the foundation

unread,locked,

Ansible Lockdown Community Updates

Hi everyone, We (lockdown maintainer) have been hard a work recently trying to lay the foundation

10/26/18

Jonathan Davila, … Sam Doran5

4/23/18

RFC: An open source viewer

Jon, This sounds great! The DISA viewer is ok but it's definitely a janky Java app and lacks a

unread,

RFC: An open source viewer

Jon, This sounds great! The DISA viewer is ok but it's definitely a janky Java app and lacks a

4/23/18

Daniel Shepherd, … Bas Meijer6

5/10/17

Proposal - Variable for each rule or stig ID in roles

On removing the audit tasks: a good benchmark input to scap would create an independent audit, nice

unread,

Proposal - Variable for each rule or stig ID in roles

On removing the audit tasks: a good benchmark input to scap would create an independent audit, nice

5/10/17

4/5/22

Hey, I just wanted to give everyone the heads up that we have a Discord setup for Ansible-Lockdown. I

unread,

Hey, I just wanted to give everyone the heads up that we have a Discord setup for Ansible-Lockdown. I

4/5/22

Guillermo Gutierrez

3/30/22

RHEL 8 Stig with Active Directory

Has anyone tried adding a system to an AD domain before running this role or after?

unread,

RHEL 8 Stig with Active Directory

Has anyone tried adding a system to an AD domain before running this role or after?

3/30/22

7/28/21

Common Criteria oscap profile for Centos8/RHEL8

Hi, Does anyone in this group have some pointers on auditing the OS against CC EAL4? A basic howto

unread,

Common Criteria oscap profile for Centos8/RHEL8

Hi, Does anyone in this group have some pointers on auditing the OS against CC EAL4? A basic howto

7/28/21

George Nalen, Bas Meijer3

2/25/21

RHEL 7 CIS and STIG Changes

Hello again, I wanted to let the group know that we have merged our changes into the devel branch as

unread,

RHEL 7 CIS and STIG Changes

Hello again, I wanted to let the group know that we have merged our changes into the devel branch as

2/25/21

Bas Meijer, Justin Nemmers2

1/22/21

RHEL7-CIS ansible-role pull-requests

Hi Bas- Around the time of your PR, we re-wrote much of the underlying Role. Your PRs will likely

unread,

RHEL7-CIS ansible-role pull-requests

Hi Bas- Around the time of your PR, we re-wrote much of the underlying Role. Your PRs will likely

1/22/21

Ramakrishna V, … Bas Meijer3

1/15/21

sudo access issue while running Ansible playbook

Hi Ram, It is pretty hard to reduce the permissions for the remote user to avoid abuse of a shell

unread,

sudo access issue while running Ansible playbook

Hi Ram, It is pretty hard to reduce the permissions for the remote user to avoid abuse of a shell

1/15/21

Ramakrishna V, Justin Nemmers2

6/11/20

Any tested playbooks are available for CIS hardening for RHEL 8.

Hi Ramakrishna— We're in the late stages of testing for the RHEL 8 CIS Role. See more here: https

unread,

Any tested playbooks are available for CIS hardening for RHEL 8.

Hi Ramakrishna— We're in the late stages of testing for the RHEL 8 CIS Role. See more here: https

6/11/20

pervez syed, Jeff Schulman2

5/22/20

Win IIS Stig Ansible role

Have you tried calling IIS PowerSTIG modules? https://github.com/microsoft/PowerStig/tree/dev/

unread,

Win IIS Stig Ansible role

Have you tried calling IIS PowerSTIG modules? https://github.com/microsoft/PowerStig/tree/dev/

5/22/20

James Cassell, Bas Meijer2

3/11/20

Re: FIPS vs STIG

This is a nice audit tool for ssh: https://github.com/arthepsy/ssh-audit.git It will answer why they

unread,

Re: FIPS vs STIG

This is a nice audit tool for ssh: https://github.com/arthepsy/ssh-audit.git It will answer why they

3/11/20

Gabriel Forster, … Daniel Shepherd8

5/17/19

Question of current status

Thank you all! This is really great news for me. Especially now that I see the working group, which

unread,

Question of current status

Thank you all! This is really great news for me. Especially now that I see the working group, which

5/17/19

Jonathan Davila2

11/1/18

Reminder. Ansible Lockdown working group meeting starting soon

By a few minutes I mean 90 minutes(12pm US Eastern)...I need more coffee. Here is an iCal/ics link

unread,

Reminder. Ansible Lockdown working group meeting starting soon

By a few minutes I mean 90 minutes(12pm US Eastern)...I need more coffee. Here is an iCal/ics link

11/1/18

Jonathan Davila

10/30/18

2 Corrections to the earlier community announcment

In the announcement made at https://groups.google.com/d/msg/ansible-lockdown/LiYpkBXNQ2Q/iX7eJT9qAQAJ

unread,

2 Corrections to the earlier community announcment

In the announcement made at https://groups.google.com/d/msg/ansible-lockdown/LiYpkBXNQ2Q/iX7eJT9qAQAJ

10/30/18

Jonathan Davila, Bas Meijer2

10/8/18

RFC: CIS and Kubernetes; Possible Approaches to python

If a k8s cluster is really minimal, and python is not an option, then I think Ansible lockdown should

unread,

RFC: CIS and Kubernetes; Possible Approaches to python

If a k8s cluster is really minimal, and python is not an option, then I think Ansible lockdown should

10/8/18

Jonathan Davila

8/24/18

New open source command line stig viewer

Hi folks, Wanted to let the community know that I've developed and open sourced a CLI interface

unread,

New open source command line stig viewer

Hi folks, Wanted to let the community know that I've developed and open sourced a CLI interface

8/24/18

Jonathan Davila

7/31/18

Windows STIGS now (sorta) available

All, TLDR; STIG roles are available for Windows 2008 MS and 2012 MS + DC but are in a non-stable

unread,

Windows STIGS now (sorta) available

All, TLDR; STIG roles are available for Windows 2008 MS and 2012 MS + DC but are in a non-stable

7/31/18

Brian O'Reilly, … Bas Meijer14

3/25/18

Getting Involved / CIS Role(s)

Hi, https://github.com/MindPointGroup/RHEL7-CIS is the official Ansible role for CIS compliance.

unread,

Getting Involved / CIS Role(s)

Hi, https://github.com/MindPointGroup/RHEL7-CIS is the official Ansible role for CIS compliance.

3/25/18

3/23/18

RHEL6-STID demo with vagrant and packer

Hi, I made this demo and showed it in a couple of meetups. Maybe it helps you, and maybe me as well:

unread,

RHEL6-STID demo with vagrant and packer

Hi, I made this demo and showed it in a couple of meetups. Maybe it helps you, and maybe me as well:

3/23/18

Bas Meijer, Daniel Shepherd2

5/31/17

please add git tag

I've added the 0.1.1 tag. I also sync'd the roles on Ansible Galaxy so that tag is available

unread,

please add git tag

I've added the 0.1.1 tag. I also sync'd the roles on Ansible Galaxy so that tag is available

5/31/17

Jonathan Davila

1/9/17

RFC: Coming updates and changes

All, The maintainers of ansible-lockdown have been discussing over that past month or two about

unread,

RFC: Coming updates and changes

All, The maintainers of ansible-lockdown have been discussing over that past month or two about

1/9/17

10/21/16

PR with a packer, vagrant environment to accelerate the development cycle

Hi All, I created base images for virtualbox with packer, these are on atlas.hashicorp.com since a

unread,

PR with a packer, vagrant environment to accelerate the development cycle

Hi All, I created base images for virtualbox with packer, these are on atlas.hashicorp.com since a

10/21/16

sdo...@redhat.com, Conor Schaefer2

7/29/16

RHEL 6 STIG Updates

Direct link for those not in the know: https://github.com/MindPointGroup/RHEL6-STIG On Thu, Jul 28,

unread,

RHEL 6 STIG Updates

Direct link for those not in the know: https://github.com/MindPointGroup/RHEL6-STIG On Thu, Jul 28,

7/29/16

Jonathan Davila, … DS Morse10

4/7/16

Lockdown is not forgotten

just a little over a week ago, I forked Johnathan's work and updated a version of the ansible

unread,

Lockdown is not forgotten

just a little over a week ago, I forked Johnathan's work and updated a version of the ansible

4/7/16

Jonathan Davila, … Brian Coca9

10/28/15

RFC: Template/lineinfile strategy

And the first iteration of the PAM module is complete. The PR can be seen here https://github.com/

unread,

RFC: Template/lineinfile strategy

And the first iteration of the PAM module is complete. The PR can be seen here https://github.com/

10/28/15

Jonathan Davila, … Daniel Shepherd9

10/14/15

Published Contribution Guidelines

Good points, I'll see what I can do to open up the test process a bit more along with more

unread,

Published Contribution Guidelines

Good points, I'll see what I can do to open up the test process a bit more along with more

10/14/15

Bas Meijer, … Jonathan Davila7

9/22/15

RHEL6-STIG Release 8

I made a new pull-request with changes for release 8 of the STIG. Test report is for Centos 6.7 On 21

unread,

RHEL6-STIG Release 8

I made a new pull-request with changes for release 8 of the STIG. Test report is for Centos 6.7 On 21

9/22/15

brmeijer, Jonathan Davila2

8/26/15

RHEL6 STIG updated in July

Yup, I've filed it as a issue on GH. Working on Rev8 refactoring among other changes which are

unread,

RHEL6 STIG updated in July

Yup, I've filed it as a issue on GH. Working on Rev8 refactoring among other changes which are

8/26/15

brmeijer, Justin Nemmers3

8/26/15

DISA-STIG for RHEL 7

There might be a sign of progress since a lot of the other STIGs have been updated 7/24/2015 on http:

unread,

DISA-STIG for RHEL 7

There might be a sign of progress since a lot of the other STIGs have been updated 7/24/2015 on http:

8/26/15

Search

Clear search

Close search

Google apps

Main menu